Archive for HIPAA

Hackathon Aims to Clear the Air

In late April, more than 200 data scientists from more than 10 cities around the world spent 24 hours in London designing solutions to help improve the U.S. Environmental Protection Agency’s (EPA) Air Quality Index.

People who suffer from asthma and other respiratory diseases use the index to avoid dangerous levels of attack-triggering outdoor air pollutants, and the hackathon’s goal was to help build local early warning systems to accurately predict dangerous levels of pollutants on an hourly basis.

“We wanted to use open data, but more than that, we wanted data that was meaningful in terms of social change or influence,” said Carlos Somohano, a data scientist for Data Science London (DSL), about the choice to use an environmental data set from Cook County, Ill.

The Data Science Hackathon was created and hosted by DSL and Data Science Global in collaboration with Kaggle, a platform for predictive modeling and analytics competitions. The activities were part of Big Data Week, a series of community led events and hackathons involving big data.

David Chudzicki, data scientist for Kaggle, said Chicago’s thriving data science and machine learning community was involved in the event from early on. “Cook County is making a big drive toward open gov data,” he said, “so the collaboration with them providing the data set occurred quite naturally as we were searching for a good problem for the hackathon.”

If the hackathon can contribute to positive health-care outcomes, then the event will prove more than worthwhile, said Chris Roche, regional director for Greenplum, a division of EMC, which sponsored the event. “What I like about the hackathon and the data science community is the accelerated innovation that they create.”

On the whole, the competition led to some great insights into the problem and started people looking at this type of data, Chudzicki said. Cash prizes totaling 3,000 pounds (approximately $4,700) were awarded between a global winner and a London-based winner.

The winning solutions were submitted and ranked through Kaggle’s competition platform that provided real-time leader boards, allowing participants to continuously keep track of their scores.

Though the top winner, Ben Hamner, was ineligible for any prize money as a Kaggle-employed data scientist, his solution is notable in that he claims to have barely glanced at the domain before training the model — meaning he could devise a winning solution without knowing anything about the actual issues going on in Cook County. To him, he was working with truly random data.

“I was surprised that domain insight wasn’t necessary to win the hackathon,” Hamner said. “Key insights have been crucial in many of our longer-running competitions.”

While it’s too early to know what his solution could mean for Cook County, the EPA and citizens who follow the Air Quality Index, the solution is now undergoing a period of thorough exploration and development.

Melbourne’s James Petterson won the global first prize and, like Hamner, spent little time looking at the data itself. He said he was surprised to achieve such a high-quality result without having spent time trying to understand the data set.

“If you’re a data scientist, let the data talk,” said DSL’s Somohamo. “You don’t have to be a domain expert. The competition proves that a good data scientist doesn’t have to know the domain context to achieve results.”

The code for both winning models discussed above, as well as that of the local London winner, has been made publicly available by Kaggle and Data Science London, meaning it’s accessible to anyone who wants to explore it and continue working on it. Development may well continue outside the expected channels.

Currently, predictive models drafted at the hackathon are being reviewed to determine their relevance at the local, state, U.S. EPA and National Weather Service levels. “We’re looking at who is most appropriate to use this,” said Cook County CIO Greg Wass. “Once these solutions are refined, they may go up the chain. We’ll see how far we get with this thing.”

“One of our missions is to promote awareness of data science and the dissemination of data science knowledge,” Somohano said. “It’s a new thing here in the UK, but in the U.S., it’s already getting quite trendy.”

The best way to raise awareness and involve local and international data science communities was through a hackathon, determined Somohano and his DSL partner Stewart Townsend.

“The concept of a ‘hackathon’ has deep roots in Silicon Valley as an event that combines innovation and competition in a very short, intense period of time,” Chudzicki said. “While the term ‘hacker’ has negative connotations from being used to describe computer security crackers, the meaning in the community is someone who delights in solving problems and building new things.”

The EPA data set was chosen because air pollution affects people regardless of their location, even if the specific data used in the competition was sourced from one U.S. city.

