Healthcare facilities, regardless of their size, are responsible for keeping patient information private in the real and digital world to remain in compliance with Health Insurance Portability and Accountability Act (HIPAA). The act states that an individual’s health information should be protected with physical, technical and administrative safeguards to ensure its integrity, confidentiality and availability, as well as to thwart unauthorized or inappropriate disclosure, use or access. When it comes to the electronic processing of patient health information, healthcare facilities and document scanning companies must have specific safeguards in place to protect the privacy of the patients served. When selecting a contractor for your everyday or emergency scanning needs, it’s important to review its practices or procedures to ensure compliance and avoid hefty fines.
Document Scanning Considerations to Ensure HIPAA Compliance
1. Audit Trails
Audit trails are a provision of HIPAA regulations. They are essential for monitoring system activity and individual user activity to keep track of how sensitive information is used. A scanning service should work with your medical facility’s current software or provide you with software that allows you to track individuals who viewed files and modified documents. A solid audit trail also improves an organization’s ability to find and address security violations, while remaining compliant with HIPAA standards.
2. Physical Security
HIPAA outlines a long list of requirements regarding the physical protection of data. Similar to healthcare organizations, document-scanning companies that handle medical records must keep sensitive data safe from human and environmental threats with items such as video surveillance and backup generators.
In addition to securing physical property, HIPAA’s accessibility regulations mandate that organizations that handle data must verify the identities of individuals accessing sensitive information. This means that a scanning service must have security protocols in place so those without a key to storage areas or the proper software-related credentials cannot access the private information.
3. Data Security
Data in electronic files don’t remain dormant; it’s sent from one computer to another over a network, cloud service, or email, making it vulnerable to threats. HIPAA states that organizations that store, receive and transmit data must have security protocols in place to reduce security threats, such as firewalls, 24-hour network monitoring, encryptions, and advanced antivirus programs. A reputable document scanning company has such measures in place to prevent data interception, the corruption of data during transmission, and network intrusions that compromise the security of patient information.
4. Document Recovery
To remain compliant, HIPAA requires that document-scanning services and medical facilities have a data backup plan. It also has a disaster prevention and recovery plan that includes giving healthcare organizations secure access to protected information during any incident. A solution may include using a secure cloud-based document management system that makes documents accessible via cloud-hosted storage. A good scanning service is willing to share its disaster preparedness and recovery plans with you.
5. Background Checks
Vendors that handle patient information should follow the same hiring policies as medical facilities in regards to employee background checks, as only approved individuals can legally access sensitive health records. This means that a scanning company cannot hire individuals who would not be qualified to work in a medical facility because they are excluded from working with Medicare or the federal government. Other exclusions include convictions related to abuse, violent crime, theft, fraud, and felony drug-related charges.
To help your medical organization remain in compliance, ask the scanning service for its employees’ background history. Ensure that the vendor runs annual background checks on its employees, as well as an additional background check if an employee is arrested. Background checks should also include a search of the General Services Administration (GSA) and Office of the Inspector General (OIG) databases to verify exclusions and reduce the organization’s liability.
Using a document scanning service helps transform patient medical records into secure electronic files. It’s also a good way to increase space in a facility or practice, and streamline processes. Polygon provides document scanning and restoration services when medical facilities or their vendors experience a disaster. We perform comprehensive background checks on our employees, use strict security protocols, and transport documents in secure vehicles to secure facilities. By ensuring that the vendor you choose uses processes that comply with HIPAA regulations, you ensure that one of the things that patients value the most—their private information—remains secure.
[Photo from Army Medicine via CC License 2.0]