Information technology has long been an enabler of collaboration and openness in the healthcare industry – but it also adds an additional layer of complexity. And in 2003, the U.S. government’s Health Insurance Portability and Accountability Act (HIPAA) added a new level of complication for how healthcare organizations manage patient information. Yet, it’s a double edge sword. Healthcare IT professionals must devise ways to help workers access patient information faster, safely and securely, while maintaining compliance with HIPAA rules and internal protocols.
There’s a simple reason for that complication, personally identifiable information is extremely valuable. Any breach or act of non-compliance that results in the release of personal medical information can have devastating consequences for both patients and the healthcare organization. As a consequence, the healthcare industry is ramping up its efforts to secure systems to better protect sensitive data, adapt to evolving threats and comply with HIPAA.
The goal posts are moving too. Digital patient records on are growing and organizations need to better manage storage while ensuring continuity and maintaining absolute HIPAA compliance. In addition to front line security measures, healthcare organizations are also tasked with ensuring continuity-of-operations through the deployment of highly-secure disaster recovery and backup strategies.
How Archiving Solutions Can Help
Managing the growing complexity of any healthcare organization’s data, while ensuring and maintaining compliance, is no small feat. Communicating patient data is critical in healthcare environments, and must remain fluid and fast, regardless of the archiving solution in place. It’s also essential that medical staff remains unaffected –access to data and systems should be transparent.
While many healthcare organizations are utilizing secure content collaboration systems like SharePoint to control access to patent data, email is still the primary tool that most healthcare workers use to communicate patient issues, their needs, requirements as well as a growing list of rich media from blood work, x-rays, sonograms, etc. Proper data management policies and sophisticated archiving solutions can help healthcare IT administrators manage storage growth and cost, while maintaining absolute compliance, eDiscovery and continuity. Robust email archiving solutions can help because they archive content from any platform – SharePoint, file servers, and email servers by providing a searchable and federated index, continuity and secure/compliant storage.
Furthermore, in the event of a legal dispute, HIPAA requires that all patient information, whether in a file or within the body of an email, must be securely stored and quickly retrievable. Many organizations stockpile this information on expensive storage without proper data rules to find that data fast. The result is a loss in productivity as administrators spend days or weeks searching through data in order to comply with legal orders.
HIPAA Isn’t Simple
Complying with HIPAA doesn’t just happen, it’s an on-going process best performed by healthcare IT professionals working in concert with their legal and healthcare end users to deliver the right information to give patients the best care possible. Sophisticated platforms such as Exchange can manage all of these tasks from one dedicated interface but healthcare organizations need to alter how they view patient data on a grassroots level.
1. Set and define internal rules. How long will an email be archived for? A blanket policy is best here. Filtering can always be added at a later date but a core, compliant retention policy is key.
2. Make sure everything can be audited. This also applies to every action carried out by an administrator or dedicated compliance asset – not just end users.
3. Everything must be discoverable. Use advanced content indexing across live data and archived metadata.
4. Learn the official rules. Read the Health Insurance Portability and Accountability Act to understand more about the act, its requirements of healthcare workers and the data they create and access, as well as how it protects patients. While the data storage and accessibility portions are contained in the HIPAA’s Title II section, it is helpful to review Title I for information about helping patients to keep their data portable.
5. Access control. Who should be on the list of “super administrators”? Who can create policies, manage retention times?
6. Identify e-discovery requirements. Double check with the legal department – what needs to be stored? How long? What type of content? What about external consultants? What about mobile device usage?
7. Deletion policy. Considering a purge option is not an easy task. Rules change without notice. Think about moving older data to cheaper forms of secure storage media just in case your organization is asked to produce data.
8. Backup. Daily backups are 100% necessary for databases and Exchange. Take a close look at where you can save time and effort by creating solutions that store changes and not simply create full backups.
Hudson Casson is the Product Marketing Director of Email Solutions at Metalogix.
Edited by
Stefania Viscusi
