All of us are aware of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the fines and penalties that are levied in the event of a data breach. As health care providers in the I/DD space, we must be aware of how we manage the private health information we collect each day, and do so in a HIPAA compliant manner.
Remember when paper documentation and health care forms our staff created when providing services flowed into the office like a river of information? We moved it from ‘the pile’ into the three-ring binder or files for each individual.
The paper records we replaced in the binders and files were collected, boxed up, labeled and taken to a storage area, sometimes in the basement of one of our group homes, to be kept for seven years. And, if we had a locking door for the storage room, for many it was considered “secure.” Does this scenario give you the chills?
When electronic documentation platforms were introduced to our industry, an entirely different set of HIPAA rules came into play. And as computers, software, systems and the Internet evolved, so too have the regulations for using this medium.
The Office of the National Coordinator for Health Information Technology (ONC) offers the Security Risk Assessment Tool (SRA Tool) to help all health care providers perform a risk assessment of their organization to ensure it is compliant with “HIPAA’s administrative, physical, and technical safeguards.” This tool can prove to be very useful for providers who host their data management system locally.
For providers who opt to use an online documentation system that can be accessed by a device with a reliable internet or cellular data connection, it is vitally important to know if your vendor satisfies the HIPAA requirements. If you have not asked the question, you should consider doing so.
Since its launch in 2003, Therap’s attention to data security for our online, comprehensive system has been industry leading. The data management system is constantly updated to address the ever changing cyber security environment to ensure that our users are provided with the most compliant and secure platform available.
Therap’s approach to data security features a multi-level access control mechanism, which allows administrators to define and restrict the level of access of specific users to any records as required. Additionally, administrators possess the capability to restrict any actions of each system user or viewer at any necessary event.
Some of the strongest privacy measures of Therap are as follows:
The newly introduced Biometric Authentication tool allows users to log into Therap Mobile Applications by verifying their fingerprints or face identification without having to manually type in their login credentials.
Using the Self Password Reset module, users can easily access their accounts while maintaining high security whenever any user forgets their passwords or gets locked out.
The Two Factor Authentication (2FA) functionality adds an additional layer of security as it requires users to enter an additional One Time Password (OTP) after logging into the application.
The Secure Communication (SComm) module facilitates the exchange of information in a HIPAA-compliant manner, either among users or between agencies regarding administrative, personal or individual care related issues.
The Pharmacy Interface module is designed to provide a direct, secure communication platform for providers to receive messages from pharmacies directly.
Therap forms include activity tracking, electronic signatures and other audit features for every action taken by users while working on the forms—from creating a new form to updating, approving, reviewing, and acknowledging an existing form, as well as carrying out any other actions or activities unique to each form. Therap strives to ensure security and data integrity at every step of the documentation process to keep protected health information and agency records secure and safe at all times.
If you’d like to learn more about how Therap can help your agency with data security or—if you are a Therap User—learn more about the security features you are already enjoying, I invite you to reach out to us. Click here to get started.
Michelle Saunders is Associate Director of Business Development at Therap Services. She can be reached at [email protected].
Stay Informed on the Latest Research & Analysis from ANCOR
