We have seen some profound changes to how we administer and record various healthcare transactions – legal compliance, treatment, medication and insurance. For most in the industry, there has been little change beyond legal compliance and others still prefer to maintain paper records to avoid what they feel are complications of HIPAA. Why should you switch to electronic medical record keeping and outsource to Record Grabber?

Lower Cost

Long-term administrative costs of electronic record keeping are much lower. Certainly, you need an IT infrastructure and security protocols, but once implemented, they are very cost effective. An increased volume of paper records is expensive in terms of actual cost, human resources for managing and monitoring and disposal. There is no such cost with electronic medical records.

 

Space

How long you can or should keep records varies from state to state, so storage space is an ongoing issue. Some of the largest healthcare organizations have large warehouses full of documents going back many years, unable to destroy them until the allotted time. Electronic records take up far less physical space than a warehouse as even the largest servers have a smaller footprint.

 

Security Issues

While electronic records are subject to hacks and other electronic security problems, they will not suffer other forms of security breach that affect paper records. With Cloud Storage, natural disasters will not destroy original electronic medical records as they will be backed up in cyberspace. Electronic medical records are generally secure and cannot be lost, dropped or misplaced in the same way that original paper records may.

 

Accessibility

Digital records may be shared by many people at once and when shareable in a suitable format, multiple people may also amend a digital file at once. This is not true of original paper copies. Do you remember going to the school library and finding that they had only three copies of a core textbook and all were booked out? Electronic filing does not suffer from such access limitation.

 

Handwriting Problems

Physicians are notorious for having illegible handwriting and using jargon and abbreviations that may make little sense to the nonprofessional or the administrator. When data is entered as printed text, there are fewer chances for others to make an error in reading instructions. When data is entered wrong on an electronic system, the software will normally flag up the problem and ask the user to make corrections.

 

The debate over whether it is best for a medical, legal or recording keeping organization to hold paper or digital records has a third option. HHR (Hybrid Health Records) presents flexibility for you, your clients and your stakeholders but there are drawbacks to mixing up your record storage types.

What is Hybrid Record Keeping?

Hybrid record keeping is where an organization like Record Grabber opts not for just paper records, nor for just digital, but a combination of the two. This can mean either that some types of record are paper and others are digital, or it means multiple copies of the same record depending on how you structure your files.

Hybrid is a workable standard, but there are potential problems when the system is not handled properly.

 

Advantages to Hybrid Record Keeping

The main advantage to using hybrid sets of record is that you will have multiple outlets for acquiring and storing your records. If one system fails (such as a cloud server breakdown) you will have back-ups (hard disk, paper format etc) with which you can carry on working.

The second advantage is that you can stagger and vary your access. Rather than changing permissions on a digital file where some can edit and others may simply view, the paper backups are ideal for those with fewer permissions. HHRs add flexibility for your organization and flexibility is required no matter how big or small.

Hybrid systems work better for patients. A request for information release is problematic when based solely on paper. When there is an electronic form, it is easier to print while retaining the original document. However, there may be issues if specific information is kept separate as hard copies.

 

Disadvantages to Hybrid Record Keeping

The main disadvantage is that multiple outlets means multiple avenues for data breach. As a professional record keeping organization we would strongly recommend using our service as a primary access point.

The second disadvantage is that it requires more working hours to maintain and access the files. When there are multiple copies of anything, it requires more in the way of resources to maintain. This could put a burden on your employees and your wage bill.

The third disadvantage is in the legal regulation of such files. Organizations need to be aware of their legal obligations in their state or broader Federal requirements. There may be extra criterion against which HIPAA will be judged.

The problem with inactive records is that they take up so much space. You cannot dispose of them until the legally allotted time. Did you know that the overwhelming majority of historic records are never accessed? Those that are generally required just one access. Only a small handful requires multiple use. That is a lot of storage space (network or warehouse). What else could you do with them?

Use a Third Party Manager

The most obvious is that you outsource your record storage and access to Record Grabber. We are a professional service with many years of experience in this industry. We know how long to keep these records and how to manage and store them effectively, taking the hard work of records management away from legal and medical professionals. Our complex method of storage is designed for easy and quick access.

