New HIPAA Software Ensures Patient Privacy
| When it went into effect in 2003, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) set national standards for the protection of certain health information, called Protected Health Information, and how it may be used.
According to federal guidelines, UAMS must conduct “reasonable, regular and periodic” review of electronic records to ensure that employees, students, faculty and staff are accessing only those patient records needed to perform their job. Up until now, this has been done by the UAMS HIPAA Office reviewing activity logs, reports and other information and determining accesses that may be inappropriate or unauthorized. For example, the UAMS HIPAA Office routinely reviews same last name reports to detect unauthorized viewing of family members’ medical records.
Beginning this month, UAMS will begin using Protenus, a powerful new tool in the detection of unauthorized viewing of protected health information. Protenus has developed a patient privacy monitoring system that uses artificial intelligence and software analytics to do the work of multiple full-time employees.
“The software uses data from our electronic health records and SAP to rule out appropriate use of data and flag only activity that is suspicious,” said Heather Schmiegelow, UAMS Privacy Officer and HIPAA Campus Coordinator. “It’s like we were looking for a needle in a huge haystack before, and now we have a really strong magnet that can pull all the needles out for us.
“Advancements in software and artificial intelligence have made this enhanced ability to detect HIPAA violations possible,” she said. “Patient privacy is important for all our patients, including those who are also employees.”
Once potential inappropriate accesses to patient’s records are identified, the HIPAA Office will further investigate to see if access to the patient’s protected information was related to the job of the faculty member, student or employee who accessed the records.
“Nothing will change in terms of our HIPAA policies and the disciplinary process for those who violate them,” said Schmiegelow. “We will continue to work with Human Resources when we identify a HIPAA violation.”
In addition to using Protenus, the HIPAA Office will continue to rely on faculty, students and employees to report potential violations. This online form can be used to report HIPAA incidents. It is available on the UAMS HIPAA website (www.hipaa.uams.edu) under “Report an Incident.” Violations can also be reported by calling 501-614-2187 or 1-888-511-3969.
Even accessing your own medical record may be a violation of UAMS policy. To see your own information within the guidelines, use your UAMS MyChart account or request your files from the Health Information Management department. There is no charge for files sent to a doctor’s office, clinic or hospital. If they are for personal use, you can pay for copies or have them copied to a CD or thumb drive for $6.50.