Improve company productivity with a Business Account.Sign Up

x

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Aesthetic software and EMR system.   Need advice on the best system if you can combine both aesthetic (plastic surgery, botox, spa, etc)  retail industry with a HIPAA compliance EMR system.  So far Booker we see that Booker is really good for retail side and Kereo is good for the EMR side but we like to combine the two.  We were told Aesthetic Pro is pretty good.  Patient Now sounds better but it is remote desktop based.  The practice just defected from Centricity  RDP system.  It's way too convoluted for their setup and not the least bit user friendly.

Key retail aspects:
  • Spa and aesthetic
  • Merchant account
  • Scheduling
  • Inventory management

Key EMR aspect
  • Document Management
  • Patient Notes
  • HIPAA compliant (obviously)
  • Fax prescriptions
  • Scanning - Easily upload documents w  $1500 Fujisut network scanner
  • Bonus Labs integration


I'm not sure if you can sync the two systems like contacts and document management.... primarily consent forms.  Even better is a one size fits all solution that is not clunky like Centricity.
0
NEW Internet Security Report Now Available!
LVL 1
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Specific to healthcare and the privacy issues associated with it, I am looking for an app that can notify a therapist that a patient has arrived for an appointment, has canceled or will be delayed.  Ideally, there would be a smartphone app for therapists and a web front end for the receptionist to use to send out pre-set messages like "Patient has arrived."  No protected health information will be transmitted, just generic notifications for "patient."  I want to avoid using SMS if I can.  Does anyone have experience with any notification systems like this?  I am just dealing with a single receptionist and a group of 6 therapists.  Any inexpensive and proven solution is welcome.
0
My company is looking into adopting 'OneDrive for Business' and 'Sharepoint online' as cloud storage solutions and while I can find info on other standards like HIPAA on Microsoft's website, information on PCI is conflicting.

My question to you: can documents that fall under the PCI compliance umbrella be stored in ODfB and Sharepoint?


Thank you for your help!
0
HIPAA matter to mhealth apps more than ever, why?

mHealth apps have come to service doctors and patients. The matter is now of life and death. +
Without HIPAA compliance acting as a safeguard, neither the patients nor the doctors will trust mHealth apps.

https://goo.gl/LjpGgq
1
Hello, I am trying to find a software or vendor that can assist me. I need to be able to have a audit summery of harddrive folder and files with drive serial numbers, ect and certified that i was destroyed for record keeping. I have tried WinDirStat , Book Nuke, no luck. Does anyone have any experience working in IT of lawyer offices, government, fiance, ect that know a way to produce this type of custom report ?
0
our company is required to have HIPAA hosting and network. I understood we can consult with HIPAA consultant but we first want to learn what a company should do if the company wants to be HIPAA.

Our company has small office with just 10 employees. Only PC. no server. Physically, it is very simple.
We have only one website as well. and of  course hope to get HIPAA protected as well.

If you have been in this situation, share with me what/how should get start will definitely help.
0
Hi!
1. Customer: Health Care Industry (Hospice) - so we need HIPPA Compliance
2. 7 Locations throughout 2 States.
3. About 70 email users.

CUSTOMER WANTS
1. Customer wants secure end-to-end email encryption
2. All email stored and accessible from central control panel -- even if the USER decides to delete their "copy."

POSSIBLE IDEA I HAD:
1. A single account for each of the seven locations that would be their end-to-end encrypted email
       -- I thought of www.ProtonMail.com   - any comments on this?

2. All other accounts are with GoDaddy Email Hosting -- maybe just make sure they are sending / receiving through SSL / TLS, and that they understand NOT TO SEND patient data using that email address?
       -- Was going to ask GoDaddy about a central "copy" service.
       -- ...or do I need to just configure a machine here at the central office to download everything each day or so?

Thanks!
- Dasher
0
I am looking for a Sample Internet Usage Policy for a Dentist Office so it needs Hippa Verbiage

any Samples would be great.

Cjoego
0
Hello - we need to send some encrypted emails for only a few users for HIPAA requirements. What do you recommend?
0
Which site do you recommend the easiest way to get HIPPA certified.

site that gives you a the training and exam.
0
Worried about phishing attacks?
LVL 1
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Patients in clinic need to be able to type their name and chief complaint into a spreadsheet or database at a kiosk, but they can't see any data that has been entered previously, for HIPAA reasons (can't see another patient's name or complaint).  All the data needs to be viewable by the registrar so they will know who is in the waiting room.  I've done excel spreadsheet which uses a macro to move the data from the registration spreadsheet into another spreadsheet, which is what I want.  However, I don't know how to make it so the spreadsheet is not accessible by the person standing at the kiosk.
0
Hello Experts,

This is probably a dumb question, but I have never worked with a text matching tool before (other that find and replace) and need guidance.

