Posts Tagged: HIPAA

How Does the New California Consumer Privacy Act Impact Healthcare?

California Consumer Privacy Act Impact on Healthcare

The new California Consumer Privacy Act is now law. The new legislation was enacted to fill in the gaps of data privacy laws. Previously, healthcare data privacy laws were regulated through HIPAA; however, HIPAA only applies to “covered entities” holding protected health information (PHI). So how will the new California Consumer Privacy Act impact healthcare?

New Laws Will Significantly Impact Healthcare Data

The California Consumer Privacy Act applies to all for-profit organizations that operate in California above a specific revenue and data processing threshold. The Act exempts personal data protected by HIPAA and California’s Confidentiality of Medical Information Act (CMIA). Thus, some types of personal healthcare data will continue to be covered by existing rules. The new law will now pertain to most other personal data that the healthcare industry uses.

How Will the Act Change the Game in Healthcare?

impact of California Consumer Privacy Act on healthcare

The California Consumer Privacy Act will alter the rules of the game for personal data in the healthcare ecosystem. Here are what the changes mean and how to prepare.

All individuals within healthcare organizations will have their data privacy protected.

Prior to the new law, individuals who are not patients did not enjoy data privacy protection via HIPAA. Now, the personal data of clinicians and staff will also be protected. All the personal data of nonpatients engaging with HIPAA-covered organizations must now establish policies and processes to protect employee personal data. This includes any data shared with third parties.

Other organizations that handle personal healthcare data must put protections in place.

Many organizations do not have to abide by HIPAA but do collect healthcare data. This can include everything from a wearable that captures health stats to pharmaceutical companies. Now all these entities will have to comply with data privacy regulations. They will now need to institute new processes that focus on data security. Further, they must communicate these new practices to users. What’s interesting is that most individuals are not aware that their personal healthcare data is not legally protected. Organizations will have to bear this in mind and consider how they present the message so that it builds trust instead of suspicion.

Healthcare organizations that do business in California will need to apply the changes issued by the new law to their entire company in the U.S.

In many situations in healthcare, entities operate in state silos, as the laws can be different from region to region. The new law breaks these silos and calls for consistency across the board. An organization will need to ensure that data privacy protections are in place for every California resident. Ultimately, this is the perfect storm for compliance challenges.

California Law Is Just the Beginning

California is known for implementing protective laws first, but they aren’t alone. Washington state and New York are also working on similar legislation. At the federal level, a new data privacy law has bipartisan support.

Any impacted organization needs to develop a strategy for the short and long-term in complying with data privacy regulations. Being proactive and thinking enterprise-wide will be critical. It’s an opportunity to improve data privacy and security, building more trust with patients and customers.

What Is a Health Information System?

health information system

Technology has become a vital tool for healthcare. Clinicians and healthcare professionals use it every day to improve patient care and streamline processes. A critical aspect of healthcare technology is a health information system (HIS). 

Healthcare Information System Examples

A HIS is any system that manages healthcare data. That’s a very broad definition, and there are many types of systems. Some of those include:

  • Electronic Health Record (EHR) or Electronic Medical Record (EMR): These two terms are almost interchangeable. These platforms collect, store, and share data related to a patient’s health history. Data within an EHR or EMR is protected health information (PHI) and must be secure. 
  • Practice Management Software: This type of system manages the daily operations of a practice, such as scheduling and billing. It can help automate many administrative tasks. 
  • Master Patient Index (MPI): This type of platform connects separate patient records across multiple databases. Much of the time, MPIs are employed to reduce duplications and inaccuracies. 
  • Pharmacy Management System: This software includes all data related to a patient’s prescriptions and is found in a number of pharmacy settings, including retail, hospital, and long-term care. 
  • Patient Portals: These systems allow patients to access their health data, including medications and lab results. They can also use it to communicate with physicians and track appointments.
  • Clinical Decision Support (CDS): This type of platform analyzes data from clinical and administrative systems. The analysis can then enable clinicians to make the best clinical decisions. 