“We worked in partnership with Big Data Chicago to make this happen and to share our environmental data sets,” said Cook County Deputy Director of New Media Sebastian James. “We were asked if we could get the specific data about air quality to the event organizers. They needed a big data set to work with, something that served a public need and was very topical.”

As Data Science Global organizes and promotes future events, DSL’s Somohano said that other subject matter and data of high relevance to government — such as health care — will be the objective.

Health-care provision is one of the major concerns of governments worldwide, said Greenplum’s Roche. “Serious respiratory disease affects over 700 million people globally and chronic disease accounts for over 80 percent of all primary care consultations.”

You may use or reference this story with attribution and a link to

View the original article here

4 Approaches to Health Information Exchanges

Rhonda Hoeffner, a nurse in the cancer center’s intensive care unit at Johns Hopkins, uses a computer to chart information. Photo by the Baltimore Sun/Lloyd Fox

In June, the board of the nonprofit Health Information Partnership for Tennessee (HIP TN) announced plans to wind down its operations. The group was created three years ago to help Tennessee create a statewide clinical health information exchange. Officials at HIP TN said the state decided to pursue a simpler strategy that relies on secure email transmission of health information among providers.

And Tennessee may not be the only state changing direction. With limited grant funding and tight time frames, others also are re-evaluating ambitious goals of creating an infrastructure that would allow searching for patient records across hospitals and doctors’ offices statewide. Instead, states are downshifting to more incremental plans that start with enabling email connections between providers or that focus on supporting state Medicaid organizations. (HIEs — health information exchanges — are not to be confused with health insurance exchanges, which are being set up to allow consumers to comparison-shop for health plans.)

Tennessee intended to offer enterprise services, including links to an immunization registry, electronic lab results for reporting to the Department of Health, and compiled patient medication histories. “Our plan was to create a network-of-networks model that would connect existing RHIOs [regional health information organizations], not be a replacement for them,” said HIP TN CEO Keith Cox, who was hired in January 2011 to run the statewide operation and develop enterprise and value-added services for the network.

“Tennessee has been a leader in many HIE efforts, and we have a lot of experience in developing models of collaboration,” Cox said. “And as a state and a region, we are following and even anticipating the trends and visions that have been set forth for almost a decade.” Although the state received $11.6 million in federal grant funding to create the HIE, Tennessee officials say the new aim is to ensure that Tennessee providers meet the expected information exchange goals of Stage 2 meaningful use criteria of the incentive payment program funded by the American Recovery and Reinvestment Act of 2009. The new initiative, known as Direct, will be the basis, in the near term, to accomplish this.

“The board supported the change in direction and remains committed to the national vision for an interoperable health-care information infrastructure,” Cox explained. “It was very disappointing to think we would wind down after hundreds of stakeholders volunteered their time to work on an HIE framework,” he added. “However, all remain passionately committed to making this work for the state.”

Tennessee’s abrupt change in direction is unusual, but the frustration expressed there about the difficulty of the HIE process is common. For instance, in May, California replaced Cal eConnect, the nonprofit organization created to develop the state’s HIE. That effort is now led by the Institute for Population Health Improvement at the University of California, Davis. Cal eConnect had struggled with several changes in leadership. A joint statement from the California Health and Human Services Agency and Cal eConnect noted that the Cal eConnect board determined that as a startup with a large board, it was “not able to move fast enough to implement approved programs.”

One challenge that public-sector HIEs face is competition from private HIEs being set up by health systems to support patient-centered medical homes and accountable care organizations. In Connecticut, the three main hospital systems are expanding rapidly by buying hospitals and physician practices, and building out their own private HIE architectures that are tied to specific electronic health record vendors. “That is changing the thought process about the role the state HIE will play,” said David Gilbertson, CEO of the Health Information Technology Exchange of Connecticut. “What is the incentive for providers to connect to us? One is to fill the gaps and offer access to the providers that are not part of these organizations,” he said. “Another is to provide access to public health and Medicaid data. Those are the value propositions.”

