No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

Workflow Technology and HIPAA

by Dan Waldinger
April 7, 2016
in Uncategorized
Without careful data handling, the risk of noncompliance with HIPAA is immense

Health care is continually challenged with properly managing information. Because it has traditionally operated in a paper-intensive environment, that struggle continues, even while most providers have begun to actively transition to electronic health record (EHR) systems. While work is being done to ensure that EHR systems are better able to “talk” to each other and to other health information systems, how can health care organizations streamline the day-to-day workflows still rooted in paper and in the need to print, copy, scan and fax innumerable paper documents?

Because virtually all health care organizations use electronic transactions of one form or another (for example, billing and payment) even their paper records are subject to the HIPAA privacy and security rules – a set of federal rules first adopted about 15 years ago and substantially revised in 2013 under the HITECH Act.  If health care organizations aren’t careful with how they use office devices, the risk of noncompliance can greatly increase. As a result, it is incumbent upon health care providers—regardless of size—to institute sound data handling practices.

To ensure compliance with HIPAA (and other data privacy and security rules), health care organizations must implement policies and procedures that are tailored to the work that they do, as well as to the size of their organization. HIPAA is not a one-size-fits-all regulatory regime, and best practices for data privacy and security programs demand attention to the specific operating environment of each and every health care provider.

Once an organization has its policies and procedures in place, it must conduct a risk assessment (and repeat it annually – or even more frequently if it changes any of its hardware, software or other controls). This includes taking an inventory of assets that may be related to health data – including office equipment such as scanners, printers, fax machines and copiers – to identify both the breach potential inherent in those pieces of equipment and their related software tools and the steps taken to minimize the likelihood of a data breach. At the same time, a health care organization should also be thinking about how to ensure data integrity.

Maintaining good data “hygiene” with paper records and files is made easier when one has access to user-friendly, compliant software and equipment, with workflows implemented to take full advantage of their technical capabilities. Knowledgeable solution providers can work with you and your team to acquire and integrate the hardware and software necessary to ensure the best practices described above. Some examples include:

  • Locking individual machine functions by user (specifically features such as print, copy, scan, fax send, fax receive and PC fax). This control specifically limits the ability of unauthorized users to share data inappropriately. The “key” can be an NFC-enabled device, a swipe card or an individual key code.
  • Allowing a user to password-protect print jobs to secure a document until that user enters a personal PIN via the machine’s control panel. (This prevents sensitive documents from sitting unattended in the output trays of shared printers.)
  • Scanning sensitive or confidential documents to a secure FTP site, securing data as soon as it is scanned.
  • Ensuring that all faxes are received into memory and cannot be printed without a password.
  • Preventing unauthorized users from sending faxes, limiting the potential for inappropriate sharing of personal health information.
  • Enabling secure faxing and fax forwarding to help maintain patient confidentiality.
  • Designing equipment to support face-down printing and faxing, which guards against inadvertent unauthorized document viewing.
  • Bypassing hard-copy printouts by using a PC-to-fax or “e-fax” function.
  • Relaying faxes to clinicians on the go with fax forwarding, which improves efficiency and reduces potential data breaches related to fax printouts.
  • Scanning integration with some EHR systems.

The key principle that binds these functionalities together is the minimization of exposure of protected health information to anyone but the personnel who have a “need to know.” This approach, informed by the regulatory environment and underpinned by the hardware and software capabilities of compliant information systems, enables the workflows needed to provide care while maintaining compliance with required data privacy and security policies. The end result is a more efficient use of copiers and printers and significantly reduced risk created by noncompliance.


Previous Post

Novartis Coughs Up $25M to SEC for FCPA Violations in China

Next Post

In Corporate Compliance, Sometimes Less is More

Dan Waldinger

Dan Waldinger

Dan_WaldingerDan Waldinger is the Director of Services and Solutions Marketing at Brother International Corporation. With more than 25 years of industry experience, Mr. Waldinger leads the Brother initiative, ThinkOptimize. Under his leadership, Brother provides resources, self-assessment tools and solutions to help mid-sized health care organizations reduce document-related costs and increase efficiencies.

Related Posts

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

corlytics solidatus partnership

Corlytics, Solidatus Join Forces

by Corporate Compliance Insights
March 22, 2023

Data management provider Solidatus and regulatory risk intelligence supplier Corlytics recently announced a partnership that is expected to give both...

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

Next Post
Are your compliance programs long on policing and short on effectiveness?

In Corporate Compliance, Sometimes Less is More

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT