The following is a  guest post was provided by Casper Manes on behalf of GFI Software Ltd.

Health care practices, laboratories, and insurance agencies all found their worlds radically changed with the passage of HIPAA. Years later, people are still trying to figure out whether or not what they do meets the requirements of HIPAA because the legislation has several requirements, but does not provide specific guidance on how to meet those. Faxing, which is one of the most interoperable ways for those in healthcare to exchange information, is often a pain point because the technology was developed without considering the security requirements that HIPAA now imposes. Fortunately, fax server software can both modernize your faxing services, and make it easy to fax in a HIPAA-friendly way.

To really appreciate how fax server software can help you with HIPAA, let’s review what it takes to send and receive faxes with HIPAA in play. For users to send a fax, they have to print out the document they want to send and a cover sheet. Then they have to walk it all over to the fax machine and feed it into the machine. They can then dial the recipient’s fax number from the speed dial, let the machine dial the connection, and wait for the fax to send. Then they take the delivery confirmation report, staple the whole pile together, and file it away; or maybe they dump it in the shredder bin. Finally, they update the fax log. Either way, that’s a lot of paper wasted, a lot of time wasted, and a very inefficient way to send a fax. If someone wants to send this user a fax, they either have to look for a phone call or an email letting them know a fax was sent, or make it a habit to check the fax machine regularly to see if a fax has come in, since we cannot have faxes containing PHI left sitting in the output bin. Once the fax is received, it gets logged in the book, and then filed away. This might even include scanning it into the EMR/EHR application so it is attached to a patient’s records. Again, this is a very inefficient use of time and not a very secure way of moving information. Now let’s look at the sending and receiving processes when fax server software is involved.

A user needs to send a fax to another office. They open their email client, attach the document to the email, pick the recipient from their address list, and hit send. That’s it. To receive a fax, they just wait for their email client to tell them they have a new message. Again, that’s it. Fax server software handles all the behind the scenes work of making connections, adding cover sheets, logging faxes with delivery confirmation reports, queuing up faxes to be sent, and delivering received faxes right to the user’s inbox. No one standing at a machine; no piles of paper mounding up, and no chance something gets missed or falls through the cracks. Fax server software handles all the manual work of faxing so the users don’t have to. And if that incoming fax needs to be added to the EMR/EHR package, fax server software can route the received fax to a network folder that the records application monitors, automating the process; no printing, no scanning.

With fax server software on the job, HIPAA-friendly faxing is fast, efficient, and easy to handle. Users can use the email software they are already familiar with, and audit trails are automatic. Implement fax server software in your office today to provide HIPAA-friendly faxing to your users.

GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance fax server software.

All product and company names herein may be trademarks of their respective owners.

ChartSwap, a Houston-based SalesForce ISV Partner, will go-live with an interesting new online record ordering and exchange solution. ChartSwap, which is built on a Force.com platform, offers healthcare providers free access to a HIPAA-compliant electronic chart exchange network that they claim will drastically reduce the administrative burden associated with responding to third-party requests for medical records.

As healthcare providers transition to EMR solutions, they often discover that they are without a secure electronic method of exchanging records with third party requestors, who are typically not authorized to access Health Information Exchanges. ChartSwap was developed in response to this need as a secure solution for providers to receive record requests and exchange medical information with requestors, including attorneys, insurers, and regulatory compliance entities, as well as other providers.

Geared to a growing population of medical providers who are technically savvy and eager to increase the efficiency of their practices, ChartSwap incorporates elements of both a professional social network and a traditional HIE. Providers are able to sign-up with ChartSwap directly, or may receive email invitations from other ChartSwap members, including other providers as well as third-party requestors. Early adopters are incentivized through a referral program that rewards referring parties with revenue sharing opportunities – a move that ChartSwap CEO Randy Haynes hopes will encourage viral growth.

“There are over 800,000 physicians’ offices in the U.S., each receiving an average of 20 requests a week. The ChartSwap solution will allow them to respond to those requests via the cloud and to share records with other physicians’ offices for no cost and a fraction of the effort currently required,” says Randy Haynes, founder and CEO of ChartSwap.

Once a provider is an authorized ChartSwap member, they can log-in to review requests and authorizations, securely upload requested records, apply an electronic signature to any required forms, and specify the amount of the medical record fee. For providers who haven’t yet transitioned to an electronic medical records system, ChartSwap offers a secure fax to scan solution for transmitting paper records.