 

Keep Inactive Records Offsite

While you are organizing outsourcing your historic records, you may wish to separate out those that are nearing the end of their life. Anything with a year or less could go in off-site storage. These can include records that have never been accessed and are therefore unlikely to become live again any time soon. Keeping records off-site can be expensive, but it is one way of freeing up physical space in your offices.

 

Organize by Active and Inactive

It may be the simplest thing to store records by date of intervention or by alphabetical order, but this could mean sifting through very old records. It may be advisable to use these divisions, but separate them out into a “traffic light” system of red, amber and green. Green can be the most active, amber as semi-active and red as inactive files nearing the end of their lives. Any color code would be useful, so long as the system is clearly defined.

 

Handling Digital Older Records

If your record keeping system is largely digital, the theories may be the same but the execution different. Depending on how you store your records digitally, you may wish to design a separate program or store them on portable media (such as removable hard disks, flash drives or DVD ROMs). This way, it stops your current database from taking up too much space while making access for live files easier.

 

Storage of inactive files can be problematic for healthcare professionals, legal experts and medical centers, but it is important to remember legal obligations regarding storage of historic records.

Data security can be subject to many pitfalls – misplaced files, leaving documents open on computer screens, poor password choice and so on. Malicious software is another such threat; the last few years has seen the rise of a new one – something called Ransomware. Though it has been around since 2013, the last few months have seen a growth risk to the global medical industry.

What is Ransomware?

Ransomware is a type of malicious software (or malware) that infects systems and restricts the access rights to data until a ransom has been paid. Some types simply encrypt the server data which the user must then buy a decryption key (typical demands are for bitcoins rather than hard currency) while others simply lock the system which the originator then promises to unlock upon payment.

Who is Affected?

Many businesses are at risk but three recent attacks on hospitals have put the global medical industry on alert. The highest-profile case was the Hollywood Presbyterian Medical Center in Los Angeles. The facility declared an internal emergency after a Ransomware infection was discovered in early February. The hospital eventually paid out 40 bitcoins (around $17,000) to reacquire control of its system.

Within a week, Lukas hospital in Germany was also hit. They did not pay the ransom as they had system in place to prepare for such malware attacks. They did wipe the affected systems and restore from backups; this led to cancelled appointments for patients and lost working hours for employees. Titus Regional Medical Center in Texas was another victim in January. The Center called in experts in data forensics to restore their systems; they did not pay the ransom.

Protecting Against Malware

There are simple steps that medical professionals at all levels can take to protect their systems against all forms of malware.

• -Invest in a good security system. Don’t cut corners financially as medical professionals handle sensitive data that require the highest levels of protection under HIPAA
• -Train employees on proper data protection paying particular care to the threats of malicious software and hacking
• -Should the worst happen, you need a back-up system. Regular archives should be kept in case of data loss by other methods – but particularly for malicious hacks
• -Finally, have you considered outsourcing your medical record storage and retrieval? Record Grabber is a dedicated service that keeps up to date records and have a high awareness level of ongoing and new threats to medical data

The HIPAA audit is almost upon us. Health and legal institutions across the country that handle patient records are preparing for a randomly chosen examination of data security policies and details. Record Grabber may or may not be selected for audit, and so will many of the organizations that we deal with every day. If you too are likely to be audited, then we have some simple tips for you to follow to minimize problems.

 

Keep Your Employees Security Training Up To Date

Many data breaches are a matter of human error, and simple errors of judgement at that. In a moment of thoughtlessness, an employee opens an email with malware attached, or fails to lock their computer screen while out of the office. These small incidents make up the majority of data security problems. Ensure your employees understand their obligations on data security and have a refresher course if necessary. It’s easy to become lax when so much else is going on.

 

Keep Your Network Security Up To Date

Whether you are a one-man band or large corporation, you need software to protect your network and the files stored on it against any form of attack. You also need to keep it up to date with the most recent virus signatures and upgrade the software package when it approaches obsolescence. This is an area where you should not cut corners; small companies are just as risk as big companies.

 

Risk Assessment

It is good business practice to conduct a risk assessment for personal safety in the workplace and you should already have one in place for data security. Risk assessments are designed to do exactly what it sounds like it is supposed to do – identify potential risks and problems. How might data be breached? What avenues are there to lose data? What can we do about each of those potential threats?

