As you are a medical professional, we will assume you would rather spend more time working with patients than ensuring your compliance with data protection. Although there are many basic things you can do to ensure compliance, since the Federal Government decided to take a proactive role in ensuring that organizations comply, it’s not as simple as it once was. You may fall into some of the traps below without due care.

Not Keeping Ahead of the Curve

Standards and requirements are under constant review thanks to changing technology and a desire to keep up with compliance standards. If you do not subject your procedures to constant review in line with legislation, and do not keep your employees up to date with their obligations, you could be falling foul of HIPAA compliance.

 

Who Can Access The Data?

Standards slip when we do what is convenient, ignoring what is not legal. To cut corners and speed up the process, do you allow clinical staff access to patient records? If so, you could be breaking the law. Only those who need to know information about a patient should be permitted to interact with it. This excludes most clinical staff who are, in some cases, allowed access to confidential data by busy employees.

 

The Water Cooler

Similarly, there have been cases of employees discussing confidential information around ears who have no need or right to hear it. This can come in the form of office gossip or using an inappropriate space (such as an open plan office) to discuss sensitive information. This is a violation of that patient’s confidentiality and right to privacy on personal data. Such information should be strictly “need to know” and discussions should take place in appropriate places.

 

Failing To Appoint a Compliance Officer

Many do not understand that medical practices are considered “non-compliant” should they fail to appoint a person to oversee security and privacy. These two titles can come under the remit of a single person. This person’s role is to ensure compliance, development and maintenance of the systems. Typically, the person appointed to this role is a Business Manager or equivalent.

 

Poor Encryption

It is inconceivable to us that an organization that works with sensitive data may use inadequate or no encryption, but there have been recorded cases. This is a serious violation of HIPAA and goes against every recommendation on data protection and patient confidentiality. Good encryption ensures maximum protection against potential hacks.

How long Record Grabber, or any organization concerned with sharing, storing and protecting patient medical records may keep such files, is not as simple as one might think. There are legal requirements of a minimum amount of time, but there is no maximum amount of time for storage, and there are benefits and drawbacks for keeping them longer.

HIPAA does not specify how long organizations should keep records beyond the minimum, it does state that new and old records are treated with the same safeguarding provisions.

What is the Legal Requirement?

Record Grabber is legally bound to keep records under the following conditions pertaining to diagnosis, treatment and after-care:

• Seven years from the date of the record of last treatment if the patient is still alive
• Three years after the death of the patient
• For minors, when the patient reaches the age of 21, or after seven years, depending on which occurs first
• Hospitals are obliged to keep records for 25 years following treatment but as we are a Record Service, we are not bound by this

Seven years is a good rule of thumb and many providers will destroy records when that legally required time is up. There are some exceptions though. ECGs and EEGs may be discarded prior to the seven years stated above if there is no change between the most recent and the previous record. PKUs and lab reports must be kept for no less than five years; x-rays and other images may be discarded after just three years.

 

Advantages to Keeping Records Longer Than Minimum

Keeping records for more than the obligatory seven years can help maintain record integrity and the “full picture” of a person’s diagnosis, treatment, insurance or legal proceedings. Sometimes, conditions and treatments are related and having all information available can help a legal case or course of treatment run smoother.

 

Disadvantages to Keeping Records Longer Than Minimum

The first issue is one of security. The longer a record is kept – digital or paper – the longer there is a security risk to those records. The second issue is one of space. Paper records take up a lot of space and will require larger warehouses over time. For digital records, back-ups can take longer and will take up much more space on the network drive; this is also for records that are highly unlikely to be required after so long.

 

There are many reasons for why healthcare organizations might refuse to outsource their record keeping and storage. One of the most pervasive is to get more people or organizations involved to increase workload in an already complex and busy work environment. This is not true. If anything, Record Grabber will save labor costs and reduce workload. Streamlining your medical record retrieval process is simple.

 

You Have Fewer HIPAA Worries

One of your biggest constraints is ensuring that your employees keep up to date on their data protection responsibilities. You spend less time on training, updates and internal memos to ensure that employees realize what they can and cannot do. When the number of people able to access data within your organization is streamlined, you have fewer worries and therefore expend fewer resources.

 

Less Non-Profitable Administration

There are many, broad administrative costs when you handle your record keeping and storage in house. Some of which you may not have even considered: storage space, employees to work in the archives, the lengthy process of destroying old records, management and filing. This takes your employees away from other tasks that make your business money.

 

Utilize your employees time properly

When you don’t outsource, you will often find the workload increases exponentially. This can put stress and strain on your employees which reduces their job satisfaction. It’s not just about the amount of work that each employee must do. The wage bill is often the biggest expense for any business. You need to consider whether your business has taken on more work than it can realistically handle. If not, then outsourcing with Record Grabber can ease this burden.

 

Reduces Server Workload

Your IT employees need to keep up with legislation on HIPAA, security protocols and implementation. They will also need to keep increasing network space and monitor issues with mobile devices. As records increase, this will increase their workload too. By outsourcing, you can reduce this burden for your front line IT support employees.