Lok-IT

Systematic Development Group has announced the roll-out of its LOK-IT Secure Flash Drive® at the George E. Wahlen Department of Veterans Affairs Medical Center in Salt Lake City, Utah. The encrypted flash drive’s implementation now allows cardiologists to electronically review medical reports for pacemakers and implantable cardioverter defibrillators (ICD).

Prior to implementing LOK-IT, the center’s heart doctors couldn’t securely transfer data from devices that monitor pacemakers or ICDs to the hospital’s electronic medical records. For every patient, they printed out reports up to 15 pages long and hand filed them – an unsecure and inefficient system.

LOK-IT, the first encrypted flash drive with enterprise-level security, can be used with any operating system, including with specialized medical devices since it doesn’t require software for user authentication or encryption. To gain access to data on the drive, LOK-IT users just enter their PIN code onto the onboard PIN-Pad*, much like an ATM allows access to bank accounts. In addition to working on medical equipment, LOK-IT works with all USB-compatible devices, including many new tablets, smartphones, scanners, projectors, copiers and DVRs.

Before using LOK-IT, stacks of medical records waited to be filed, and doctors sorted through them to find the relevant report. With LOK-IT, the stacks are gone, and doctors can easily search for records electronically.

The VA medical center can’t use standard flash drives because they don’t meet strict government standards for encryption. Other encrypted drives don’t work directly with specialized medical devices as LOK-IT does.

LOK-IT is tamper proof, and its FIPS 140-2 Level 3 validation means it meets advanced government-level security standards.

“Because LOK-IT automatically encrypts all files stored to its 256-bit AES hardware encryption and contains no software that could potentially be incompatible with their equipment, medical professionals can transfer medical records and data while staying in compliance with HIPAA,” said George Wolf, Systematic Development Group’s president.

A new tool, developed by the National Institute of Standards and Technology (NIST) and offered for free, can help public and private organizations, large and small, to understand and implement the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

Congress enacted HIPAA to, among other things, promote efficiency in the health care industry through the use of standardized electronic transactions, while protecting the privacy and security of health information.

The Secretary of Health and Human Services (HHS) published the HIPAA Security Rule, a national set of standards for protecting electronic protected health information (EPHI) that is created, transmitted, or maintained by covered entities and their business associates. HHS recognizes the value of NIST’s information security standards and guidelines, and has recommended these as valuable resources for organizations to consider as they implement the HIPAA Security Rule.

The law requires “covered entities” and business associates to follow the HIPAA Security Rule. Covered entities include government agencies involved in health records, health care providers, health plans such as health insurance issuers and Medicaid and Medicare programs, health care clearinghouses and Medicare prescription drug card sponsors. “Our HIPAA Security Rule Toolkit is designed to help organizations of all sizes and with varying levels of security expertise to better protect electronic health information,” says NIST information security specialist Kevin Stine. “It leverages many existing security resources and tailors them for use within the context of HIPAA security.” He emphasizes that the application is meant as a self-assessment tool, and does not indicate HIPAA Security Rule compliance.

The toolkit is intended to be a resource that organizations can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved. The self-assessment tool presents a series of questions in groups related to each of the HIPAA Security Rule standards and implementation specifications. For simplicity, the toolkit follows the established HIPAA structure of administrative, physical and technical safeguards, organizational requirements, and policies, procedures and documentation requirements.

The target audience includes HIPAA-covered entities and business associates, and organizations that provide Security Rule implementation, assessment and compliance services. Target user organizations can range in size from a large nationwide health plan with vast information technology (IT) resources to a small two-doctor health care provider with limited access to IT expertise.

The free toolkit comes with a comprehensive User Guide and a self-contained, stand-alone software application that can run on Windows, Mac and Linux operating systems. It is available at http://scap.nist.gov/hipaa. Funding for the toolkit was provided by the American Recovery and Reinvestment Act of 2009.