A snapshot of the development of statewide HIEs reveals a patchwork quilt with widely varied levels of activity and success. Some states have been working on transmitting health data for almost a decade, although even these exchanges struggle with financial sustainability. Other states are still doing planning and governance work. Because the federal funding was part of the stimulus bill, it must be spent in the next year and a half. That aggressive timeline puts the states in a difficult situation. “If the question is, can they complete a robust exchange in that time frame, the answer is probably no,” said Julia Adler-Milstein, an assistant professor at the School of Information at the University of Michigan. “But will information exchange increase considerably? For the majority of states, the answer will be yes.” However, if any progress at all on exchange is considered success, that is setting the bar rather low, added Adler-Milstein, whose research focuses on policy and management issues related to the use of IT in health-care delivery.

States are being forced to reassess their role in HIE, said Rick Ratliff, global connected health managing director for consulting firm Accenture. “Pennsylvania did an initial procurement over a year ago for planning a fully functionalHIE for the whole state,” he said. That procurement has been pulled, and a new procurement is likely to be much more modest, he said, taking advantage of exchange efforts already going on and with the state playing a much smaller part.

The states that are going to stand up a sophisticated central technology platform are few and far between, Ratliff said. “But it still makes sense for them to provide some shared services such as registry services for chronic disease management,” he said. States may focus on a smaller set of core government initiatives including public health reporting. “If the HIE can offer visibility into Medicaid members and increasing efficiency on their behalf,” he added, “that can be a key driver.” For instance, the Alabama Medicaid Agency has been the lead agency for the development and implementation of that state’s HIE plans. And the Arizona Medicaid program is offering incentives over the next three years to offset costs for providers to join the Health Information Network of Arizona.

Adler-Milstein contributed to a 2012 Robert Wood Johnson Foundation report on the state of U.S. health information technology. It used a model created by Deloitte that groups the state approaches to fostering HIE into four types:

Elevator: States with an elevator model focus on rapid facilitation of exchange capabilities to help clinicians meet stage 1 of the federal “meaningful use” requirements to earn electronic health record implementation incentive funding. These states typically start with very limited health IT adoption and exchange activity locally or at the state level. Thus, they need to rely on a technical approach that can be built quickly and does not require mature infrastructure. Examples of elevators include Illinois and Wisconsin (and perhaps now Tennessee), Adler-Milstein said.

Capacity-Builder: These states focus on providing financial and technical support to bolster existing local exchanges that have comprehensive geographic coverage. Indiana, which already has several mature HIEs, including the Indiana Health Information Exchange, is a good example. “It would be crazy for the state of Indiana to try to stand up something totally new,” Adler-Milstein said. “Instead, they are using grants to try to get more provider groups connected to these existing exchanges.”

At a National eHealth Collaborative meeting earlier this year, John Kansky, vice president of product management for the Indiana HIE (IHIE), said the key to Indiana’s success is keeping the focus on providing value to customers. “We approach it and sustain it as a business,” he said. Affiliated with the Regenstrief Institute, the IHIE connects 90 Indiana hospitals, and 19,000 physicians use it. Its DOCS4DOCS subscription service provides physicians lab and radiology results in a Web-based inbox. The IHIE also offers a service that enables hospitals and physicians to electronically share clinical images.

Orchestrator: States with an orchestrator model focus on building the basic services required to connect existing substate exchanges. A good example is New York, which has nine RHIOs up and running, and its Statewide Health Information Network for New York will create a set of core services that participants will use to exchange information across organizational boundaries. Another state that is orchestrating exchange but not standing up a strong state-level organization is Minnesota. The state decided to certify and regulate exchange as it develops in the private sector, said Marty LaVenture, director of Minnesota’s Office of Health Information Technology.

“Given the limited funds available, it was determined to support a market-based approach,” he said. “As much as others may have wanted us to do this in a big bang, we determined to reduce our risk and do it incrementally.” The government role is oversight — ensuring there’s a fair playing field and that privacy and security guidelines are established and followed. “But we have a fairly thin layer of governance,” LaVenture stressed. So far, the state has certified five health information service providers, including Surescripts and Ability Network.