 

Streamlining is About Workload, Not Cost

Businesses all over the world have become conscious since the last economic downturn. Their need to better utilize their workforce has increased. Discarding unnecessary work is as important as keeping the salary bill down. While the work of record storage and retrieval is vital, it is not necessary for businesses such as yours to do it all in house. There are significant cost and resource savings that can be made easily and quickly.

 

Productivity awaits. Streamline your medical record retrieval process!- Record Grabber

 

 

Clients turn to Record Grabber for many reasons. While concern over falling foul of HIPAA is one, others feel that the risks of data breach vastly outweigh the benefits of in-house record storage.

 

Unlocked Electronic Equipment

Arguably, the most common form of data breach anywhere is leaving electronic equipment open and unlocked. When this happens, anybody can access the data. Instead of following protocol and locking their screens (pressing CTRL ALT DEL and then LOCK SCREEN), some employees simply leave the screen open when leaving for no more than a few minutes.

 

Poor Password Choices

Every one of us needs passwords for everything and it can be a chore in itself to remember all of them. Contrary to most advice, employees choose passwords that are not just easy to remember, but easy for others to guess. Other problems include giving passwords to others. Once another person has a password, they have instant access to information and a data breach occurs.

 

Downloaded Malware

This problem is still common although its nature may have changed in recent years. Those who seek to steal your information have adapted to a user base with greater awareness. Whereas it used to be .exe files almost exclusively, today they are embedding malicious macros in .doc, .xls and .ppt. They also compile official sounding emails requesting information and referring to files for an upcoming meeting.

 

Stolen / Misplaced Equipment

It is every employee’s nightmare: leaving a laptop, tablet or smartphone on public transport or in a coffee shop. With the rise of digital working and cheaply available technology, the risk of technology containing sensitive information lost, misplaced or stolen has increased exponentially. This leads to poor publicity when found and loss of critical data that could get into the wrong hands.

 

Changed Permissions

One surprising cause of data breach is employees who no longer require access to the data still having access. Employees who move departments or leave the organization no longer need access. However, it can sometimes take a long time to remove their permissions, rights and account. During this time, they are still able to access that data – or anybody else with access to their files.

The Solution: Outsourcing with Record Grabber

No matter how tight your processes and aware your employees are, problems are likely. Only by outsourcing to a premier service provider such as Record Grabber can you minimize these issues. Reduce HIPAA violations and lost sensitive information.

Find out more about Record Grabber Here.

2016 was a year of changes for HIPAA. We saw massive government involvement and a crackdown on violations. It has been nearly a decade of development, tough action and scrutiny. What can the medical profession and legal organizations expect in 2017 from the new administration regarding HIPAA? This information is crucial, especially if you are retrieving medical records for your case.

 

2016 Was Showmanship

Many analysts suggest that 2017 will not be as intense as 2016 in terms of investigation and crackdown on violations. The outgoing administration was clear on data protection and personal privacy. The new president and his administration have not yet clearly defined its intentions with regard to healthcare data protection. However, the positive work of the last government is expected to continue. President Trump’s pick for HHS is Tom Price – a member of the House of Representatives and a physician who supports the development of data and information technology. Price’s stance on HIPAA privacy protections is not yet clear.

 

2017 May Bring a New Director – Or Not

Jocelyn Samuels stepped down as director of OCR at HHS before the inauguration of President Trump. HHS is now in a transitional period with Robinsue Frohboese in an acting role. Few expect that this position will be filled quickly. This also suggests a HIPAA compliance program that is not as intense as it was in 2016. Until a new permanent director is found, full compliance is expected and organizations in all areas subject to HIPAA should not allow standards to become lax.

 

Will HIPAA Audits Become Permanent?

Despite the change of administration, the government departments responsible for healthcare and data compliance expect to push ahead with the policies in place over the last decade. There is a keenness to show that the government is being proactive in protecting healthcare data. There is an equal desire to continue using audits as a measurable way of determining compliance. Although the examination is likely to be less broad in scope in 2017, we do expect the HIPAA audits to become permanent – if not this year then certainly in 2018. This may cause delays in the medical record retrieval process.

 

Record Grabber for a Smooth and Seamless Transition

Now may be the right time to outsource your record keeping and storage before any new directorship is appointed and before any new HIPAA changes are implemented. The change of a new administration does not mean that non-political issues such as data protection and healthcare fall by the wayside.

If you’re considering your options for outsourcing your record storage and medical record retrieval, there is no better time than now. We keep up with all the ongoing legal changes and can ensure a smooth transition for clients.

Record Grabber for your medical record retrieval

One of the drawbacks with medical record retrieval and  technology is that it becomes obsolete too quickly. Ten years is a long time in technology terms. This is why so many organizations within the medical and storage industry choose to use only paper. Is the belief that technology goes out of date fast preventing you from outsourcing your medical records storage?

Five Ways Outsourcing with Record Grabber is a Future Proof process for Medical Record Retrieval

No Need for Technological Upgrades

The cost associated with the overhaul of your in-house system can be immense. It is also disruptive, potentially for days. It is not just the financial cost of ensuring that your technological framework is sufficient, it is also logistically expensive. With Record Grabber, you do not need to worry about this disruption or the expense. We consistently invest in the most up to date technologies to deliver you an efficient medical record retrieval.

