In healthcare, patient information security and access is constantly evolving. Governmental actions like the U.S. Health Information Technology for Economic and Clinical Health Act (HITECH Act) encourage providers to adopt technology that facilitates sharing health information electronically in an effort to improve healthcare quality through innovations in data sharing technology. The HITECH Act’s emphasis on what it states as “meaningful use,” or the application of available data sharing technology to enforce HIPAA regulations and positively impact patient experience. This definition of meaningful use creates concerns about which software and services to comply with new regulations. Utilizing cloud computing and other mobile access options for record keeping data systems helps fulfill this need and provide compliance with the HITECH Act.
Improved Patient Access
One provision of the HITECH Act is that any facility with an Electronic Health Records system (EHR) must allow patients to request release of their personal record in electronic form. Requests for an electronic version of personal health information (ePHI) over paper fit with public trends of increased use of mobile devices and paperless record keeping. While EHR software now makes allowances for this, not all older software and services have the capability to release their stored information electronically.
Secure mobile computing services are a possible solution. Patient access portals can be provided in user-friendly host systems online. Files can be transferred in a negligible amount of time from the provider’s data system to a patient’s mobile device. Doctor’s offices and hospitals that share hosted space like clouds can have instant third party access to histories at patient request. Most importantly, these services provide Identity and Access Management that allows this swifter, more convenient access without sacrificing security with authentication and encryption methods designed specifically for HIPAA regulations.
Information Sharing with Business Associates
Another change brought by the HITECH Act was more explicit inclusion of third party business associates related to healthcare providers. The Act requires them to maintain HIPAA compliance when dealing with their client’s patients’ information—either personal health information (PHI) or simply personally identifiable information (PII).
With a cloud, the same security measures that cover the healthcare provider in maintaining HIPAA compliance cover the third party—at least as far as information access standards go. This is because both the provider and associates go from building and securing their own sets of files to associates being able to selectively share a single data center. This gives the provider more control over the information available to their third parties, protecting those associates from violations in data maintenance. This is important, considering the HITECH Act requires these business associates to comply with the same violation reporting standards of healthcare providers, as well as administers the same penalties for failure. Healthcare providers who employ systems that work to reduce potential violations have an advantage in contracting vendors.
Additionally, sharing information in this manner provides a more positive patient experience by ensuring more accurate and up-to-date information is available to the vendors when needed, as well as reducing possible errors in information exchange between separate databases.
