30 May 2013

More than Data Encryption – The Overlooked HIPAA Benefits Unlock Permitted Cost Savings and Time Efficiencies

Author:

People often view HIPAA as a burden – heightened regulatory enforcement related to data protection and privacy. It is. However, most overlook the efficiencies that HIPAA permits.

With the right email encryption services, you can now move personal, private and protected information to electronic delivery. This typically creates cost savings in itself as much of this information is transmitted by fax and expensive courier services.

Most are aware of this and most believe HIPAA ends here. What they don’t realize is that HIPAA clarifies permissible methods of obtaining electronic signatures on documents and HIPAA and permits electronic delivery of documents that contain protected health information.

Nelson Mullins Riley & Scarborough LLP maps RPost’s Registered Email, Email Encryption, and Electronic Signature services to the HIPAA requirements in a legal opinion entitled, “Effective Electronic Delivery and Execution of Documents Required under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).” Click to read.

RPost brings the technology catalyst for HIPAA compliance combined with process improvement for cost savings and administrative time efficiencies.

Based on the Nelson Mullins legal analysis refernced above, we conclude:

(1) An RPost electronic signature can be used when a signature is required by a document governed by HIPAA, and is as legally enforceable and legally effective as a “wet ink’ signature;

(2) RPost can be used to deliver documents electronically in conformity with the technical safeguard requirements of HIPAA  relating to the integrity and security of electronic communications of electronic PHI; and

(3) Where notification is required by HIPAA and in the great majority of U.S. jurisdictions in which UETA applies, RPost’s core Registered E-mail service does provide the sender with legally valid evidence that notice has been accomplished under HIPPA,as long as RPost’s resulting Registered Receipt e-mail reports at least successful delivery to the mail server.

Since providers are the ones dealing with most of the HIPAA authorizations and have the electronic medical record initiaitves, RPost benefits providers first, with a PROCESS IMPROVEMENT initiative, moving more HIPAA regulated documentation from paper to electronic.

The first applications for RPost services would be in the conversion of all documents governed by the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) from paper to electronic that

(1) may be signed, authorized or acknowledged using RPost’s electronic signature when a signature is required, and
(2) may be delivered electronically by the RPost service.

Jon Neiditz, partner at Nelson Mullins Riley & Scarborough LLP further clarfifies the permissibility of electronic document delivery and electronic signature use in accordance with HIPAA in his article, “An Attempt to Clarify the Use of Electronic Signatures and Electronic Delivery for HIPAA-Required Patient and Beneficiary Authorizations, Notices and Acknowledgments” http://www.rpost.com/legal-opinions/hipaa

The target documents required by HIPAA that involve notice to patients or beneficiaries or their agreement or acknowledgement include:

Transactional documents required, created or regulated by HIPAA that involve patients and beneficiaries.

a. authorizations pursuant to 45 CFR Section 164.508, that must be executed by the patient or beneficiary and meet more standards evidencing intent than a mere consent;

b. notices of privacy practices for protected health information (“PHI”) pursuant to 45 CFR Section 164.520, the receipt of which must be acknowledged by patients;

c. responses to patients and beneficiary requests under HIPAA, such as requests for special privacy protections, access to PHI, amendment of PHI and accounting of disclosures of PHI, pursuant to 45 CFR Sections 164.522 through 528;

and other documents…

a. informed consents (i.e. consents designed by institutional review boards for use in clinical trials and research — although HIPAA adds some requirements for informed consents, they aren’t really documents governed by HIPAA, so it’s a separate but similar analysis);

b. RPost for can be used for all vendor contracting, including HIPAA business associated contracts and addenda as these are non-EDI HIPAA documents (business associate contracts, addenda and subcontracts);

The main benefit to the hospitals/providers would be to:

a. move more to electronic (save cost/paper/processing time);

b. tie documentation to electronic medical record in a more streamlined manner; and

c. enable the capability of having signoff’s accomplished by e-mail prior to visits to the hospital/physician’s office.