In order for the hospital to maintain the highest quality of service for all, compliance with the federal Health Insurance Portability and Accountability Act (HIPAA) of 1996 is crucial. HIPAA provides specific guidelines that assist patients and health care providers with insurance issues, confidentiality concerns, and in controlling costs of administration. HIPAA is divided into three sections. These sections include Portability, Administrative Simplification, and Privacy. Portability helps patients to maintain insurance coverage when transitioning between jobs. Administrative Simplification protects privacy by setting standards for “receiving, transmitting and maintaining healthcare information” (Dreyzehner, n.d.). Privacy provides protection to individuals of their personal health information. This proposal request offers the chief concerns of the hospital in seeking a vendor to maintain its security, compliance, and regulatory criteria equal to or better than the standards required by HIPAA.
Privacy protections and maintaining electronic health records are important in order to improve health and health care services. This is to ensure that patients’ interests and dignity are protected (Dreyzehner). Maintaining Electronic Health Records (EHR) can benefit an individual, especially when there is a need to access new therapies, physicians, and treatments that would improve patient care. EHR information consists of patient demographics, medications, immunizations, vital signs, progress reports, and medical history, among others. EHRs are vital because they help in streamlining medical workflow, reduce costs associated with making sure essential patient data can be shared between the patient’s physicians and providers, and facilitates quick response from the patient’s insurance. When health records are easily accessible to patients, providers, and insurance, this means that the latest information is available quickly to pertinent parties and can also assist in patient participation, education, and outcomes.
In order to maintain the standards required by HIPAA, the hospital must work in tandem with the vendor to initiate a quality improvement initiative. It is vital that this initiative incorporate people at all levels of the health care system, including patients, patient families, health care professionals, researchers, planners, payers, and educators (Batalden & Davidoff, 2007, p. 2). As Batalden and Davidoff write, “Although all improvement involves change, not all changes are improvement . . . we need to be sure that the changes we make systematically incorporate generalisable scientific knowledge” (2007, p. 2). In other words, all aspects of the quality improvement initiative must rely on the scientific research and recommendations offered by multiple disciplines including but not limited to sociologists, computer scientists, biologists, and economists. Where studies lack, they should be initiated. Involvement at all levels all of the time in the initiative are crucial because “better health outcomes, better care delivery and better professional development are inextricably linked” (Batalden & Davidoff, 2007, p. 3).
Issues that must be addressed in a Request for Proposal (RFP) concerning HIPAA, electronic heath records, and quality initiatives include the following:
- There must be an assessment of the hospital’s current hardware and software capabilities, including a comparison of current security measures versus recommended security measures.
- Evaluation of specific measures necessary in order for the hospital to bring its EHR and related systems to HIPAA standards is completed.
- For privacy compliance, a method of evaluating current as well as future potential internal and external threats or vulnerabilities of the hospital’s EHR and related computer systems is initiated.
- A review of current patient information collection practices and recommendations on bringing them into compliance with HIPAA is done.
- Human resources initiatives for patient and hospital staff education concerning HIPAA standards, procedures, and conversion to improved practices is continual.
- Methods to keep current with assessments of the hospital’s success in maintaining HIPAA standards, as well as ways to report and immediately deal with problems as they occur are used.
- Records portability among health care providers and the many insurance companies that patients have is streamlined in order to make sure patients receive quality, timely care.
- The hospital engages staff at all levels as well as patients to participate in research from multiple disciplines; utilize the results to offer the best and latest quality initiatives.
- There is a creation of an independent team to oversee and assess HIPAA compliance.
- Technology ensures that the EHR and related systems are as streamlined and cost-effective as possible.
Information technology, EHR, quality improvement initiatives, human resources, and administration appear at times to be separate aspects of the hospital. However, in light of scientific research as well as the experience of other hospitals, the necessity of fostering communication and knowledge between these aspects is essential in maintaining HIPAA standards at the hospital. The chief current concern is to be sure that each aspect of the hospital understands not only its own role in maintaining HIPAA standards, but also understands why other aspects are equally fundamental to success.
Batalden, P. B. & Davidoff, F. (2007). What is “Quality Improvement” and How Can it Transform Healthcare? Qual Saf Health Care, 16, 2-3. Retrieved from http://qualitysafety.bmj.com/content/16/1/2.full.pdf+html
Dreyzehner, J. J. (n.d). What is HIPAA?. Tennessee Department of Health. Retrieved 14 Feb. 2014 from https://health.state.tn.us/hipaa/