Healthcare Document Imaging and Content Management Systems
|SUNY Downstate ECM Case Study|
CASO and HIPAA COMPLIANCE
HIPAA stands for Health Insurance Portability and Accountability Act. It is designed to standardize the industry on specific code sets and formats. Insurance payers, clearinghouses, and billing services have been spending enormous amounts of time and money to implement this regulation. The enforcement is handled by the Department of Health and Human Services Office of Civil Rights and is meant to be self-funding via the fines levied. In addition to standardizing the code sets and electronic frameworks, the law also established a minimum requirement for the protection and privacy of Personal Health Information (PHI). The specific parts of the regulation related to PHI include
Law requires that covered entities must have Backup, Disaster Recovery and Media Controls in effect,
Since every medical practice that files electronically must comply with these regulations or face fines of up to $25,000, the need for CASO products can be readily seen. Large hospitals, clinics and even single clinician offices will all be required to provide safeguards and security to the PHI in their care
|How does CASO’s software address compliance from a business requirements perspective?
Our Document Management and Disaster Recovery solutions meet or exceed the needs of HIPAA, for both security and recoverability in the case of disaster.
CASO’s use of Documentum, combined with DiskXtender, meets and exceeds many healthcare organization needs for the image-enabled aspects of records management compliance under HIPAA. These solutions, configured appropriately, are broadly used to meet practical content management demands within the medical industry (references are available) In addition, many customers are using ApplicationXtender suites to address HIPAA compliance
CASO’s system provides comprehensive backup and recovery in heterogeneous environments, including Windows, UNIX, Linux and OpenVMS. Our solutions provide complete, online protection for multiple database systems, including Oracle, DB2, MS SQL Server, and Informix. Thus, CASO can provide support for your organization’s disaster recovery plan in accordance with HIPAA.
|How does CASO address HIPAA from a technical requirements perspective?
These statements can be made regarding CASO’s ability to address requirements included within the HIPAA specification
CASO’s use of the Documentum Content Management suite is ODMA compliant, a software industry standard, and enables comprehensive audit trails to be established for user management, access management and system monitoring functions for content capture and modification. In order to gain compliance, the Audit Trails functionality must be enabled. The audit trails keep the information and parameters in logs that must then be used to create the compliance reports for HIPAA. In order to generate these reports, an industry standard reporting package (such as Crystal Reports) must be obtained to generate the required documents based in the data tracked through the Documentum audit trails. Please refer to our comprehensive documentation for specific audit trail functionality. Additional audit functionality and reporting can be gained through our Professional Services
CASO’s Online Document Access (ODA) System offers multiple levels of security. ODA’s security offers encrypted connection for both network and web based user session initiations. Where appropriate, the use of secure sockets and other industry standard technologies are implemented. ODA provides for the granting of system access to users and to defined user groups. Also, administrators or “super users” can also be defined. In addition to system level access security, ODA offers Application, Functional and Document security.
HIPAA requirements for information/data/records/image retention within the records management solution are specific. CASO’s use of DiskXtender’s standard functionality, implemented as the storage and archival component for ApplicationXtender, meets these requirements fully
Backup and Disaster Recovery:
As outlined above healthcare organizations are required to have disaster recovery and contingency plans in place. A solid backup and recovery strategy is a key component of disaster recovery, which can be addressed by CASO. More extensive disaster recovery plans might include remote mirroring, off-line media management or vaulting.
Our opportunity to serve the healthcare industry is multifold.