 

Record Grabber Adapts to HIPAA

Whether you keep paper or electronic records, HIPAA is a potential minefield. With constant change and new standards always in development, you need the infrastructure and human resources to keep up. Your comprehensively designed system, as thorough and as secure as it is, may become obsolete in a matter of days. Logistically, this can put a lot of strain on your resources and your medical record retrieval process. Record Grabber can handle the hard work.

 

Cloud and Mobile Proof

Cloud technology and mobile internet are here, now. In a fast-paced ever-changing world of legal medical record keeping. They are the future. Paper records are all but obsolete; old style electronic servers are giving way to the technologies of tomorrow. Cloud and mobile technology are future proof and with platforms designed with flexibility in mind. Now is the best time to move to outsourcing for your medical record retrieval.

 

Security is Future Proof

Methods of file encryption and other security protection methods that concern the mechanics of storage will also become obsolete as old threats become extinct and new threats emerge. Our ongoing system of protection, which is both HIPAA compliant and anticipates future changes, is the best system of protecting your records now and for whatever technologies will emerge tomorrow.

 

Keeps Up With Medical Requirements

We define “future proof” as something that is sufficient for the needs now but will not become obsolete with anticipated fundamental shifts in technology for tomorrow. The modern medical profession, no matter where they work, needs a system that works for them to help them deliver the medical excellence for which they strive. “Keeping up and staying ahead” is what we all need as we go through some big changes.

 

Record Grabber Website

 

Ensuring we keep electronic medical records secure is one of the major challenges that we face when talking to potential customers. Since the Federal government began encouraging health providers and insurance companies to go digital, the need for outsourcing has grown rapidly. Yet there are several myths persisting about the quality of outsourcing and keeping medical records secure.

 

Record Grabber Was Prepared

We anticipated the move to electronic medical records and prepared for it. Although the expansion has been fast, it has certainly not been a chaotic rush to digitize. Certainly, quality varies amongst our competitors but as a rule, safety and privacy in a digital world is in a much better place because of this greater reliance on digital technology and the Cloud. Our Cloud technology that allows you easy access to necessary files also protects them from the malevolent aspect of the online world.

 

Record Grabbers Knows the Legal Obligations

We are based in the USA. This means that we are fully up to date on Federal and State regulations and law such as HIPAA. The move from paper storage to digital storage enacted in ARRA forced many organizations into converting their paper to digital storage in-house in a quick time frame. This may have created problems at source – problems that organizations wrongly assume also exist at third-party organizations such as Record Grabber.

 

Hacking Breaches Aren’t Common

While any security breach of a person’s medical data is a massive concern to everyone involved, it’s important to recognize what a rare occurrence such an event is. Most security breaches are a matter of human error, not errors in the system. Our employees are trained to the highest standards in data protection and in identifying potential security breaches. On top of that, we have some of the highest standards and effective security protocols in the world.

 

Security Flaws are More Common In-House

As discussed above, the most common security breaches are a result of human error. These problems are not the result of remote hackers working their way in through electronic systems. Instead, it is simple errors including: leaving screens open for anybody to see, failing to lock an electronic device, mislaying electronic devices and insufficient security protocols. The most widely discussed HIPAA breaches have not been record storage and retrieval companies, but hospitals, clinics and others opting to work in-house.

We understand that those who work with records directly are not always the people tasked with making big decisions. Consequently, they sometimes don’t always understand the non-financial costs and other problems associated with handling these paper records in-house. The benefits of electronic medical record outsourcing completely outshine the negatives.

 

It’s Future Proof

Electronic medical record storage and retrieval used to be the exception rather than the norm. It used to be seen as a luxury service. On both counts, that is no longer the case. Electronic filing is not an unnecessary expense, it is a way of future-proofing an organization for any legislative or procedural changes. It is also adaptable to any future changes and the Federal government continues to offer incentives for moving to electronic records.

 

Compliance is Easier

The legislation surrounding medical record keeping and retrieval is complex. Yet moving to an electronic system makes it far easier to comply with state and Federal laws. Why? Because when you outsource to a third party like Record Grabber, we are duty-bound to ensure that our systems not only comply with the law now. Not only that, but put safeguards in place to ensure that the system continues to comply. No matter what changes come up next, it’s a swift and simple solution with minimal interruption.

 

It’s a Simple Process

There is still the mistaken perception that moving from an older, time-consuming and complex system as paper storage to electronic is difficult and time-consuming. Nothing could be further from the truth. Electronic record keeping will take time, but once in place the amount of time saved will vastly outweigh any initial disruption. We understand the concern and anxiety associated with switching to electronic systems, but we have been doing this long enough to make it swift and easy.

 

Improved Patient Care

Who doesn’t want to devote more time, energy and resources to improving care of patients? Old style paper record keeping slows down patient care and diverts resources away from front line treatment. Even for those working in law, cases are not as quickly resolved when using older and slower systems. If everybody switched to electronic record keeping, it would provide critical improvements to patient care at every level.