HIPAAT provides consent management and auditing solutions that enable health information privacy at all levels of data sharing: between healthcare providers, organizations, regions and nationwide. HIPAAT’s software balances consumer information privacy with the clinical need to access personal health information.
Balancing Patient Privacy and Clinical Access to Health Information
To ensure patient privacy and clinical access to healthcare information, you need:
• Consent Management – incorporates access control mechanisms which allow the system to proactively block inappropriate access to a patient’s PHI according to privacy policies established by the patient, healthcare organization and jurisdiction
• Privacy Auditing – continuously tracks all access and attempted access to PHI, while a notification service – informed by consent management – immediately alerts compliance officers of inappropriate access
Consent management is a system, process or set of policies for allowing consumers and patients to determine what health information they are willing to permit their various care providers to access. It enables patients and consumers to affirm their participation in e-health initiatives (patient portal, personal health record or health information exchange) and to establish privacy preferences to determine who will have access to their protected health information (PHI), for what purpose and under what circumstances. Consent management supports the dynamic creation, management and enforcement of consumer, organizational and jurisdictional privacy directives. ~ Gartner, Inc.
Privacy eSuite (PeS) Privacy eSuite is the SOA-based consent engine at the heart of HIPAAT’s ability to capture and enforce consumer, organizational and jurisdictional privacy policies for hospitals, health systems and health information exchanges. PeS supports ‘break-the-glass’ (override) access to PHI
Auditing is key to health information privacy management. It allows provider organizations, hospitals, health systems and HIEs to actively address patient privacy and measure compliance with established privacy policies.
Universal Audit Repository (UAR) The Universal Audit Repository is HIPAAT’s standards-based central audit repository designed for use by hospitals, health systems and HIEs.
• Logs all access – and attempted access – to PHI and consent directives
• Provides automatic alerts of override (break-the-glass) access to PHI by email to a privacy officer
• Provides extensive, customizable search and report capabilities on any audit event data, and includes a separate security (breach) report
• Notifies clinicians via email if corrections have been made to diagnostic imaging exams they had previously viewed
• Is an excellent source of data for patients’ Accounting of Disclosures