The Federal government has set aside $20 billion for upgrading the healthcare IT infrastructure by the year 2014—spelling a huge upside for the Channel. Service providers can pursue federal “meaningful use” dollars to the tune of $40,000 per qualified physician practice. SaaS-based solutions on the market today can generate the necessary reports for proving compliance.
Background & Challenges
Barbara is the office manager for a Grand Rapids, Michigan family practice that has been providing healthcare services to its 1,800 patients for 24 years. While attending her monthly association meeting of regional physician office managers, Barbara met local services provider Joe Dylewski, president of ATMP Solutions, a provider of healthcare IT technology for more than 20 years.
Her challenge to Joe was to help find her an online risk assessment solution she could use without any previous IT experience or formal computer education. Her goal was to meet and sustain compliance with HIPAA and HITECH regulations, to fulfill a few core requirements of “meaningful use” statues, and to facilitate patient care reimbursements from insurers.
Several years ago the office had transitioned its patient records to an electronic medical records (EMR) system to automate day-to-day processes, thus helping to reduce administration costs.
One of the requirements being sought was that the HIPAA solution be fully accessible to users online, and easy to operate. Another requirement was to achieve a longer term goal of satisfying provisions as outlined by “meaningful use.”
According to the provisions of the Healthcare Information Technology for Economic and Clinical Health Act (HITECH), healthcare organizations that achieve “meaningful use” will be eligible for incentive payments; those who fail to achieve that standard by 2015 may be penalized.
“Meaningful use” describes the use of health information technology that leads to improvements in healthcare and furthers the goals of information exchange among health care professionals. To qualify, providers need to demonstrate they’re using certified EMR technology. Not wanting to operate disparate systems, the practice was looking for a simple HIPAA compliance solution that had to be an extension of their office EMR system.
A Solution for Compliance
ATMP Solutions recommended that the office implement SecureGRC, a cloud-based application developed by eGestalt Technologies of Santa Clara, Calif. The application helps meet HIPAA and HITECH rules at dramatically less cost and complexity than standard approaches.
“SecureGRC SB is built from the ground up to service small medical practices,” says ATMP’s Joe Dylewski. “It also had the value of not requiring its users to have deep domain knowledge with the intricacies of HIPAA laws.”
A major attraction of SecureGRC is its ability to collect and store all HIPAA-related provisions and related documents online into a single repository. The system was designed for novices.
Having SecureGRC automate the risk assessment process by providing a comprehensive list of questionnaires gave the office its clearest picture yet of its current state of compliance, highlighting specific non-compliant areas, such as backup and recovery, that needed immediate addressing
The deployment went as planned. “There was no need to schedule 40 hours to walk through the system,” says Barbara. “It only took three to four weeks to complete the entire process.”
“Being an accountable care organization, it was important for our practice to fall in line with prevailing compliance standards, to not cause a bottleneck with other doctors’ offices or business associates, and most of all, to not find ourselves in any hot water with regulators,” Barbara says. “Another added plus about this application is the positive impact it has had with expediting our reimbursements, which is always good for business.”