Hipaa Whitepaper 9 11 Flow Port Hc Xerox 01

User Manual: FlowPort

Open the PDF directly: View PDF .
Page Count: 2

©2001 XEROX CORPORATION. Xerox®, The Document Company®, the digital X®, DocuShare®, FlowPort™ and PrintXchange®

are trademarks of XEROX CORPORATION.

All non-Xerox product names and number mentioned are trademarks or registered trademarks of their respective companies. All rights reserved. 9/11/2001

Printed on a Xerox digital copier/printer using Genuine Xerox Supplies

Penalties for breach

of compliance range from

$100 per person per accidental

incident to a maximum

of $250,000 and possible

imprisonment for knowing

misuses of

individually identifiable

health information.

Documents on

Desktop Computers

Many healthcare documents

are created on the desktop,

either through a third party

application or via

transcription of dictation. The

people creating these documents

often create hundreds in a day. If

they are printing as they create, the

documents often sit in the output tray

of a printer for several hours before they

are retrieved and distributed. HIPAA

regulations would require the worker to

disrupt his or her workflow to retrieve each

document, resulting in potential loss

of productivity. Xerox multifunction

products offer embedded features

that improve security without

disrupting productivity.

Secure Print allows secretaries or clerks to

transcribe multiple patient documents and

send each to the print queue upon

completion. The documents are not actually

printed until the owner/creator signs in to

the printer to oversee the printing of these

confidential documents. This ensures

document control from the point of creation

and eliminates the possibility of documents

being removed from the printer by an

unauthorized individual.

To ensure compliance with HIPAA, Xerox

software applications can track print

requests going to the print server and can

force all protected documents to be printed,

via Secure Print, to appropriate local Xerox

multifunction devices. An audit trail for

each print request can also be provided.

Explanation of Benefits (EOBs)

Health insurers are subject to the same

security and confidentiality requirements as

hospitals. Claims adjudication documents,

EOBs, and other documents that identify a

specific patient and procedures, diagnoses,

or benefits received are mandated to receive

the same protection as hospital patient

records. Therefore, EOBs, for example,

must now be sent to the individual, not

batched in a package to the primary family

member. With the added postal expense,

health insurers will want to ensure

information is correct before it is mailed.

Through data integrity, checking and postal

cleansing and batching, Xerox can help

eliminate documents that are sent to

incorrect addresses, thus, facilitating

HIPAA compliance and reducing

postal costs.

IT Consulting

Xerox’s IT consulting group — Xerox

Connect — can provide IT security

consulting, gap analysis, process redesign

and technical implementation.

What’s Next?

Implementation of HIPAA requirements

involves staff education, IT security, audit

tracking of reviews of clinical documents,

and surveillance and security response to

infringements. As you make your plans for

compliance with the HIPAA requirements,

remember Xerox offers customized

solutions to help you meet all

these challenges.

Contact your Xerox rep for more

information on innovative strategies for

document handling within your

institution or check http://www.xerox.com

W

WH

HA

AT

T

I

IS

S

H

HI

IP

PA

AA

A

A

AN

ND

D

H

HO

OW

W

D

DO

OE

ES

S

X

XE

ER

RO

OX

X

F

FI

IT

T

I

IN

N?

?

The Health Insurance Portability and

Accountability Act, HIPAA, will have a

huge impact on the healthcare market

over the next few years. HIPAA was

designed to ensure the confidentiality

of patient information both within

organizational settings (hospitals,

clinics, and insurance offices) and

when it is transferred between

institutions or healthcare

professionals. The final regulation,

passed in April 2001, defines security

and privacy requirements that will

protect the confidentiality of a

patient’s records.

There are two areas where

Xerox can help healthcare

managers comply with

HIPAA requirements – ensuring

security with document flow

(electronic and/or hardcopy)

and providing a vehicle to

ensure culture change. For years

Xerox has been creating

solutions for healthcare

providers to help reduce costs

and become more efficient with

document management.

Now, more than ever, is the

right time to talk to Xerox.

Let us explain the ways Xerox

can help you.

The Health Insurance Portability

and Accountability Act (HIPAA)

“Failure to put in place

a trusted infrastructure that

will allow business partners to

confidentially exchange

protected health information

poses significant financial

and operational risks.”

Kevin Malley,

Partner, PriceWaterhouse-Coopers

Health Management

Technology Roundtable

©2001 Nelson Publishing, Inc.

HIMSS Leadership Survey –

81% of the 953 senior level hospital

executive respondents identified

HIPAA compliance as the #1 IT

concern for the year, up from

70% in 2000.

The Federal Government estimates

that hospitals and providers will

spend $3.3B on reaching

compliance over a ten year period

(2002-2011), with the greatest

expenditures coming from

hospitals with >100 patient beds.