Public utility: States with a public utility model build a single hub for exchange focused on providing a wide spectrum of HIE services directly to end users and to substate exchanges where they exist. The exchange is either based inside state government or in a nonprofit state-designated entity. Such a model is particularly well suited for small states like Vermont and Delaware that can obtain sufficient stakeholder buy-in, as well as states with sufficient authority and resources to build statewide infrastructure. “Smaller states are more likely to play a broader and deeper role in the exchange,” Accenture’s Ratliff said. “There tends to be more willingness for health systems to come together and to allow a state health department, for instance, to play a significant role in driving governance and standards.”

Maine’s HealthInfoNet, which started in 2004, is a good example of a public utility, even though the organization is nonprofit and sits outside of state government. It’s expected that all Maine hospitals will be under contract to HealthInfoNet by year’s end and will be connected by the end of 2013. The exchange also expects that at least 80 percent of the state’s ambulatory providers will be connected by 2014.

HealthInfoNet’s executives see one early decision as critical: the creation of a commingled central database. (Competing health systems have trouble agreeing to do that because they see their data as a competitive advantage. Most states are using a federated model in which the data is stored in separate places and queried from other locations.) “One key problem with the federated model is that the data is not standardized,” said Dev Culver, CEO of HealthInfoNet. “They can’t create a view of the patient. We put a lot of time into mapping all that data to standards. In a federated model, that is impossible to do.”

In another example of value-added services it can offer, HealthInfoNet is launching the nation’s first statewide medical image archive. The goal is to reduce the cost of storage and transport of electronic medical images and make sharing these images possible through the HIE.

But even HIEs that are successful in linking providers are still struggling to create a model of sustainability. The Delaware Health Information Network (DHIN) connects all hospitals in the state and 93 percent of providers. Yet Dr. Jan Lee, DHIN’s executive director, is charged with finding ways to make the network financially sustainable once federal and state funding run out. Previously, the state and private-sector providers have split what federal grants have not covered, but DHIN will have to identify value-added services that providers will be willing to pay for, such as unified medication history reports and data analytics on population health. This year DHIN had to go back to the state for an additional $3 million, but Lee said legislators were reluctant to provide that funding and basically said, “Don’t come back next year.”

Delaware has been working on HIE for 10 years — “before it was trendy,” Lee said, and it still has issues to work through. She believes that states trying to catch up now face daunting challenges. “Look at Pennsylvania just to our north,” she said. “They have not been able to get off the dime. Issues of competition and mistrust have sent them back to the starting block several times. Now they are getting started and only have 15 months left in the ONC [Office of the National Coordinator for Health IT] funding grants. They cannot get connected in that time,” Lee added. “Dealing with data structure, consent issues, security, consumer advisory groups, broadband coverage — all this takes a long time.”

State HIE governance organizations are spending the most time on business cases and models for sustainability. It seems that the most successful HIEs, such as IHIE in Indiana, have focused on building only those services that stakeholders will pay for. It may be that there isn’t a strong market demand for statewide services, especially in large states where several regional exchanges have already been established. “They should do a needs assessment about how much demand there is for statewide exchange across big regions,” Adler-Milstein said.

Maine’s Culver believes his central data repository is valuable and can make HealthInfoNet sustainable if the HIE can offer analytics tools around it. “To organizations setting up accountable care organizations, there is a lot of value in that data set,” he said. “And if we can demonstrate a significant impact on cost and quality, then we can distinguish ourselves.”

View the original article here


ICD-10 implementation is one of the emerging hot topics in medical transcription domain. In this article; we look at different myths associated with ICD-10 and the realities associated with it. Click here to learn more about these myths.

With each passing year we are coming closer to a technology driven world. We are seeing path-breaking products launched in the market with great proficiency. But technology alone cannot make or break a product. It is also about creating new opportunities by including incremental changes in the original product, to make it universally accepted merchandise.

Going with this flow, U.S. Department of Health and Human Services (HHS) has decided to make major enhancements to the already existing ICD-9 codes. It is known as ICD-10 codes. The transformation from ICD-9 to ICD-10 coding although makes the work of medical practitioners tedious, it also gives them the opportunity to easily track and analyze disease patterns and outcomes of diseases. There are different names for code sets like:

  • ICD-10
  • ICD-10-CM
  • ICD-10-PCS

Let us look at the parlance of ICD-10-CM and ICD-10-PCS.

