The “DIRECT project is a new technology that enables healthcare practices to securely send information about a patient to another practice, hospital or other setting of care. DIRECT Messaging is based on the national Direct Project which was launched in March of 2010 by the Office of the National Coordinator of Health Information Technology (ONC). DIRECT can be thought of as a replacement for the fax machine. It operates like email. We cannot use regular email for this purpose because it is unsecure, and therefore cannot be used to send and receive patient Protected Health Information (PHI). Sending PHI over regular email is a HIPAA violation.
In our area, DIRECT is being implemented in the state of Virginia. It is being provided by an organization called ConnectVirginia. Implementations of DIRECT in DC and Maryland should be available shortly. If this is of interest you should read the entire article on “Pushing Healthcare Information.”
BEI’s July Healthcare IT Update covered the new version of HIPAA that will become mandatory as of January 1, 2012. Everyone in the healthcare industry will have to become familiar with the new requirements well before the mandated compliance date. Testing should begin as soon as possible to avoid any delays in claims payments and rejections. You can check out July’s HIT Newsletter or subscribe to receive it monthly.
Because many of our clients are healthcare professionals, BEI has taken the steps to become a HIPAA Compliant Business Associate. (For more background on HIPAA and BEI’s program click here.) This program is required of any business associate of a healthcare practice who may be exposed to protected health information or PHI. In addition, as network administrators for our clients computer networks we generally have access to all aspects of a practice’s network.
The steps required to become a HIPAA Compliant Business Associate include:
- training for all employees
- documentation governing the policies and procedures required by the Security Rule
- the appointment of a HIPAA Security Officer
This program is ongoing – we’ll continue to evolve our processes and train new employees as they join BEI.
Congress passed and President Barack Obama signed the American Recovery & Reinvestment Act (ARRA) in February, 2009. The healthcare IT component of the ARRA is commonly referred to as the HITECH (Health Information Technology for Economic and Clinical Health) Act. The HITECH Act covers a broad range of healthcare IT initiatives including providing over $20 billion in funding towards implementation of healthcare IT. The HITECH Act also includes “Subtitle D” which focuses on privacy and modifies and broadens portions of the HIPAA Privacy and Security laws and regulations. BEI has written a high level overview of how the HITECH Act impacts current HIPAA laws and regulations. The first section is an overview of the changes that will go into effect on February 17, 2010; changes that were or will be effective on other dates are summarized on the second page of this document. Click here to read this whitepaper.
BEI regularly authors whitepapers on topics of interest to Physicians and Healthcare Practice Managers. Our latest is HIPAA Privacy & Security Changes: Suggested IT Policies & Procedures. Many of the issues that healthcare practices encounter in attempting to become “HIPAA Compliant” are the same issues that most businesses deal with for security and confidentiality concerns. This whitepaper includes recommendations that can be implemented with no or low additional cost, and with standard IT systems and services. To request a copy of the whitepaper Click Here.
For more information, or to consider a HIPAA IT Review, contact Jonathan Krasner firstname.lastname@example.org, 703-528-8300 x105.