The Advantages of Using a HIS

Health information systems focus on efficiency and optimal data management. By using them, you can reap these benefits:

  • Data analytics: The amount of healthcare data created increases daily. Without a robust system, the data has little value. With the aid of technology, you can gather, aggregate, and analyze data. This analysis can improve individual patient care, provide insight on how to manage population health, and reduce costs. 
  • Collaborative care: The healthcare ecosystem includes many types of providers—hospitals, specialists, pharmacy, and more. To ensure continuity of care, being able to quickly and securely transfer data is necessary. 
  • Cost control: Removing paper from the process and going digital can reduce costs for an organization. Technology also allows for quicker exchanges, reducing inefficiencies.

What to Consider When Choosing a HIS

The foremost concern you should have when selecting any software is security and privacy. Healthcare is a huge target for cybercriminals, so you need to ensure that any program you use has the highest security protocols. Any concerns with the security of the data could also compromise HIPAA compliance.

Beyond security, functionality and features are critical to your decision. Consider what your expectations are for the software as well as if it is interoperable with other existing systems. Compare the leading systems in the category to ensure that your needs are met. 

What If You Want to Change Your HIS?

There are many reasons that hospitals, health systems, physician practices, and pharmacies will choose to move to a new platform. Their current software may be sunsetting or changing so that it no longer meets your needs. Cost is also another factor that can make you want to switch. 

No matter what the reason may be to change your HIS, you can take your data with you. With data conversions, data can be pulled from your current system and then loaded to your new system. This gives you the freedom to migrate to a new system without the worries of what happens to your data. 

Thinking of changing one of your information systems? Chat with our experts about how we seamlessly and securely convert data. With over two decades of experience and over 27,000 complete conversions, we make data accessible and portable. 

HIPAA Privacy Rule: Is Your Healthcare Organization Compliant?

HIPAA Privacy Rule

Under HIPAA, healthcare organizations have many responsibilities related to how they collect, store, use, and transfer protected health information (PHI). That includes providing access to patients. The HIPAA Privacy Rule dictates that patients have the right to access their PHI by request. The PHI also must be delivered within 30 days of the request.

OCR Levies Fines Against Noncompliant Entities

While providing a patient access to their healthcare information should be simple enough, healthcare organizations have struggled with compliance. In 2019, two providers were fined by the Department of Health and Human Services Office for Civil Rights (OCR). OCR announced plans last year to begin enforcing the Privacy Rule and fining violators.

In September of 2019, the OCR reached a settlement with Bayfront Health for $85,000. This marks the first settlement for such a violation. But they aren’t the only ones. study by medRxiv found that half of providers are not compliant with this provision of HIPAA.

The settlement comes after a patient made a request to Bayfront for records related to an unborn child. The organization did not respond within 30 days, and the patient filed a complaint with the OCR. After an investigation was launched, the patient did receive the records, albeit nine months later.

The OCR settled another case against Korunda Medical with an $85,000 fine and a plan for corrective action. A patient filed a complaint after requesting PHI be sent to a third-party. The records were finally sent to the third-party but not within the window of time required.

Supplying PHI: Streamlining the Process for Compliance

Like any data workflow in the realm of healthcare, there must be a process that considers timeliness, compliance, and security. Healthcare entities receive requests for medical records on a regular basis. They also are well versed on the need to complete these timely to remain compliant with the HIPAA Privacy Rule.

But healthcare organizations struggle with this process. The struggle could be due to many reasons, including:

  • Lack of technical expertise
  • No assigned employee to handle requests
  • Inferior security protocols
  • No policies or procedures regarding requests (or ones that aren’t enforced)
  • Inability to access data quickly

No matter the size of a healthcare organization, any of these causes could be the culprit. But looking outside their own walls may be the answer to remaining compliant and fulfilling requests promptly.

Choose a Data Partner to Keep You Compliant

With custom data solutions from InfoWerks, your organization could shift the onus of the responsibility. We can create workflows that allow for the secure and fast transfer of PHI to the patient or a third-party.

The threat of noncompliance with the Privacy Rule could cost you money and your reputation. Make sure you are operating within the rules with our help. Contact us today to see how we can reduce risk and help you remain compliant.