X-Ray Film Scanners and Digitizers, X-Ray Film Scanning Services and Software
Medical Records Scanning and HIPAA Compliance
posted Nov-7-2014If you’re healthcare organization is going paperless with Electronic Medical Records (EMR), then you’re aware that you’ll have to convert your paper records to digital system. This means a lot of document scanning!
One easy solution way to accomplish this is through Business Process Outsourcing. BPO is just a fancy term meaning that you will hire a 3rd party to do the scanning for you. However, when the documents to be converted are medical records, you can’t hire just any BPO. That’s because medical records scanning touches on all aspects of records management and HIPAA compliance. Doing it wrong can comprise both paper and film conversion and management, digital storage, archiving and disaster recovery, as well as the transport and transmission of patient information through the healthcare organization.
This complexity of medical records scanning requires the use of an experience document conversion service provider who can help you move easily into the world of digital medical records while ensuring HIPAA compliance throughout the process.
What Does HIPAA Compliance Require?
The HIPAA Privacy Rule requires establishing and implementing measures that ensure confidentiality, integrity and availability of all Protected Health Information (PHI), while the Security Rule addresses safeguards specific to security of electronic data.
Who Must Comply?
Health plans, healthcare clearinghouses, healthcare providers, business associates to whom they provide health information. Not only is it important that your healthcare organization be compliant, but HIPAA also requires any third-party partners and associates be compliant as well. This means that it is fundamentally important when choosing a medical records conversion service to ensure that this partner understands all of the issues that enable you to maintain HIPAA compliance and any new government initiatives that may come about.
What Does HIPAA Compliance?
HIPAA compliance covers any personal health information that includes any information about health condition, treatment or payment for care that can be related to an individual. Because this is so broad, it generally is taken to include all of the information contained in a patient’s medical record and payment history. This is why HIPAA compliance requirements extend to the medical records scanning service provider.
Are there Penalties for Non-Compliance?
Enforcement and penalties related to the protection of patient information can reach a maximum of $1.5 million annually per type of violation. State attorneys general, as well as the Department of Health and Human Services (HHS), have the authority to prosecute HIPAA violations.
How do You Ensure that the BPO is HIPAA Compliant?
There are some of the obvious questions that you should get satisfactory answers to before you contract with any BPO for medical records. There may be additional questions that are pertinent to your specific medical organization. Make sure you get all promises and agreements in writing! Here are the questions you should ask:
- What procedures does the BPO have in to ensure HIPAA compliance?
- How will the medical records be handled and stored during the conversion process?
- What type of scanning equipment do you use?
- What are the technical qualifications for your scanning personnel?
- How do you handle quality control?
- Do you provide indexing services?
- How do you deliver our digital files; will you upload them directly to our EMR?
- How do you dispose of the paper records after the conversion is completed?
Conclusion
The scanning process itself is pretty straightforward. Documents are scanned, usually using a high-speed document scanner, and once you’ve assured yourself that the BPO you’ve chosen can do the job, then you need to turn your mind to your internal issues and make sure that you have procedures in place for controlling workflows during the hybrid stages (both paper and digital) of the conversion, and that you have your staff sufficiently prepared and trained to handle the transition.