Independence Blue Cross (IBC) and NaviNet announced today that their shared strategy to ensure providers are well-positioned to meet federal mandates has resulted in a joint upgrade offering for physician practices to transition to HIPAA 5010 compliance using NaviNet PM (Practice Management). In addition to making providers HIPAA 5010-compliant, the NaviNet PM solution gives healthcare professionals one central place to access the key administrative, financial, and clinical workflow information they need to be more efficient and deliver a better patient experience. Nationwide, IBC and its affiliates provide coverage to nearly 3.1 million people. NaviNet is America’s largest healthcare network, serving more than 120 million members. The two companies report that physician practice adoption of this upgrade is significantly exceeding expectations.

“The healthcare industry is undergoing a monumental transformation,” said Joan Jennerjahn, Vice President of IBC’s Provider Network Operations and recipient of this year’s national Healthcare 11′s IT award. “In addition to the new federal healthcare reform law, there are government mandates that require significant time and investment by healthcare providers, health plans, and vendors in order to be compliant. We recognized the value of partnering with NaviNet to leverage the new capabilities offered by NaviNet PM, an upgrade solution that gives smaller physician practices a unique opportunity to update their office systems. Physician practices are winning on two fronts. First, they achieve compliance with the government mandates without making a significant investment in technology upgrades, and second, they streamline their office workflow.”

IBC’s NaviNet provider portal currently enables physicians to effectively and seamlessly care for IBC members by validating member eligibility, requesting preauthorization for services, or checking the status of submitted claims. Also available to IBC’s network physicians today via NaviNet are the health plan’s unique Clinical Care Alerts and Clinical Care Reports — two tools that assist physicians in identifying any potential gaps in patient care with the goal to improve quality and facilitate better care coordination.

The IBC-NaviNet upgrade now offers a multi-payer solution that provides physicians with the ability to collect the reimbursements and payments they are owed, improves claims resolution capabilities and billing/collections effectiveness, and prepares them for HIPAA 5010 compliance. The rapid adoption thus far reflects physician practices’ need for a unified patient information management (UPIM) system that integrates seamlessly with other providers, health plans, and healthcare service providers.

The linked integration to NaviNet PM is a patient-centric strategy that enables healthcare professionals to deliver better patient satisfaction, enhance claims collections, and lower the costs of high-quality care delivery. This user-friendly solution, accessible via a SaaS-based portal, enables physician practices to leverage their existing business processes, upgrades their current capabilities, and gives them greater functionality so that they have all the patient information they require. Using a modular step-by-step implementation process, the software can be rapidly and easily upgraded with little interruption to the office or physician’s workflow. The upgrade to NaviNet PM enables physicians to focus on patient care, not IT.

“My practice is an early adopter of the NaviNet PM solution. We process about 60 percent of our office’s claims through IBC. The NaviNet PM solution enables us to have better claims resolution, makes us more efficient, and positions us well for HIPAA 5010 compliance,” said Dr. Savita Singh, M.D., PC, a rheumatologist from Philadelphia.

“Partnering with Independence Blue Cross to jointly offer IBC’s network providers an upgrade to NaviNet PM increases healthcare professionals’ ability to streamline their workflow and gives them a HIPAA 5010-compliant practice management system,” said Brad Waugh, President and Chief Executive Officer, NaviNet. “Our joint program also sets them up to take advantage of EHR technology like NaviNet EMR (electronic medical records), which, among many other benefits, allows them to access the “meaningful use” money available from the federal government and sets them up on the path to support integrated delivery of care models by incorporating their patient-centered medical home and accountable care initiatives.”

Practice Fusion is finally getting into the app business and is debuting a prototype of its native iOS mobile application for the iPhone at the Health 2.0 conference in San Francisco. Practice Fusion currently has iPhone and Android applications in private beta testing. The mobile solutions will provide a free, lightweight and secure way for medical professionals to stay connected on the go and mark another step in the company’s aggressive mobile strategy.

These native apps will replace the somewhat kludgey, LogMeIn/browser based methods they have used to provide mobile access to Practice Fusion to date.  Users have been clamoring for native iOS apps for quite some time now and it’s great to see progress being made towards a an easy to use lightweight app.

“Doctors love mobile technology. An estimated 80 percent of physicians have smartphones,” said Ryan Howard, CEO of Practice Fusion. “This prototype is the next step we promised our mobile-hungry medical community. Soon, our doctors will access their free EMR accounts anytime, anywhere securely with a free iPhone app.”

