Background & Challenges
“We had no idea where our compliance posture stood, or how much of our daily practices were already in compliance. However we did know that we were not in compliance as much as we should’ve been,” said Donnell, office manager for Internal Medicine Associates of Memphis, Tennessee. This is not an uncommon view among small medical practices nationwide. HIPAA data privacy laws coupled with HITECH security rules and enforcement is complex and foreign to most offices. These small businesses are not blessed by the deep pockets or internal IT resources enjoyed by larger clinics and hospitals to fund and obey HIPAA compliance standards. In most cases, outside consulting firms are hired, charging tens of thousands of dollars to ensure that hospitals receive the training and directives they need to stay in compliance. Not so for most small medical practices.
Electronic health records (EHR) systems have certainly made management of confidential patient records easier in some respects but not necessarily more secure. The federal government is also encouraging the deployment of EHR via a program of monetary incentives that follow guidelines set out by “Meaningful use” practices. Offices that have not implemented EHR are not qualified to file for these incentives. The pressure is on for all medical practices regardless of size, to upgrade to EHR. “The sad reality is that, like many offices our size, we are still using paper forms,” said Donnell. “We have paper records that are 10-12 years old that can be difficult to find because nothing is online.” With three full-time primary care physicians and nine employees, Internal Medicine Associates of Memphis was facing a high degree of risk and potential fines for noncompliance.
Aegify RSC Suite: a HIPAA Solution to the rescue
Fortunately, they turned to David Altizer, vice president of SOS Systems of Memphis, to cure their ailments with a HIPAA compliance solution and set of best practices. Immediately, SOS Systems, a Managed Compliance Provider (MCP) partner of Santa Clara, Calif.-based Aegify, rolled up their sleeves and began putting into action a HIPAA strategy. Starting with an evaluation to assess needs, SOS used the native templates available in Aegify’s RSC Suite solution to set up policies and automate procedures, thus helping to manage a decade’s worth of patient records.“We started with nothing, and SOS thankfully provided all the documentation we needed,“ said Donnell. “We scanned into the system hundreds of patient files. Using Aegify RSC Suite, we performed an assessment that instructed us how to proceed with aligning ourselves with HIPAA compliance. We could browse and click and see where things had to be. SOS trained us on using Aegify RSC Suite and explained how and where we needed to be compliant.” Donnell also realized that following HIPAA best practices would also lead to running her medical office more efficiently as a business. With the help of SOS Systems, Donnell could rest assure they were on the right track. “We promised to do whatever it took to get compliant. The last thing we wanted was to deal with a fine,” she said.
Results of using Aegify RSC Suite
Donnell found Aegify RSC Suite easy to use and deploy. “The web-based system simply asks a lot of questions, like a multiple choice test. We selected the answers and then attached the appropriate document to update and prove compliance.” “The system gave me confidence that policies and procedures were being followed, and that patient records were being managed successfully.” “We enjoyed working with SOS Systems and did not consider using another service provider. They have been very helpful. This was our first working experience and we are satisfied with the results,” said Donnell.
Conclusions: quick deployment, easy to use, a business-saver
“The Aegify RSC Suite solution was self-explanatory from the get-go. I figured that if I could use it, then anybody else could, too. Soon enough, I found myself conducting the assessments alone without any help,” admitted Donnell. “The whole process took less than two hours, and that included attaching documents, proving compliance, and completing the entire process.” “Wherever we needed guidance, SOS stepped in to help. Regarding HIPAA, we now have peace of mind. SOS has been a true life, or rather, business, saver.”