Fingerprints and HIPAA Compliance
As the health care industry continues it’s metamorphosis, there are increasing demands on doctors, patients, and the whole healthcare system to become more efficient in providing better health care and save costs while doing so. This article discusses HIPAA and, in particular, an aspect of the computerization of health care: the documentation of the patient/care provider encounter. It makes the observation that there is an inevitable move towards computerized documentation and that the sooner the patients are involved in their portion of the doctor’s reports, the better for the doctor in both meeting the time demands of documentation and compliance to HIPAA. The author also describes fingerprint biometrics as an integral part of the documentation process in meeting the security section requirements of HIPAA.
Increasing Demands for Patient Documentation
If there is a universal consensus amongst doctors, it is the dislike for documenting notes and reports. Documentation is time consuming, costly, and takes the doctor away from caring for the patient. Yet, due to the changes in the health care industry, and the continuing computerization of the insurance, legal, and federal government arenas, doctors are compelled to computerize in order to compete.
As a product of computerization and the need to more accurately and quickly process patient health records, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996 that goes into effect April 14, 2003. HIPAA’s primary purpose is to allow employees and their families to transfer health care benefits from one employer to another, or, in the case of an employment separation (such as a layoff), to continue coverage.
HIPAA was also passed to make it easier on providers and decrease administrative costs by moving towards a standard for administrative and financial transactions. A part of its ‘Security and Electronic Signature Standards’ section has the additional purpose of allowing patients access to their complete records, as well as putting into place policies and procedures to protect patient data and access to that data.
“The security standard is applicable to all healthcare information electronically maintained or used in an electronic transmission, regardless of the format; no distinction is made between internal corporate entity communication or communication external to the corporate entity.”1 This means that even reports and notes that are initially handwritten or dictated, yet subsequently transcribed into electronic format, will be subject to HIPAA standards regarding security for the organization and access control to such patient information.
All clinics/organizations must have a set of documented policies and procedures for the handling of their patient data and access to it. The documentation must include a scheduled plan for periodic review and updating, since hardware, software, processes and procedures can, and will, change over time. Internal and external audits are necessary to ensure compliance to federal government regulations.
Compliance Schedule
The laws require clinics to come into compliance with each set of standards within two years following its adoption (except for small health plans, which have three years to come into compliance). Clinics must therefore meet their health information privacy rule by April 14, 2003. Clinics that submit a plan for achieving electronic transaction compliance qualify for an implementation extension until Oct. 16, 2003.
National Health Identifiers and Other HIPAA Regulations
HIPAA legislation included proposed standards to create a unique identifier for health plans, health care providers, employers and patients. The goal was to make it easier for health care providers to conduct transactions with different health plans. In May 2002, a final rule was issued to standardize the identifying numbers assigned to employers in the health care industry by using the existing Employer Identification Number (EIN), which is assigned and maintained by the Internal Revenue Service. Most covered entities must comply with the EIN standard by July 30, 2004. (Small health plans have an additional year to comply). However, Congress has put the HIPAA requirement for a unique personal health care identifier on hold indefinitely until comprehensive privacy protections are in place.
Other ongoing developments that will impact the documentation requirement on providers are (1) additional transactions for attachments to electronic claims and (2) a doctor’s first report of a workplace injury. Likewise, moves toward standardization of reported examination and treatment information are also expected to impact the documentation burden on doctors.
The Case for Digitizing Documentation
Patients demand fast and accurate access to their records for themselves and their other caregivers. Given today’s technological climate, patients now question why there is such difficulty in having their health records made available to a different doctor, and why they have to fill our the same information again and again.
Because of the increasing demands for documentation, most doctors dictate notes and reports. Dictation is fast, but for the most part, has its own set of problems. Here are just a few:
1) Time — most doctors have to wait for their dictated records to come back thus causing a delay before the records are updated and available for a subsequent patient visit, reporting, or transmittal to another doctor.
2) Cost — both in-house or outside transcription services are expensive. In-house transcription is expensive because of all the costs associated with an employee (wages, insurance, work space, work tools, hiring, training, etc.), while outside services charge by word or by page.
3) Errors — transcription errors are often unavoidable and require proofing that may not occur due to time pressures.
4) Canned sounding notes/reports — the doctor finds himself/herself saying the same things over and over and the documentation can look and sound the same.
5) Doctor’s dislike for dictating mundane reports/notes.
