Control access to electronic patient health information (ePHI) and ensure its safe handling, to protect confidential patient information in compliance with State and Federal Privacy Laws.

The increased focus on controlling healthcare costs has increased the need for efficient collaboration among healthcare entities, not only within a medical center but also among specialized outsourced patient service providers, payers, and other participants in the healthcare supplier network.

Consequently, the personnel authorized to view patient records has expanded beyond physicians and nurses to include allied health professionals, social workers, financial managers, quality assurance personnel, medical records workers, billing specialists, and many others. Still other participants involved in reviewing medical records include representatives of the payers themselves, and state and federal government agencies.

This rise in the number of participants required to deliver quality healthcare services efficiently has increased the risk of the inappropriate use of patient information, which may violate state or federal privacy laws. Various regulations protect the privacy and security of electronic patient health information (ePHI). These codes include the Privacy Act of 1974, the Federal Information Security Management Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and others.

In total, these regulations provide a minimum level of patient privacy protection by limiting the ways that health plans, pharmacies, hospitals and other covered entities can use patients' personal medical information.

This means that healthcare providers and administrators must collaborate efficiently to reduce costs while maintaining quality patient care, but seek to do so in a safe and secure manner, compliant with these federal and state statutes.
 

Industry Applications

NextLabs Healthcare Industry solutions address the protection of sensitive electronic patient health information (ePHI) issues in the healthcare industry. It allows service providers to communicate and collaborate efficiently and productively, but in a safe and secure manner that does not intrude upon existing care processes. These applications feature pre-built policy libraries and reports. Policy sets can be easily customized to the environment or used as templates to create new policies. These information risk management solutions for Protected Health Information enables healthcare organizations to:

Discovery

• Identify compliance gaps to anticipate information risks.

Patient Record Access Control

• Apply enterprise-defined policies to protect data from loss or leakage, wherever it is used or sent, from reports extracted from back-office human resource systems to email messages.
• Restrict access to patient healthcare information to authorized personnel only, to ensure integrity of information and minimize the risk of compromising confidentiality.
• Restrict disclosures of protected health information to the minimum dynamically defined group of authorized users necessary for healthcare treatment or business operations.

Personnel Education and Training

• Display alerts and messages to reinforce the training that care staff has already received about the importance of keeping patient information confidential.

Records Handling

• Allow only authorized personnel to extract information copy/paste.
• Automatically close documents when viewed in clinic or treatment areas, record review or quality assurance areas when responsible personnel have left the system idle to ensure that patient records on computer screens cannot be seen by individuals who do not have a legitimate need-to-know.
• Prevent printing or electronic faxing of patient records that contain sensitive information such as HIV status, mental health, developmental disabilities, alcohol and drug abuse, sexually transmitted diseases, pregnancy, or genetic screening results.
• Allow only authorized personnel to print information, and only to printers in secured areas.
• Securely destroy any sensitive documents containing patient-identifiable information.
• Support all compliance activities without changing the way users work.

Communications and Information Sharing

• Preserve confidentiality of patient information by preventing its communication to unauthorized persons.
• Ensure proper communication channels are used to transport patient records within the medical center. Apply encryption when necessary.
• Apply encryption to records with patient identifiable information when transported by removable media, such as USB devices.
• Automatically apply approved encryption to e-mail attachments containing patient information when communicating to outside parties.
• Automate exceptions handling to quickly secure permission of the Chief, HIMS, or designee, to approve the physical removal of patient health records from the treating facility.
• Automatically append confidentiality statements to e-mail or other communications.
• Enforce persistent information access and use policies with care partners that safeguard the use and disclosure of PHI.

Records Access and Usage Auditing

• Provide detailed logs and audit trails of PHI access and usage, to demonstrate compliance with record privacy and confidentiality standards.
• Report in a format that can be easily stored, viewed and imported into other enterprise systems.