SAN FRANCISCO, CA, JULY 22, 2021—Today Innovaccer and Documo announced that Documo, a leading enterprise fax solution for regulated industries, is now integrated and available on the Innovaccer Health Cloud.
Now providers, payers, life sciences companies, and digital health innovators, considered covered entities under HIPAA, can accelerate digital transformation by bringing HIPAA-compliant secure digital faxing, intelligent fax routing, and other enterprise-class capabilities into new and existing applications and workflows, with ease.
This is crucial for healthcare organizations aspiring to achieve a fully digital record-keeping system. Healthcare providers, as covered entities, must ensure that their communication methods comply with HIPAA regulations. Now Innovaccer’s customers and partners will be able to usher in truly paperless, secure communications with end-to-end encrypted data, secure logins, and user access controls, enabling them to digitally share, store, and act on vital patient health information (PHI), all while ensuring their confidentiality and compliance with HIPAA privacy regulations, and mitigating the risk of data breaches.
“Fast, effective communication is crucial to the delivery of quality healthcare—and ensuring those communications are digital and unified is crucial to the future of healthcare,” said Abhinav Shashank, CEO at Innovaccer. “Bringing Documo’s technology to the Innovaccer Health Cloud gives our customers the ability to quickly enhance the patient experience with unified care communications, patient and member outreach, and more. That patient-centric approach is the key to efficient care delivery, improving patient satisfaction, and furthering our mission to build the future of healthcare.”
Despite being a 178 year old technology—it’s older than the telephone—faxing remains one of the most-used forms of communication in healthcare. Surprisingly, faxing is actually growing in popularity, yet those sent using paper-based fax machines are not necessarily secure and are always managed outside of digital workflows used by healthcare organizations.
“Cloud fax is one of the best methods of secure transmission of communications, and by working with Innovaccer, we can now make it a seamless part of any healthcare organization’s digital workflow,” said Matt Valeo, CEO at Documo. “We are proud to work with Innovaccer to make cloud fax an integral part of the Innovaccer Health Cloud, and help healthcare to care as one.”
Understanding HIPAA
What is HIPAA? Health Insurance Portability and Accountability Act
HIPAA, or the Health Insurance Portability and Accountability Act, is a landmark federal law enacted in 1996. It outlines how protected health information (PHI) should be used and shared under the HIPAA Privacy Rule, focusing on patient rights to access their health records, company responsibilities, and necessary safeguards for sharing health data between healthcare providers. Its primary purpose is to establish national standards for the protection of sensitive patient health information, known as protected health information (PHI). HIPAA ensures that PHI is handled and transmitted securely, safeguarding patient privacy and granting individuals certain rights over their health information. This legislation is crucial for maintaining the confidentiality and security of health information in an increasingly digital world.
HIPAA Purpose: Protecting Patient Health Information (PHI)
The core objective of HIPAA is to protect the confidentiality, integrity, and availability of patient health information. This means ensuring that PHI is only accessed, used, or disclosed by authorized individuals or entities. HIPAA mandates stringent measures to prevent unauthorized access, theft, or destruction of PHI, thereby maintaining the trust and privacy of patients. By enforcing these standards, HIPAA plays a vital role in safeguarding sensitive health information from potential breaches and misuse. Conducting a thorough risk assessment is crucial in identifying vulnerabilities in systems and guiding the implementation of necessary security safeguards to protect patient information.
HIPAA Scope: Covered Entities and Business Associates
HIPAA’s regulations apply to two primary groups: Covered Entities (CEs) and Business Associates (BAs). Covered Entities include healthcare providers, health plans, and healthcare clearinghouses that handle PHI. Business Associates are entities that perform specific functions or activities on behalf of Covered Entities, such as billing, data storage, or IT services, and have access to PHI. Both CEs and BAs are required to comply with HIPAA regulations to ensure the protection of health information throughout its lifecycle. A comprehensive HIPAA compliance program is essential, involving thorough documentation, incident management processes, and the establishment of policies and procedures.
HIPAA Compliance Requirements
HIPAA Security Rule: Technical, Physical, and Administrative Safeguards
The HIPAA Security Rule mandates that Covered Entities and Business Associates implement a comprehensive set of safeguards to protect electronic protected health information (ePHI). These safeguards are categorized into three types:
Technical Safeguards: These include measures such as encryption, access controls, and audit controls to protect ePHI from unauthorized access and ensure data integrity.
Physical Safeguards: These involve securing the physical infrastructure where ePHI is stored or accessed, such as data centers, servers, and workstations, to prevent physical breaches.