  • ICD-10-CM connotes to outpatient services for example; diagnose provided in physician’s office.
  • ICD-10-PCS connotes to inpatient services such as hospital stays, beds, nursing services and surgical procedures.

Although ICD-10 implementation will make the life of medical practitioners easier; there are certain sections of audience which are circumspect about the success of ICD-10 implementation. Let us now look at different myths associated with ICD-10 codes, and its realities:

  • Myth 1: The penultimate date of ICD-10-CM and ICD-10-PCS implementation has not been rolled out; although there are speculations that ICD-10-CM and ICD-10-PCS will be implemented on October 1, 2013.

Reality: Medical entities associated with HIPAA have been given the ultimatum to comply with ICD-10 coding system starting from October 1, 2013. This applies to both dates of discharge and dates of service for all patients occurring on or after that date.

  • Myth 2: We can procrastinate for a bit longer before adopting ICD-10 codes in our entity as The Department of Health and Human Services will probably grant an extension for the implementation. Even if they won’t we can cover the ICD-10 training in a couple of weeks time.

Reality: Due to unforeseen circumstances the ICD-10 implementation date can be expended. But at this point of time it is looking absolutely certain that The Department of Health and Human Services will not extend this date and will make sure that the implementation process takes place as planned. Now if there is no prior planning you may lag behind and face compliance issues in future. With ICD-10 implementation the entire scenario of Medical billing and coding will change, and so if you procrastinate you may have to deal with serious compliance issues. Moreover; it is hardly possible for an entity to train their employees on ICD-10 coding system in a very short duration.

  • Myth 3: Since ICD-10 consists of large number of codes, it is nearly impossible to go for ICD-10 implementation.

Reality: Although there are large number of codes in ICD-10 and the code set is also longer than ICD-9; it does not make the ICD-10 implementation challenging. It makes the job of Medical Practitioners easier due to the following reasons:

      • ICD-10 is more accurate, more specific and logically structured than ICD-9-CM
      • Integration of new software will make the life of medical practitioners easier allowing them to track down codes faster than ICD-9


  • Myth 4: ICD-10 would lay more emphasis on electronic copies of medical coding. After October 1, 2013 all the coding will be done electronically.


Reality: There are loads of coding books existing in the market on ICD-10-CM and ICD-10-PCS hence; there is no reason to believe that ICD-10 will be more electronic than ICD-9-CM.

  • Myth 5: ICD-10 was first initiated in 1993, so there is a possibility that the codes are already out-of-date.

Reality: Although inception of ICD-10 codes happened almost two decades back; there has always been an emphasis on introducing incremental changes in the product. With the continuous development of health care domain; there have been several revisions in codes. These incremental changes in the codes will continue till the point where healthcare community decides to freeze the codes. Right now the healthcare community believes that the codes can freeze before October 1, 2013. But this will give ample time to medical billers, coders, physicians, and other healthcare workers to learn these codes before their compliance is required.

  • Myth 6: ICD-10-PCS will replace Current Procedural Terminology (CPT)

Reality: CPT will not change with ICD-10 implementation. Please note that as specified earlier; ICD-10-PCs are intended only for the purpose of reporting inpatient services such as hospital stays, beds, nursing services and surgical procedures.

  • Myth 7: A lengthy documentation process will be required to be followed after ICD-10 implementation which will bring unnecessary complications to coding and billing process.

Reality: After the successful ICD-10 implementation, there will be a precise documentation process which will be required to be followed. The required information will already be there but it was not being used in ICD-9. The sole purpose of documenting the details is to make sure that the quality of the content is superior. It should also help the medical practitioners to specifically understand the patient problems easily.

ICD-10 implementation promises to provide a new leverage to medical domains across the globe. With the help of these codes, medical practitioners will be able to classify the health information in a proper way thereby maintaining the international standards set for healthcare documentation.

The transition from ICD-9 to ICD-10 will not be an easy process. It will not only include conversion of codes in your information system, but it also involves supporting accurate codes, improving clinical documentation, increasing coder efficiency and help physicians adapt while minimizing interruption.