Practice Fusion is not limiting themselves to the iOS platform for iPhone and iPad.  They’re also planning on  Android applications  that will give medical providers secure mobile access to records anywhere they have cell or WiFi reception using a free Practice Fusion EMR account.

The applications will function as a mobile medical office for viewing patient charts, reviewing lab results, responding to prescription refill requests, HIPAA-compliant messaging and contacting patients.

The company  is planning on a  first public release of the native iOS and Android applications early in 2012. and the native mobile applications will be offered entirely free, just like the company’s EMR system.  You can learn more about Practice Fusion and sign up for your own free account here.

If you are growing tired of maintaining your ancient analog fax machine with its  phone line connection, cover sheets, sensitive information left sitting in the output tray, and all the other things that make most IT and security folks loathe the word fax, then you are going to love the idea of  fax server software.

Because so many physician offices remain reliant upon fax machines we wanted to cover an option that would allow them to continue to use faxing for communications but to do it in a much more secure fashion.  For this review we decided to test GFI FaxMaker,  a full featured fax management package that they claim will bring your practice’s  faxing needs into the 21^stcentury.

Product Requirements

GFI FaxMaker can run on any currently supported Windows 32 or 64 bit server platform. It needs about 256 MB of RAM for itself, and any modern processor should be able to handle the software easily. You’ll need an analog fax modem or fax card, such as one of the supported fax cards on this page.  They will require physical hardware, but GFI FaxMaker also supports TE Systems  XCAPI and Dialogic SR140 software FoIP solutions. We decided upon a physical board since we have hardware servers available to test with.  GFI FaxMaker also requires an Exchange email server.

Client Setup

Client setup is important, because you’ll want to be able to send and receive faxes from multiple computers in your office.  We found the client setup process to be pretty simple.  Since GFI FaxMaker integrates with your email server, any SMTP capable client can send an email to a fax number, or your users can send and receive faxes from their desks using the email application they are already familiar with. You can also install the GFI FaxMaker virtual printer driver, which makes sending a fax as easy as hitting the print button. Most users liked the email client option the best since they could pick fax numbers from their contacts already in their email.

Routing and filing

Incoming faxes were easily handled by GFI FaxMaker. We set up the OCR capabilities to check for usernames, which worked fairly well as long as the fax or cover letter was not handwritten. These could also be delivered to email enabled SharePoint document libraries, making it easy to automate filing incoming faxes. With multiple numbers or a DID map, we could have also delivered faxes based on the incoming or source phone number.

Sending a fax is as easy as sending an email message

 Junk Fax Filtering

One of my pet peeves is junk faxing.  I seriously dislike having our fax machine used to spam us so I was really curious about how this would work.   Junk filtering is available, where the software automatically deletes incoming faxes from DIDs that are on a list you maintain of known junk fax senders.

What we loved

GFI FaxMaker was easy to install, easy to integrate, and easy to use. End users had no problem sending faxes from Outlook, and frankly loved not having to leave their offices to send and receive faxes.

What we didn’t like

Sometimes the OCR had trouble reading incoming faxes, though we found out most of those were from old analog fax machines that even we had trouble reading. Junk fax filtering was based on sender number; we hoped it would do some OCR magic but for now, we can at least add all those vacation time share numbers when they come in.

The verdict

Four out of five stars. Any company that needs more than one user to send or receive faxes should take a close look at this software. The cost savings combined with the additional features make this an easy win.

If you’d like to learn more about GFI FaxMaker, see their website.

Health Business Intelligence Corp (Health BI) announces the availability of secure web email for health care professionals and patients on HealthCollaborate.

HealthCollaborate secure web email enables health care organizations to securely send and receive messages with Patient Information attachments.

Patients can also receive secure emails from their physician offices, hospitals, ancillary providers and insurance companies.

Health care providers can securely send and receive referrals, progress notes, clinical treatment summaries, lab results, medical imaging, consultation reports and more to other providers.

Health care organizations can interface HealthCollaborate with their EMR or HIE systems to attach medical records to email messages.

In parallel, health care providers can send messages with billing statements, visit summaries, test results, care plan and more directly to their patients.

Patients can use HealthCollaborate secure email to send medical history, medication list, insurance information and more, directly to their health care providers.

In today’s healthcare regulatory climate, protecting personal information stored and shared through mobile healthcare (mHealth) solutions is becoming a big issue for healthcare providers, payers and vendors.

