Doctors, especially outpatient physicians with small or individual practices, are not well-positioned to build, maintain, and update their own IT infrastructures. The healthcare industry has some of the most stringent and frequently amended information security and records regulations. Doctors already have very little free time and relatively few staff members to assist them with non-medical affairs. Neither they nor their staff have the time or expertise to be implementing and managing even a basic IT infrastructure, much less an IT system that has the performance, security, and flexibility that the healthcare industry requires.
For doctors or IT administrators with the fortitude to try to build and manage their own IT infrastructure, we have provided below an overview of the data security and records management legislation and standards over the last fifteen years. Clicking the link over the name of the legislation or standards will direct you to either a copy of the actual legislation or the website of the institution responsible for it.
HIPAA: Most doctors have probably heard of HIPAA (the Health Insurance Portability and Accountability Act). Enacted in 1996, HIPAA requires that healthcare providers protect the privacy of their patients’ data. The American Academy of Family Physicians offers a helpful 10-point guide to attaining HIPAA compliance. Some of the requirements of HIPAA include documentation of security procedures, auditable records, data encryption, anti-virus software, and other standard data security controls and initiatives.
HITECH Act: This 2009 extension of HIPAA adds breach notification requirements and further financial penalties for mishandling patient data. It raises the maximum financial penalty for violations from $25,000 to $1,500,000. HITECH also provides financial incentives for healthcare providers that employ “Meaningful Use” of electronic health records (EHR) systems. Doctors or their IT administrators can find out if their EHR deployment qualifies as Meaningful Use by consulting this page for the Centers of Medicare and Medicaid Services (CMS).
HIPAA 5010 and ICD-10: The latest update of HIPAA standards and the ICD-10 (International Classification of Diseases, 10th Version) will add further possible values to existing medical forms and data transactions. Healthcare providers must be sure that their systems and networks will support 5010 and ICD-10. The ICD-10, for example, will add 53,000 new diagnoses codes and 72,000 new procedure codes from ICD-9. The deadlines to comply with these regulations have been pushed back to June 30, 2012 for HIPAA 5010 and October 1, 2013 for ICD-10.
Affordable Care Act: The Patient Protection and Affordable Care Act (also known as “Obamacare”) did not add any new healthcare information security or records management requirements. But experts think that the law will change healthcare enough that healthcare IT will inevitably be affected. This InformationWeek article cites as an example the law’s mandated state health insurance exchanges that each require a massive IT infrastructure to be built and implemented and then integrated with existing healthcare networks. The article also points out that the June Supreme Court decision on the constitutionality of the Affordable Care Act may negate or turn into losses any changes made in response to the law.
Healthcare providers can avoid the hassles, expenses, and unpleasant surprises of maintaining an in-house IT infrastructure by switching to a cloud-based infrastructure from IronOrbit. Our infrastructures provide processing, storage, bandwidth, and hosted EHRs that already comply with most industry data security regulations, including HIPAA, Sarbanes-Oxley, and PCI DSS. We have experience designing, building, and hosting EHRs and other IT solutions for thousands of different healthcare providers. We understand and can anticipate many healthcare providers’ concerns, requirements, and time constraints. IronOrbit has been there from the start of mainstream healthcare IT (we began in 1997, one year after HIPAA) and will be there whenever you need us (with our knowledgeable 24x7x365 technical support). With an IronOrbit hosted infrastructure or EHR, healthcare providers can focus on their patients and forget about data security regulations and IT performance problems.