Mediscribes has developed a deep insight into the strategic and operational aspects of ICD-10 and the opportunities that lie ahead. We can provide an exhaustive program for ICD-10 training which will include various ICD-10 services mentioned below. We also help you to identify the level of risks, map workflows and convert your systems.

We can offer the following clinical improvements to clients in respect to ICD-10 Implementation:

  • Classification of Compliance Risks
  • Finer clinical documentation
  • Greater effectiveness of coding
  • Translate codes
  • Map and convert your systems
  • Train and test coders and clinical documentation improvement specialists
  • Train and support physicians

ICD-10 Services offered by Mediscribes:

  • ICD-10 Documentation and Revenue Risk Assessment Services
  • ICD-10 Transition planning and Recommendations Services
  • ICD-10 Project Management Services
  • ICD-10 Modeling and Code Translation Services
  • ICD-10 Financial Impact Analysis
  • ICD-10 Translation Management Tool

Medical practitioners need to hire an eminent Medical Transcription Company for smooth transition of ICD-10 implementation process in their organization. To learn more about our services click here.

About Mediscribes

Mediscribes, Inc. is one of the fastest growing Medical Transcription & document management systems providers in United States, based in Metro Louisville. Mediscribes is an ISO 9000-2001 certified company, rendering cost-effective consolidated transcription solutions to major hospitals, clinics, and other healthcare facilities in United States. Mediscribes is the most value-providing organization in the market today with a strong presence in America and offshore locations. The firm specializes in providing highly accurate transcription adhering to ADHI guidelines in unbeatable turnaround time with robust & proven document management system as its vantage point to its esteemed clientele.

Mediscribes provides end-to-end transcription solutions as its primary offering. For our customers, we focus on dictation systems, both ASP as well as enterprise level solutions, with the help of our most valued asset ezVoiceIntelligence (ezVI), providing specialty-specific qualitative transcription along with a “whole nine yards” document management system. Mediscribes specializes in EMR data integration as well. Our data dispatch department is highly proficient in integrating transcribed reports into any type of EMR. Healthcare facilities that do not have EMR get the option to use our web-based file monitoring interface called eTranscribe for global access to their data. eTranscribe has special features of E-signing, E-faxing, auto-printing, and user-friendly document search criteria.

For additional information, please visit

Media Contact (Mediscribes)
Mike Perry

12806 Townepark Way
Louisville, KY 40243-2311
Ph: 502-400-9374
Copyright © 2009. Mediscribes.
Mediscribes is a registered trademark. All Rights Reserved.

ezDI Makes the Case for Mature Analytics in Healthcare Cost Containment

As a leader in the field of healthcare analytics, ezDI has constantly escalated in the dimension of the market and business intelligence. The present director has shared the preview of the healthcare cost containment with the industry recently. According to the esteemed director, plans formulated by most companies do not exactly have the required level of maturity that is demanded by most employers. Putting light on the making of the case for better and well sophisticated healthcare informatics, the director argues that existing plans do not address the needs and requirements of the Affordable Care Act. In his presentation, he meticulously talks about cost containment and its importance to health care executives. The changes in the pattern are due to the notable health care reform, which according to the company is indispensable.

“Plans that do not move towards centralized tools, stronger analytics, and process integration will pay the price, and will leave potential cost savings on the table due to redundancy and inefficiency,” says the director. “The time now is to objectively assess how your efforts stack up,” he says, talking about the increasing pressure on various groups effected.

The company officials talks about the importance of right evaluation to healthcare executives. “There is a need of evaluation by using the best practices of the industry and self-assessment with five components in the core of sophisticated analytics initiative,” argues the present director. The first component is the goals and priorities which define if the cost containment goals are clear and the required measurements are in place. Second component of prime importance is the analytical tools and their nature. It is also necessary to know if skilled and analytical talent is available for the development of cost containment action plans, which is the third component. In the fourth component, the company talks about the commitment of business areas for cost containment. The powers of executive leader in leveraging a cost-functional team are another key aspect. In the fifth and final component, the case study deals with the budget and the ability to acquire tools.