Breaches are not inevitable, but they are not rare either. It’s important to know what you and your employees should do in the result of a breach – no matter how small or large. As mentioned above, there are simple steps that employees can take to protect data, but even with the best training things can go wrong. A wrongly entered email address, a client changing postal address and you have not been kept up to date, can be considered data breaches. Everyone needs to know what to do.

 

In December 2015, the President signed into law the Cybersecurity Act of 2015. This act passed the Senate in October, cleared the House on December 15 and the President’s office three days later. What does this law mean for our clients? In this article, we present a brief summary.

Source: System Lock by Yuri Samoilov. Under Creative Commons (License Link)

What Is It?

Introduced into Congress in July of 2015, the then proposed Cybersecurity Bill was designed to improve cybersecurity standards across the country. This was to be achieved by enhancing the process of information exchange between private entities and government bodies. It also permits the sharing of information between the U.S. government and technology manufacturers and providers. It is designed, effectively, to create a network of communication for private and public bodies to work together to fight cybercrime and cyberterrorism.

What Does It Do?

The government and its supporters in industry expect that this new law will provide law enforcers and cybersecurity professionals with a number of measures to challenge and combat the growing global threat of cybercrime and cyberterrorism. Several high profile hacks occurred in 2015; the Ashley Madison hack was the most high profile but there were others including UK telephone service provider TalkTalk, the FBI Portal, Samsung and Hilton Worldwide were others.

In some cases, people had their private details made public. When hackers have broken into security systems of companies that hold confidential information, the agency or company attacked has largely been unable to share information due to data protection laws until now. It is incidents like these that Congress now believes government agencies and private business now have the tools and the power to prevent.

 

How Will It Affect Your Records?

Concerns have been expressed about this law regarding citizens’ privacy. It will not compromise data that we hold on behalf of our clients, but enables us better protect it. The Cybersecurity Act of 2015 permits private organizations and government agencies to share indicators and details of data hacks. Previously, we could not do this as just as the data itself was protected, so was the process of accessing the data. The law commonly known as “The Wiretap Act” prevented the release of this information to anybody.

We believe that this new law that gives us ability to share this data with the US government and other private organizations will lead to improved standards in the industry and communication between government agencies and private industry.

Harder than walking the high wire between the former World Trade Center’s twin towers is hip hopping through HIPPA to get hold of medical records.

A patient walks into a doctor’s office for the first time or winds up in the emergency room. Even if it’s for a routine checkup, what patient isn’t a bit on edge. And there’s added stress if a patient has a mild case of hypochondria. When the patient arrives, he or she is handed a clipboard with page after page of questions and forms to fill out. If a patient is like me, they don’t keep track of every procedure, ailment, and allergy they’ve had. They don’t keep track of the dates of their inoculations and their yearly flu shot (if they get one). Sure some people are always prepared and bring every tidbit of their medical history with them wherever they go, but that’s not the norm.

After they’ve gone through the long detailed questionnaire, they come to the consent forms and lastly, the HIPPA form. While there are no statistics available, I’m willing to bet that a patient views the HIPPA one of three ways: Without much thought, with too much thought and by rote. All three have the same outcome, essentially.

Without Much Thought

Even if one is paranoid, some folks, particularly the young and the healthy, really don’t give thought to who will have access to their records. Why should they? They’re more concerned about their lives, their careers, their social media accounts; not future medical complications that might arise. When they come to their HIPPA form they may most likely give permission to the first person that comes to mind at that moment.

With Too Much Thought

Then there’s the patient who gives too much thought to whom they will permit access to their records. They’ll run through the list of those close to them who they believe can be trusted and weigh the pros and cons of each person, finally settling on one or several persons they are ‘certain’ have their best interest at heart.

By Rote

Finally, there’s the seasoned patient who has the process down pat. This patient assigns HIPPA permission automatically. Most of these patients have ongoing medical conditions, long term partners and/or living wills.

Not Etched in Stone

Life is a crap shoot the outcome of which is seven, eleven or craps and not etched in stone.

