Walk into your doctor’s office and you’ll likely witness the trappings of those last holdouts of the digital revolution. As you enter, you will be dazzled by the patchwork curtain of color-coded manila folders behind the reception desk, each one plump with personal data, most of it outdated but all of it exposed to potential neglect, error or abuse.
You’ll see a jar on the reception counter, brimming with ballpoint pens topped with plastic daisies. Pick one. You’ll need it for the next phase of your journey into the bureaucratic wilderness known as the healthcare system, where the tendrils of redundancy and inefficiency are strangling the quality of the relationship between physician and patient.
In 2014, when a visit to our trusted medical professional has to start off with a cold interaction with a 1940’s style clipboard, we know that healthcare is a prime candidate for a major update. Physicians and their patients cannot tolerate the status quo. In an era of consumerism and technological empowerment, the shift to a more service-oriented model is inevitable.
In fact, it may already be here.
Fortunately, the regulatory regime in the US anticipated the coming storm of consumer empowerment and technological change. Back in 1996, Congress gave the nod to healthcare consumers (that’s us) with the passage of the Health Insurance Portability and Accountability Act, or HIPAA. The idea was to give patients more power to manage, correct and assign their health records – at least as much power as a mobile phone subscriber has in keeping his cell number—and to impose greater responsibility on those who hold protected health information—or PHI, an industry term — to keep it secure and accurate.
HIPAA was a great start. But then, as they say, the Internet changed everything.
In the 13 years that followed, online transactions took root and blossomed. Personal Health Information was no longer limited to paper records tucked comfortably inside those manila folders; PHI had become data, moving within and between computer systems and subject to a whole new list of perils.
So in 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law to promote the adoption and “meaningful use” of health information technology. Subtitle D of the HITECH Act specifically addresses the privacy and security concerns that arise with the electronic transmission of health information. HITECH also imposed greater responsibility on “Business Associates” (BA) – consultants and vendors of covered entities who touch health data in the course of providing their services—to adopt safeguards to keep PHI secure and available. This requirement was codified in the 2013 HIPAA Omnibus Rule adopted last year. This final reconciliation of the two laws notably imposed requirements for BAs to enter written agreements to protect health data.
If you have customers in the healthcare space, you’ll need to have a handle on HIPAA and HITECH requirements for treating and accessing PHI. Standardized versions of the required BA agreement have been circulating for a while now; know what you are agreeing to before you sign. Is your data security up to snuff? Are you able to provide access and updates to personal health data if required?
The scene is set for a sea-change in the way consumers interact with the healthcare system. We’re still waiting for the day when we can breeze into our physician’s office without the fear of contracting writer’s cramp. But change is definitely in the air.
If you are interested in learning about how DocuSign customers comply with HIPAA and HITECH, download our FAQ here.
Just don’t file it in a manila folder.
For digital solutions for the healthcare industry, click here for more information and opportunities.
About the Author:
Ken Moyle is Chief Policy Officer at DocuSign. Click here to connect with him on Twitter.