Administrative Safeguards: These encompass policies, procedures, and training programs designed to ensure that employees understand and comply with HIPAA requirements. This includes conducting regular risk assessments to identify vulnerabilities and implementing measures to mitigate those risks.
To achieve HIPAA compliance, Covered Entities and Business Associates must develop and enforce robust policies and procedures for handling PHI. This includes establishing protocols for accessing, using, and disclosing PHI, as well as providing comprehensive training to employees on HIPAA compliance. Additionally, Business Associates must agree to adhere to HIPAA requirements through formal agreements with Covered Entities.
By understanding and implementing these safeguards, healthcare organizations can ensure the confidentiality, integrity, and availability of PHI, thereby avoiding costly fines and penalties for non-compliance and maintaining the trust of their patients.
HIPAA Breach Notification Rule
The HIPAA Breach Notification Rule mandates that covered entities, such as health care providers, health plans, and health care clearinghouses, must notify individuals when there is a breach of unsecured protected health information (PHI). This rule is crucial for ensuring that individuals are aware of any potential compromise to their health information and can take necessary steps to protect themselves.
Under this rule, covered entities are required to notify affected individuals within 60 days of discovering a breach. The notification must include:
A detailed description of the breach, including the date it occurred and the date it was discovered.
Information on the types of PHI involved in the breach.
Steps the covered entity is taking to investigate the breach, prevent future breaches, and mitigate any harm caused.
Instructions on how individuals can obtain a copy of the notice.
Contact information, such as a toll-free phone number, email address, or postal address, for individuals to ask questions or seek additional information.
In addition to notifying individuals, covered entities must also inform the Secretary of the U.S. Department of Health and Human Services (HHS) of breaches affecting 500 or more individuals within 60 days of discovery. This notification must include the same information provided to individuals.
Covered entities are also required to maintain a log of all breaches, documenting the date of the breach, the date of discovery, and the number of individuals affected. This log must be kept for at least six years and made available to HHS upon request. By adhering to the HIPAA Breach Notification Rule, covered entities can ensure transparency and accountability in the handling of PHI, thereby maintaining patient trust and compliance with HIPAA regulations.
About Documo and HIPAA Compliance
Founded in 2014 as an eco-friendly remote company, Documo’s innovative document workflow solutions empower businesses to collaborate more efficiently and reduce the impact of paper waste on the environment. Documo produces easy-to-use and powerful products that make document workflow more manageable, secure, and intuitive. Documo’s cloud fax solution, is built on an enterprise-grade fax-only network architecture that delivers unprecedented levels of performance and security. With Documo’s digital signing solution, mSign, companies of any size can implement legally-binding electronic signatures across their entire organization faster than ever before.
Visit documo.com for more information.
About Innovaccer and HIPAA Privacy Rule
Innovaccer Inc. is a leading San Francisco-based healthcare technology company committed to helping healthcare care as one. The Innovaccer Health Cloud unifies patient data across systems and settings and empowers healthcare organizations to rapidly develop scalable, modern applications that improve clinical, operational, and financial outcomes. Innovaccer’s solutions have been deployed across more than 1,000 care settings in the U.S., enabling more than 37,000 providers to transform care delivery and work collaboratively with payers and life sciences companies. Innovaccer has helped organizations integrate medical records for more than 24 million people and generate more than $600 million in savings. Innovaccer is recognized as a Best in KLAS vendor for 2021 in population health management and a No. 1 customer-rated vendor by Black Book.
For more information, please visit innovaccer.com
HIPAA Compliant Faxing with Innovaccer and Documo
Innovaccer and Documo have joined forces to offer a robust HIPAA-compliant faxing solution tailored for healthcare organizations. This partnership ensures that healthcare providers can securely send and receive faxes while adhering to the stringent requirements of the HIPAA Breach Notification Rule.
The Innovaccer and Documo solution leverages advanced encryption and secure protocols to safeguard protected health information (PHI). This ensures that all fax communications are secure and compliant with HIPAA regulations. Key features of this solution include:
Automatic Fax Routing: Streamlines the process by automatically directing incoming faxes to the appropriate recipient, reducing manual handling and potential errors.
Fax Archiving: Provides a secure and organized way to store faxed documents, ensuring easy retrieval and compliance with record-keeping requirements.
Fax Tracking: Allows healthcare providers to monitor the status of sent and received faxes, ensuring accountability and transparency in communication.
By integrating these features, the Innovaccer and Documo solution not only enhances the security of fax communications but also improves operational efficiency. Healthcare providers can focus on delivering quality patient care, knowing that their fax communications are secure and compliant with HIPAA regulations. This partnership exemplifies how technology can be leveraged to meet the demands of modern healthcare while ensuring the protection of sensitive health information.