HIPAA Compliance – HIPAA Security Compliant Software

Stressed about HIPAA compliance? Don't be.

AdvancedMD provides headache-free HIPAA security and privacy compliance for your practice management software system. With AdvancedMD software, you'll have complete peace of mind knowing that all your transactions are fully HIPAA compliant and secure.

Our software solution seamlessly incorporates HIPAA compliant security and privacy measures as well as transactions into a practice's workflow. And, more importantly, HIPAA compliance is built right in to the practice management software — there are no extra charges for HIPAA security compliance upgrades.

AdvancedMD software is prepared to help you meet all of the requisite transaction, security, and privacy obligations of HIPAA with as little hassle as possible. If you are a client or prospect and would like more information about this powerful software solution, please contact our Sales or Customer Service teams to learn more.

Transaction Sets

As of October 16, 2003, all electronic claims and related transactions were required to be compliant with HIPAA designated security standard ANSI formats. AdvancedMD's software currently handles all of its supported electronic transactions in compliance with HIPAA.

Professional Claims (ANSI X12 837P): AdvancedMD's eClaims service uses HIPAA certified clearinghouses to submit compliant 837P claim transactions to all supported payers. AdvancedMD also takes responsibility for transmitting the data using HIPAA compliant secure file transfer mechanisms. In addition, AdvancedMD allows a Claredi certified 837P file to be downloaded for our clients to submit on their own through a third party gateway. (Note that this downloaded file is certified to national standards; specific payer requirements may vary.)

Electronic Remittance Advice (ANSI X12 835): AdvancedMD's eRemittance service processes HIPAA security compliant 835 remittance files (electronic EOBs) from payers through our partner clearinghouses. The automatic posting of payment data improves accuracy, reduces data entry costs and results in more rapid sending of patient statements.

Electronic Eligibility Inquiry (ANSI X12 270/271): AdvancedMD software offers single-source online eligibility checks for virtually every payor offering this service. Imagine how many denials you'll avoid by pre-checking insurance eligibility!

HIPAA Security Compliance

Effective April 2005, HIPAA now mandates security measures to (1) physically AND electronically secure electronic protected health information (PHI) against unauthorized retrieval, (2) reliably store the electronic data, and (3) provide for emergency access to the data. AdvancedMD already has systems in place to meet these stringent security requirements — all while significantly reducing the security burden on your office and staff.

Consider a traditional software system, with a server and data right in your office. Under the new Security Rule, you'll be responsible for HIPAA security compliance: protecting your computer-stored patient data from both physical access (break-ins, disgruntled employees, etc.) and electronic access (firewalls, complete network and user security, etc.) This presents a great challenge for small and large practices alike, on top of the regular headaches of managing backups, software installs, and more. Then add backup and reliability issues, considering that some 40-50% of all in-office tape backups fail to restore properly. It's a nightmare waiting to happen.

AdvancedMD software offers a full-service secure and HIPAA compliant data management software solution that removes all of the above hassles and enables much easier HIPAA compliance for your office at the same time. We store all of your electronic data in a world-class datacenter facility that features 8 levels of security measures, including biometric access, bulletproof glass, 24-hour monitoring and patrolling, locked server cages, state-of-the-art firewall protection, and NSA-approved procedures and policies.

In addition, AdvancedMD software also provides a robust 3-level backup system that gives you peace of mind regarding your backup and disaster-recovery planning. Your data is backed up securely approximately every hour, with out-of-state secure copies stored every night. Every backup is also verified to restore correctly.

Other tools AdvancedMD provides to assist you in your HIPAA Security Rule compliance:

• Secure transfer: AdvancedMD uses powerful SSL 128-bit encryption software to safeguard the electronic transfer of all data — the same level of security as bank and Federal transactions.
• Automatic logout: The Security Rule includes requirements that users be automatically logged out after a period of time, to prevent unauthorized access of patient records. This feature comes standard with AdvancedMD software.
• User logging: AdvancedMD automatically tracks all users logging into and out of the system for reference by a system administrator.
• Audit trail: The software permanently tracks any changes made to PHI, so those changes can be reviewed at any time by a system administrator.

Privacy

Privacy regulations protect the confidentiality of the patient's individual medical information with respect to others. These privacy regulations apply to all PHI — paper, verbal and electronic. Once any information that may reveal a patient's identity is added to a document and that document is stored or electronically transmitted, the security and privacy provisions are in force.

AdvancedMD offers some key privacy tools for our clients:

• User roles: The software restricts access to PHI based on administrative rights and user roles, so that the electronic information is revealed only to those whom you authorize.
• Consent: AdvancedMD provides a set of helpful patient consent management tools, including electronic form storage and automated reminders.

In addition, as a Business Associate of our clients, AdvancedMD is allowed access and use of PHI only as necessitated to deliver our contracted services to our provider clients. This includes HIPAA compliant secure storage of patient data, and access to that data as needed to perform support and consulting services requested by our clients. Our in-house support teams have strict guidelines and policies on confidentiality of and immediate destruction of PHI, once the specific support or consulting service is complete.

Our HIPAA Relationships

Medical providers are, of course, designated as "Covered Entities" under the regulations. Those covered entities are responsible to ensure that their agents and business partners meet certain obligations with respect to privacy and security. Such parties are designated as "Business Associates", and the provider generally will have a "Business Associate Agreement" with those parties to ensure those obligations are met.

A practice management software company like AdvancedMD is typically a Business Associate of our clients. As such, we consider ourselves to have four primary responsibilities:

1. Ensure that we thoroughly understand HIPAA regulations and relationships.
2. Provide software and services that help you comply with your HIPAA obligations (and meet our Business Associate obligations to you).
3. Assist our clients in entering into standard Business Associate agreements with us
4. Ensure that our agents and business partners use systems and processes that are consistent with the Business Associate obligations we have to our clients.

While AdvancedMD is responsible for ensuring that our partners conform to our Business Associate obligations, our client providers may wish to establish direct Business Associate agreements with claims clearinghouses accessed via our software (because the providers enter into direct business agreements with them). This option should be reviewed by each covered entity with their HIPAA legal counsel.

AdvancedMD software includes a Business Associate agreement as part of its standard Terms of Service for all clients.

As the HIPAA security compliance regulations continue to change and various deadlines arrive, AdvancedMD will continue to lead the way in providing the best tools to help you meet your HIPAA obligations.

Links to Additional Resources

• HIPAA.org
• Final Transaction Rule
• Final Privacy Rule
• Final Security Rule (PDF format)

HIPAA is a very detailed piece of legislation, and the information presented here should not be considered a legal opinion. The reader should consult legal counsel to obtain a legal opinion or other information required by their individual circumstance.