In the core, the company has been highly successful in using data from EMR and Transcript files for drawing various conclusions. The data that has been used from EMR and Transcript has been converted into a single structured format, which has enabled every user to draw better conclusions from the information. The entire process will power various groups to query and analyze the data available for better and thoughtful decision making. The core advantages of the case include substantial reduction in the cost and saves time on the base studies. The physicians will also be benefited as they can suggest the best medicine to patients as per requirement.

About ezDI

The Company is one of the leaders in business intelligence and healthcare analytics that aim at improving the quality of services in health care and reducing costs. The company offers integrated solutions with a single data feed, and increases the industry’s speed, accuracy, flexibility and value overtime.

ezDI LLC allows a users to enter text queries as they would with any search engine and returns medically relevant results across both structured data and unstructured data. Using advanced Clinical Natural Language Processing (NLP) technology to understand the intention behind the queries typed by the user.

For additional information, please visit

HIPAA vs The Cloud

HIPAA Compliance: The objective behind

Sensitivity in maintaining individual health record of every person is too significant and this is what gets ensured under HIPAA security compliance, which aims at protecting an individual’s information to be obtained, created, used and maintained electronically at a specific healthcare unit or hospital. As a result of this rule, the healthcare unit is responsible for taking every measure to keep this information confidential, secure, reliable and free from any electronic interference. But healthcare units usually find it tough to meet the expectations of this security rule & it requires a more technical approach in abiding by the directives of the security rule.

Healthcare unit’s responsibility in ensuring HIPAA security compliance

Under HIPAA security compliance, each of the three aspects, namely administrative, technical and physical, has to be adhered to by implementation specifications. These specifications specify the modus operandi for meeting the three aspects. A healthcare unit or hospital has to either implement a security measure to achieve this objective, execute the given implementation specifications or, may not put into practice either one of the two. But as part of HIPAA compliance, the body has to document whichever choice it wants to implement and this document should additionally comprise of basis of the evaluation on which this decision has been arrived at. Outcome of all this can be visibly noticed in the form of a challenge for IT professionals working in health sector.

Shouldering HIPAA compliance responsibility with cloud computing vendor

No surprise, emergence of cloud computing looked like easing the scenario but with enough caution, given that an outside agency in the form of cloud providing associate is involved besides the healthcare unit. Because of this vendor-client partnering, the ultimate responsibility to abide by HIPAA compliance resting with the healthcare unit gets pooled with the vendor, since implementation gets carried out at the vendor end. Thus, there is much room for the sensitive information getting trickled at the remote location where cloud model has been setup. In this situation, the healthcare unit will have to adhere to all the security aspects and implementation specifications as discussed above, so as to satisfy the HIPAA security rule. In the process, the healthcare unit will have to extend its interference and control at the cloud computing associate’s location in terms of integrity, encryption, data transfer & management, etc., which this body earlier left up to business associate due to contractual limitations or budget constraints.

Documentation of roles

Obviously, the healthcare unit has an opportunity this way to allot even responsibility to its cloud computing business associate and keep it under the scanner, as if HIPAA compliance is not just the healthcare unit’s liability, but is as much an accountability of that vendor. The documented modus operandi of this body can well include the extent to which it has involved vendor and along with, ask the vendor to document its procedures and practices in following the technical requirements and the HIPAA compliance as a whole.

While cloud computing can be the technical answer for healthcare IT professionals to successfully satisfy HIPAA security compliance, the organisations in healthcare can well ensure strict adherence of HIPAA rules by shouldering equal responsibility with their cloud computing business associates.

About emPower eLearning

emPower  is a leading provider of comprehensive Healthcare Compliance Solutions through Learning Management System (LMS). Its mission is to provide innovative security solutions to enable compliance with applicable laws and regulations and maximize business performance. empower provides range of courses to manage compliance required by regulatory bodies such as OSHA, HIPAA, Joint commission and Red Flag Rule etc. Apart from this emPower also offers custom demos and tutorials for your website, business process management and software implementation.

Its Learning Management system (LMS) allows students to retrieve all the courses 24/7/365 by accessing the portal. emPower e-learning training program is an interactive mode of learning that guides students to progress at their own pace.

For additional information, please visit