The NextLabs HIPPA solution enables healthcare providers to:
Restrict access to patient health care information to ensure integrity of information and minimize the risk of compromising confidentiality.
Allow only authorized personnel to extract information copy/paste.
Prevent printing or electronic faxing of patient records that contain sensitive information.
Preserve confidentiality of patient information by preventing its communication to unauthorized persons.
Ensure proper communication channels are used to transport patient records within the medical center. Apply encryption when necessary.
Automate exceptions handling to quickly secure permission of the Chief or HIMS to approve the physical removal of patient health records from the treating facility.
Enforce persistent information access and use policies with care partners that safeguard the use and disclosure of PHI.
Identify, control and audit the flow of electronic patient health information (PHI) to ensure confidentiality, and demonstrate HIPAA compliance
The Health Insurance Portability and Accountability Act (HIPAA) requires any organization using Protected or Patient Health Information (PHI) to protect individually identifiable health information against misuse or improper disclosure. It maintains patient rights to privacy of their health information and affirms their control over how their PHI data is used or disclosed. HIPAA also sets security standards for protecting the confidentiality and integrity of patient information.
Besides healthcare providers, health plans, public health authorities and healthcare clearinghouses, HIPAA applies to any business that handles PHI, including commercial businesses and government agencies. HIPAA violations can result in civil penalties of $25,000 for each provision violated.
HIPAA Compliance Applications
NextLabs' solution is a set of applications which include a comprehensive set of pre-built policy libraries and pre-built reports to address the HIPAA regulations. Policy sets can be easily customized to the environment or used as templates to create new policies. The solution can:
The solution provides the following key capabilities:
Discovery
Identify compliance gaps to anticipate information risks
Patient Record Access Control
Apply enterprise-defined policies to protect data from loss or leakage, wherever it is used or sent, from reports extracted from back-office human resource systems to email messages.
Grant access to patient health care information only to authorized personnel to ensure integrity of information and minimize the risk of compromising confidentiality.
Restrict disclosures of protected health information to the minimum dynamically defined group of authorized users necessary for healthcare treatment or business operations.
Personnel Education and Training
Display alerts and messages that reinforce the training employees have already received in maintaining the confidentiality of patient information.
Records Handling
Allow only authorized personnel to extract information by copy/paste.
Automatically close documents when viewed in clinic or treatment areas, record review areas, or quality assurance areas when an authorized user has left the system idle, to ensure that patient records on computer screens cannot be seen by individuals who do not have a legitimate need-to-know.
Prevent printing or print-to-fax/electronic faxing of patient records that contain certain sensitive information on areas such as HIV, mental health, developmental disabilities, alcohol and drug abuse, sexually transmitted diseases, pregnancy, or genetic screening results.
Allow only authorized personnel to print information, and only to printers in secured areas.
Securely destroy any sensitive documents with patient-identifiable information.
Support compliance activities without changing the way users work.
Communications and Information Sharing
Preserve confidentiality of patient information by preventing communication to unauthorized persons.
Ensure proper communication channels are used to transport patient records within the medical center. Apply encryption when necessary.
Apply encryption to records with patient identifiable information when transported by removable media such as USB drives.
Automatically apply approved encryption to e-mail attachments containing patient information when communicating to outside parties.
Automate exception handling to quickly secure permission of the Chief, HIMS, or designee, to approve the physical removal of patient health records from the treating facility.
Automatically append confidentiality statements to e-mail or other communications.
Enforce persistent information access and use policies with care partners that safeguard the use and disclosure of PHI.
Records Access and Usage Auditing
Provide detailed logs and audit trails of PHI access and usage to demonstrate compliance with record privacy and confidentiality standards.
Report in a format that can be easily stored, viewed and imported into other enterprise systems.