Diversinet Corp. has released a interesting white paper titled Mobile Health and Security – Ten questions you should ask before implementing an mHealth solution.  The document can help healthcare organizations better understand the rapidly evolving security requirements by outlining the most relevant HIPAA security rules and providing recommended best practices to address them.

(Note:  The whitepaper does require registration information to download.)

The white paper starts with an executive overview that outlines the contents of the white paper beginning with:

This  Mobile Health and Security white paper analyzes HIPAA security requirements and  mobile health security best practices to assist healthcare organizations in evaluating and  implementing secure and fully compliant mobile health solutions.  The section on “HIPAA  Security Requirements: Implications for Protecting  Mobile PHI” reviews the HIPAA Security Rule Technical Safeguards for Protected Health Information (PHI) and discusses the mobile  security best practices that directly relate to each Technical Safeguard.

Diversinet Corporation provides a patented and proven secure application platform that enables healthcare organizations to rapidly deploy HIPAA-compliant mHealth applications on mobile devices.

Chiropractors who utilize electronic billing must convert to the new HIPAA 5010 format by January 1, 2012 or risk not being paid by all third party payers, including Medicare.

In spite of the potentially disastrous financial consequences that may occur if a practice is not prepared, most chiropractors have not even started to test their compliance with the new, mandatory format. Apparently, chiropractors are not the only healthcare practitioners who think that 2012 sounds like a long way away. The Medical Group Management Association released a survey of over 13,000 M.D. practices in March that revealed that 61% of medical practices have yet to schedule any testing with the health insurance plans that will pay them.

The rule changing to the HIPAA 5010 format for electronic claims submission was passed back in 2009 due to the fact that the current version of 4010 data was admittedly lacking. The migration to the HIPAA 5010 format is also the pre-cursor to the ICD-10 diagnosis code set that is scheduled for adoption in 2014.

“Chiropractors should not confuse the two upcoming changes and delay the implementation of their HIPAA 5010 conversion,” warns Tom Necela, DC, president of The Strategic Chiropractor and a consultant to the chiropractic profession who is also a Certified Professional Coder and Certified Compliance Professional. “The HIPAA 5010 conversion needs to be implemented, tested and ready as long before the January 2012 deadline. Although it will ultimately interface with ICD-10, they are independent of each other. As such, chiropractors cannot afford to wait to start using both new data standards simultaneously else they will risk not getting electronic payments from payers.”

Fortunately, chiropractors are not in trouble yet if they haven’t started the 5010 conversion. Most payers have recently completed error testing the new data set and now is an ideal time for practices to begin their own testing of the new 5010 format.

When asked why chiropractors (and physicians at large) were not yet getting ready for 5010, Dr. Tom Necela offered two possible reasons:
“The first is just a general lack of awareness,” Necela states. “With all the regulatory changes that have taken place over the last couple years, the $44,000 EMR stimulus and the demands of daily practice, it is tough for all physicians to keep up with new requirements. Consequently, some chiropractors don’t even know this is a requirement and perhaps won’t, until it’s too late.”

The second possible reason cited by Dr. Necela is prioritization. “Even if chirorpractors are vaguely aware of the need to change to HIPAA 5010,” Necela reasons, “there is a good chance that they may not fully understand it or give it the priority that it demands. For example, there are chiropractors scrambling like mad to potentially qualify for the $44,000 stimulus package, which they may or may not achieve. On the other hand, if they are not converted to 5010 standards by the deadline, there are definite – not potential – consequences: you won’t be paid. So to me that’s a higher priority item.”

While the level of preparation required for each chiropractic office may vary on its size, percentage of claims transmitted electronically and number of payers to whom they submit claims, most experts in the healthcare billing and compliance industries agree that businesses that adopt early implementation of these new standards will be most likely to succeed.

Experts also agree that it’s not too early (or too late) to get ready for the January 1, 2012 deadline. Although all parties involved – physicians, their practice management software vendors, electronic claims clearinghouses and the payers themselves – will need to convert to the 5010 format, ultimately each chiropractor has the responsibility to prepare his or her practice for the transition.

Although the process may be daunting, by getting started today on implementing the 5010 transactions, chiropractors can ensure that they meet the January 1, 2012 deadline and do not suffer claim payment interruptions.