The US healthcare industry is rigorously monitored against stringent regulatory norms. The industry needs to comply with a variety of standards including the Health Insurance Portability and Accountability Act (HIPAA), Centers for Medicare and Medicaid Services (CMS), American Society for Testing and Materials (ASTM), International Conference on Harmonization (ICH), International Electrotechnical Commission (ISO/IEC), and Joint Commission on Accreditation of Healthcare Organizations (JCAHO). These standards place considerable administrative and audit burden on the industry.
Most of these regulations are in place to ensure that the hospitals protect the patients’ health records. While HIPAA mandates security and confidentiality policies and audit trails, CMS defines standards and requirements for medical records (in paper or electronic format), ASTM prescribes standards for authentication of computer-based health information, and IEC specifies a security protection profile for a healthcare IT application system.
As many of these regulations undergo routine changes, the healthcare industry is under constant pressure to keep up with the changes. Amidst this tightrope walk comes newer standards and reporting needs. US President Barack Obama’s latest healthcare bill which grabbed media attention recently has huge implications for hospitals, healthcare clearinghouses, physician’s private and group practices and healthcare clinics in terms of merely capturing and protecting patient information as Electronic Health Records (EHRs).
Although the key objective of the Health Information Technology for Economic and Clinical Health (HITECH) Act is to provide affordable or free medical treatment to every US resident, a number of related regulations could place the healthcare industry under tremendous pressure.
For instance, healthcare providers need to capture exhaustive information on patients in the form of EHRs, encrypt and protect patient information, render information "unusable, unreadable or indecipherable" to unauthorized individuals, notify different parties if an information breach occurs, pay steep penalties of up to $1,500,000 for wilful neglect in terms of sending out breach notifications.
With civil monetary penalties being applicable from the date of enactment (February 17, 2009), the clock is already ticking for the healthcare providers to comply with HITECH as well.
In addition to the standalone reporting requirements that each of these standards bring in, healthcare providers need to take care of interdependencies as well. For instance, the healthcare reform legislation increases the number of people covered by Medicaid by more than 30 million. Consequently, the healthcare industry is faced with the prospect of creating, storing, encrypting and protecting 30 million more EHRs. Combine this with the need to report on the actions taken in a regular manner, HITECH compliance will increase volumes in CMS reporting needs.
Similar interplay of multiple standards and reporting needs must be considered on a larger scale specifically in the context of HIPAA, CMS, ASTM, ICH, IEC, JCAHO, and now HITECH while establishing Governance, Risk and Compliance solution for healthcare providers today.
The sheer complexity and diversity of these compliance initiatives can introduce inconsistencies and duplication of efforts across different departments and functions in a healthcare organization. The maze of documentation that is generated to address the burgeoning compliance needs will also leave management teams guessing as to whether their organization truly complies with all relevant regulatory norms.
A healthcare provider needs to implement effective quality and compliance programs right away. The programs must provide document control, compliance training, and ongoing auditing. Issues and non-conformance incidents need to be recorded and reported. To effectively carry out these activities, healthcare providers need to invest in integrated platforms like the one provided by MetricStream.
MetricStream offers an integrated regulatory compliance solution for the healthcare industry for successfully meeting these requirements while lowering the associated costs that can otherwise be substantial. MetricStream Compliance Platform, a proven infrastructure for building compliance application, provides core modules and services to automate and streamline compliance processes.