As I mentioned above, these three methods of assigning permission have the same outcome. HIPPA is ETCHED IN STONE and as such is designed as a heavy, cumbersome law whose tenets can cause an immovable barrier to retrieving medical records for both the patient and the patient’s loved one who may have been overlooked on the many HIPPA documents a patient signs over the course of their life.

What’s not etched in stone are the lives of people. What if the patient or their assigned HIPPA proxy(s) move away, end their friendship or relationship, become a bitter enemy, file for divorce, die from natural causes or from Force Majeure? Those and the infinite other scenarios shatter the tenets of HIPPA either making it impossible to retrieve medical records or granting access to people who the patient deems should no longer have access to their medical records.

What patient keeps track of every HIPPA form he or she fills out? Let’s say there’s a divorce and it gets messy. The plaintiff (or vice versa) probably has access to the medical records of the defendant who may not want the plaintiff to have, yet the defendant may not remember every HIPPA for granting permission and the plaintiff now has ammunition against the defendant whether or not warranted.

What about all the other scenarios that can rear up and shatter the tenets of HIPPA?

The Professional HIPPA Dancer

Record Grabber is in the business of record retrieval and storage with an emphasis on medical record retrieval. While our main clients come from the legal, insurance and medical professions, Record Grabber is equally useful for the patient. Not only can Record Grabber retrieve all your medical records but we keep them stored digitally in a high security encrypted ‘vault’ that’s accessible 24/7 from anywhere worldwide.

Get to know us and the wealth of low cost cloud-based, retrieval services Record Grabber offers you. Take a couple of minutes to go through our website, www.recordgrabber.com. Then, sign up to become a professional HIPPA dancer. If you’re still not sure of the choreography and have more questions, email us at info@recordgrabber.com or phone us at (877) 800-1147.

Everything we do, from the method of storage to how our employees interact with data and take adequate step to ensure it complies with our obligations, is about protecting sensitive legal documents and patient information. We comply fully with HIPAA (Health Insurance Portability and Accountability Act) of 1996.

What Is HIPAA?

Passed by Congress in 1996, it specifies a number of issues on healthcare provision, covering such issues as what would happen in the result of a person losing their job, tax and administration. The Privacy Rule specified standards on how both hard copy and electronic data should be protected. In 2003, the Act was modified to include specifics standards for electronic data protection (The Security Rule), and it is this element of HIPAA that is most relevant to what we do. The Privacy Rule and Security Rules together define the legal obligations of all entities handling, collecting and storing patient data.

 

Legal Obligations of HIPAA

Information that is covered by the Security Rule and the Privacy Rule include:

• Any al all confidential information shared between medical professionals, or between any legal party, insurance provider and healthcare professional

• Conversations, including hard documents and emails, that any doctor has with any patient about treatment and care

• Any information stored in the computer system of insurance companies that pertain to patient care and health provision

• Billing information and details on financial transactions regarding a patient’s healthcare

• Any other information about a patient and his or her medical care that is held for any reason by others who are require to follow HIPAA, including legal and government entities

 

Information on Data Storage and Protection

All organizations covered by these Rules of HIPAA are required to put safeguards in place that protect highly sensitive information about health and healthcare provision. They are required to limit access to employees on a “need to know” basis in order to maximize compliance with the Rules. Access to patient records and legal documents should be treated with the utmost security to ensure continued protection.

Adequate steps must be taken to protect data from electronic attack or “hacking”, and bodies are also required to train employees in the proper handling and protection of data – to retrieve only necessary data and in of the proper disposal. Records must not be removed from designated areas and from buildings under strict guidelines on protection.

That persnickety E. Coli is on the attack again.  This time those little bacterium are attacking Chipotle Mexican Grill and their customers in six states—so far. 43 people and counting have contracted E. Coli 026 and the CDC is still hunting for the source of contamination. The only solution: Either avoid Chipotle Mexican Grills in the affected states or all together until the CDC determines the source of contamination.

Overshadowed by the Chipotle Mexican Gill high profile E. Coli 026 outbreak is the ongoing outbreak of Salmonella Poona linked to imported cucumbers from Baja. Wonder if the proposed wall would stop them.