I need to complete a data discovery on sensitive information - mainly PII and/or PHI (flat files, NAS shares, endpoints).

The software that I have looked at, dtSearch and FileLocator Pro both say they can find this data. I only see the option to type in a word or a phrase at a time.

Can you please tell my how to set up products like these to  search for any PII or PHI? Are there dictionaries to purchase separately or something?

Thank you,
Steph M
0
A blue line appears on the screen when viewing documents scanned in from a Dell 3465dn printer.  This happens intermittently and I am unable to reproduce the issue with any regularity.  Checked 9 documents, all scanned within a few hours before I found one with the line on it.  This printer is B&W only and I have received no complaints of the line appearing on prints but the main document scanned is rarely printed out.  I wish I could post an example, but I work for a medical company and doing so would be a clear violation of HIPPA regulations.  Just wondering if anyone has any ideas on what could be causing this.  The scanner bed is clean and there are no scratches.
0
Currently looking for suggestion on a video conferencing unit that would be used in a health care environment, it needs to be in compliance with HIPPA and Unit has to be a standalone unit with no subscription cost.
0
Dear experts,

I am supporting a few small dental offices that host the dental application server in house.

Some of this clients  do not have a way to fire up the server that they depend on once there is a hardware failure.

Today a power supply went bad and they are without their application until wednesday.

In other locations you can restore a virtual machine server from a  backup job  from storage.

No such thing here. What is the best solution in case they need a loaner or a image restore program?

Thanks, M
0
3
I have a client who wants a HIPAA security audit done for her very small medical practice. I've downloaded the toolkit, and understand what needs to get done. But I've no idea how to charge for it. Her practice is really small - just her (the practitioner) and a secretary. Not a whole lot of money. I need to set this up such that it's worth my time, but she can also afford it. Any suggestions on pricing models for this?
0
I need to calculate exact age from today.  It must be in T-SQL I can not create a store procedure or function.  Another twist is the date as stored in a Varchar(255) type.   It has a format like  YYYY-mm-dd  ex 1971-02-12.  The database is SQL 2005.

Thank You
0
OnPage: Incident management and secure messaging on your smartphone
0
Building an Effective Phishing Protection Program
LVL 1
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

We are discussing a potential partnership around a project that would involve patients taking photos with a smart phone app.  Photos would be shared with a central data repository and analysed by a team of researchers and I have concerns about data security.  I'm worried about how data is protected, how they handle private info and private images, etc...  do you know how we may go about reviewing their systems to be comfortable that they are okay? Is it possible to hire an auditor for HIPAA compliance? Are there any other concerns that need to be brought up?

thank you so much!
0
Hello,

Are there any best practices out there when it comes to granting a vendor an 'admin level' domain user login in a HIPAA environment, that will either have it expire, not require a change in password, or other features?
0
Greetings.

We have a client who needs to be HIPAA compliant, however their recently built website by an outside agency includes form submissions with fields requesting personal information. We have expressed concerns regarding HIPAA in regards to their newly built Wordpress site and have requested that the forms be taken down until a compliant solution is found.

The client is adamant that they need to have such submissions for their business, however what is being gathered in the forms include social security numbers, etc... The advertising agency that built the site also has no concerns regarding HIPAA - nor would they be expected to.

Is there a recommended solution to work with Wordpress that will satisfy HIPAA compiance?

Thanks
0
Greetings.

We have a client who needs to be HIPAA compliant, but wants to start using Skype for Business. While we can't always control what may or may not be in the background while an end user is having a Skype conversation, we'd like to inquire if there are any security concerns with the platform itself in regards to security and HIPAA compliance.

Any input or suggestions will be most appreciated.

Thanks
0
Greetings.

We are managing an environment that has 52 laptops running Windows 7 Professional. All of the laptops have been encrypted using TrueCrypt in an attempt to be HIPAA compliant. The problem with this solution is that each time the system is rebooted the end user needs to enter the encryption password before the system will boot. In consideration of patch management and the occasional application install this makes the process more time consuming.

Is there a way that we can still have drive encryption in place but still be able to reboot and connect to the affected system? We are remotely managing these systems using Continuum's patch management and monitoring solution. Unfortunately I do not see an encryption option with their package. From what I have been reading some users who also need to be HIPAA compliant have reported that TrueCrypt doesn't always pass an audit because there's no reporting.

At this point we are more interested in making sure security updates can be applied and maintenance can be run, but also need an encryption solution that will still allow us to reconnect after reboot.

Any suggestions will be most appreciated.

Thanks
0
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
1
 
LVL 18

Expert Comment

by:Kyle Santos
Comment Utility
Thank you for writing this.  (HIPAA is an official topic now. :) )
0

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum–Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

Top Experts In
HIPAA
<
Monthly
>