HIPAA - How Can Xerox Help?

The HIPAA requirements cover electronic

and hardcopy documents as well as verbal

communications. It has the potential to

present a huge burden to hospitals and

insurers in terms of document management.

Many areas within the healthcare

environment will be affected by

HIPAA including:

• Verbal communications

between practitioners

• Electronic collaboration on

healthcare documents

• Medical records

• Outbound electronic documents that are

faxed or emailed

• Documents on desktop computers such as

transcriptions, lab results, and referrals

• Explanation of benefits (EOBs) and other

insurance documents delivered to

patients’ homes

In each of these areas, implementation

of HIPAA requirements will include

educating staff members on maintaining

confidentiality, establishing methods

and consequences for detecting

infractions, expanding network security,

and updating processes and systems to

comply with the new standards.

Verbal Communications

HIPAA will affect the way practitioners

and staff communicate verbally. In

discussing a patient, extra care must be

taken to ensure that only the necessary

people can hear the conversation.

Changing our behaviors will not be

easy. It will take dedicated training and

a long-term awareness campaign. And

that’s where Xerox fits in with e-learning.

Xerox has several options to facilitate e-

learning about the HIPAA regulations and

their impact on communications. From a

web-based repository for documents to

workflow automation that “pushes”

documents to the appropriate end users, we

can help you move your critical documents

to your clinical staff with a maximum of

efficiency and security. This provides an

audit trail that chronicles receipt and

acceptance of each document.

Additionally, once policies and procedures

for HIPAA compliance are created, Xerox

can store them in the web-based repository,

making them easily accessible to all

employees, regardless of location.

Electronic Collaboration

Practitioners often need to share clinical

information with other practitioners, in the

form of a second opinion or a referral. A

medical resident may create a document that

the physician must edit before it becomes

part of the medical record. But until this

information reaches the medical record,

collaboration events like these can have

minimal security and would result in

infractions of HIPAA regulations.

Xerox has document management software

that can help practitioners continue with

their collaboration efforts by providing

the following:

• Individualized security control,

implemented over a matrix of every

document and every user

• Annotations to each base document for

individualized security control

• A set of permitted operations, e.g., view,

edit or print, enforced on an individual

basis, for all participants and documents

• Several monitoring capabilities to support

compliance activities that cross

organizational boundaries

• A security system to log operations on

every document by every user and create

a database for reporting and datamining to

proactively look for security breakdowns

• An “electronic fingerprint” for each

document identifying its source, to

assist in investigations about

“misplaced” documents

Medical Records

The new security requirements in HIPAA

will impact hard copy medical records

making it difficult to manage the records

while still ensuring optimum accessibility to

practitioners for maximum quality of patient

care. Medical records can be even less

secure once the patient is discharged and the

records begin their trek around the

hospital for completion and signing.

Xerox has developed a medical records

imaging solution, working with one of

the market’s top vendors, which

provides maximum security to the

scanned images, workflow automation

for chart completion, and improved

workflow for prompt coding and billing.

Outbound

Electronic Documents

Healthcare organizations send many

documents to outside organizations every

day. Whether it is a hospital referring a

patient to a rehabilitation center or an

insurer sending a request for diagnostic

information, the documents are often faxed

or emailed. HIPAA now requires that you

verify that the document arrived at the

appropriate place and was received by the

correct person. Xerox has a variety of

solutions to help facilitate compliance.

DocuShare is a web-based document

repository capable of storing many types of

documents created in most common

applications (regardless of version) on any

platform. If managed by Xerox or the IT

department, DocuShare provides a secure

environment for easy sharing of clinical

information across multiple geographic

areas (clinics, referring doctors’ offices,

nursing homes, etc.). Since documents are

stored in the secure site, the URL can be

sent to the receiving institution. With the

added security of requiring a unique sign-on

and password for the document, you are

guaranteed that only the appropriate end

users can see the documents. It also

alleviates concerns about network

bandwidth that most hospitals experience

with increasing email traffic.

FlowPort, a Xerox software

application, works with the scan

function on Xerox multifunction

devices. FlowPort guarantees the

distribution of scanned

documents to appropriate

recipients, via email or fax,

through the use of predescribed

covers that auto-route the

documents.

When scanning in documents to

send out, Xerox multifunction

devices offer Scan to Fax or

Scan to Email. These options

guarantee that the documents go

to the appropriate recipients

because the email address or fax

number is pre-programmed.

Once configured, the end user

need only choose the appropriate

recipient – the address is

permanently stored in the

product’s memory. Any

documents scanned to email

pass through the institutions’

email server, providing the

required encryption of

the documents.