So far, Salmonilla Poona has killed four people and sickened 838 people in 38 states. Voluntary recalls were issued by the wholesalers and most of those cukes were removed from store shelves and restaurant kitchens.  Nonetheless, salmonella contaminated cucumbers may still be in circulation in grocery stores around the country since the USDA’s Food Safety and Inspection Service did not order the wholesalers or retailers to recall the imported, contaminated Cukes.  The only solution to the outbreak: toss your cucumbers and replace them with cucumbers grown in the U.S.A.

Obviously, these aren’t the first E. Coli and salmonella outbreaks, nor are they the last.  At RECORD GRABBER, we monitor the CDC and other info sources for all consumer health issues, including global outbreaks, constantly.  We are devoted to and involved in rapidly collecting and processing medical records for patients affected by past E. Coli, salmonella outbreaks of contaminated food products and outbreaks of life threatening diseases and procedures.  Our rapid retrieval and vetting of medical records are critical for both patients and their representative law firms, ensuring complete understanding of the outbreak and subsequent illnesses and consequences, along with ensuring transparent and impartial access to the primary evidence: the medical records.

When your law firm finds itself representing a party in a food-bourne illness case, Count on Record Grabber to be your medical records partner. On low and high volume, and low and high profile cases, our experience and success is unmatched and our turnaround time for production of records is the best in the industry.

Have questions and/or want further information about record retrieval and RECORD GRABBER’s complete set of services, please contact us at info@recordgrabber.com.

 

Sources:

http://www.cdc.gov/salmonella/poona-09-15/index.html

http://www.cdc.gov/ecoli/2015/O26-11-15/index.html

http://www.reuters.com/article/2015/11/21/us-chipotle-mexican-ecoli-idUSKCN0T92PV20151121

A Juggernaut of a Headache

What’s not to love about modern medical record retrieval? All those forms to fill out. All those hospital gatekeepers to cajole just to get to the administrators who hold those medical records hostage.

Then of course, there’s starting the process and your client supplying you with inaccurate or incomplete information and documentation on their authorization just to add to the mix, sending you to that bottle in the bottom drawer of your desk or to the Advil if the bottle is empty.

We all know the healthcare industry is an immense juggernaut powered by providers and patients. Medical records and associated documents log the juggernaut’s immense powertrain. Without accurate patient data on treatments and personal wellness, chaos ensues even though this immense powertrain plows on.

Moreover, accurate data are not guaranteed with all the additional work required to handle HIPPA compliant private health information. A single keystroke or dyslexia at any point in the process can stymie a request for medical records and send you back to square one. The legal process is long enough to begin without the added hassles of going through the chain of health professionals, repeatedly. What client wants to hear all those reasons and legitimate excuses delaying the resolution of their case? And, what about your practice? Word of mouth referrals are an important factor to a successful practice and those legitimate delays could be perceived as incompetence or milking the client on your part. If the client is angered over delays, it’s safe to assume in our social media driven age, your practice will suffer.

The Best Option

So to free your practice from this quicksand of medical record retrieval, why not seek assistance from a third party business associate or better yet, partner with one. Third party associates perform a variety of functions while gathering medical records.

• – Follow up with providers

• – Pay invoices

• – Review all documents

• – Organize all documents

• – Digitze all documents

• – Store all documents

A third party partner has established relationships with health professionals and because they are not a legal practice that the health provider’s staff may view as an adversary, gathering those records goes smoother.

And then there’s the technology and changes in the health industry or changes in procedures by individual healthcare providers. Not every practice is in the position to purchase or subscribe to the latest technologies that are ancillary to the practice’s core requirements. Nor are they able to keep up on the current state of the healthcare industry. Even for those practices that can afford these technologies, they are not cost effective and negatively impact a practice’s ROI as would a dedicated staff to follow the industry. Whereas that third party associate or partner, whose sole purpose is to request and gather documents and medical records, at the very least will have the latest technology or have their own proprietary technology and would be current on any changes no matter how insignificant.

Outsourcing and/or partnering with a third party that’s as dedicated to their practice as you are to yours will eliminate most if not all those delays and legitimate excuses associated with document gathering. With that extra time saved, you’ll be able to increase your client base or get in a few more rounds of golf. What could be finer than receiving glowing reviews by word of mouth and on social media about your speedy, excellent, reasonably priced service from your former and current clients?