Tuesday, August 2, 2011

VIA3 is HIPPA Compliant!

VIA3 is already at use at known healthcare institutions in the United States for adminstration, meetings, and remote medical doctor presence.

VIA3 and HIPAA Compliance

Protecting a patient's privacy has always been of paramount importance in the healthcare industry. The last few years, however, have brought about entirely new privacy and security requirements that require compliance from more than just a patient’s primary care physician or the emergency room staff. The Health Insurance Portability and Accountability Act (HIPAA) of 1996, which stipulates that ALL methods available should be used to ensure a patient's privacy is maintained, affects nearly every organization that collects, stores, or transacts protected health information (PHI).

Health plans, healthcare providers, healthcare clearinghouses, information systems vendors, universities and even human resource personnel handling employee’s private health information at their employers are all required to meet compliance, and the penalties for non-compliance can be severe (i.e. up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information).

The HIPAA Security Rule required complete compliance by April 21, 2005. If you’re one of almost 40 percent of affected organizations (according to the American Hospital Association) still struggling to comply, then re-examining the key privacy and security requirements – and comparing them to how you communicate PHI now – should get you another step closer.

The Key Requirements of HIPAA

HIPAA strongly regulates how PHI may be used, and when and how it may be shared with business partners. HIPAA required the Department of Health and Human Services to establish new rules designed to ensure patient privacy, patient safety and quality of medical care. More specifically, these rules require the establishment of:

1. Standardization of electronic patient health, administrative and financial data (Basically, implementing a national standard – or one format – for PHI documents and codes within the documents, to simplify and improve transaction efficiency)

2. Unique health identifiers for individuals, employers, health plans and health care providers

3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

While the first two requirements appear fairly easy to understand and implement, the third requires more details. In fact, it’s been divided into two “steps” that give those affected myriad guidelines that build off each other.

1. The Privacy Rule, which required compliance for most organizations by April 14, 2003, requires affected organizations to guard against misuse of personally identifiable health information and limit the sharing of such information, whether or not the information has been in electronic form. The Privacy Rule also grants consumers significant rights regarding the use and disclosure of their health information, including letting them determine who can have access to their information. It also establishes business associate agreements that impact how business associates (such as information technology vendors) can access and disclose PHI.

2. The Security Rule, which required compliance by April 21, 2005, requires affected organizations to implement basic safeguards to protect electronic PHI from unauthorized access, alteration, deletion, and transmission. The security standards define the administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI. Required safeguards include application of appropriate policies and procedures, safeguarding physical access to electronic PHI, and ensuring that technical security measures are in place to protect networks, computers and other electronic devices.

The administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI include such significant requirements as:

• Assigning a unique name and/ or number for identifying and tracking user identity
• Implement a mechanism to encrypt and decrypt electronic protected health information
• Implementing hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic PHI
• Implement policies and procedures to protect electronic PHI from improper alteration or destruction
• Ensuring authentication, access controls and access monitoring in part by requiring proper use of user IDs and passwords to make certain that any user claiming access to a system is who he/she claims to be.

One Step Towards Compliance: Collaborating on HIPAA-Compliant Online Meeting Software

So if you’re not already in full compliance with HIPAA, what can you do? Examine how you are currently communicating PHI and look for alternatives. One alternative that will get you closer to HIPAA compliance is to integrate online meeting technology from an enabling “business associate” such as VIA3 Corporation into your organization. For example, VIA3® Assured Collaboration Service from VIA3 will take care of many of the requirements set forth for managing electronic PHI in HIPAA’s strict security and privacy rules, as the service:

• Completely encrypts ALL data transmitted during an online meeting from sender to receiver—and back again—using Advanced Encryption Standard (AES).
• Enables full authentication, access controls and access monitoring to ensure that only appropriate individuals will have access to PHI.
• Enables you to store PHI in online workspaces where only those you permit to access them can do so
• Does not store passwords but lets you easily create unique user identities and change passwords as necessary
• Provides both audio and video components, enabling identification of meeting attendees by their voice and face. If a meeting is conducted without personal “identifiers,” hackers can sit in, uninterrupted, on confidential meetings.
• Log who was in an online meeting or alert you to changes in a document or file
• Only allows those with “owner” permissions to change or delete documents or files

VIA3 prides itself on adhering to leading industry standards and forging new ground to secure sensitive communications over the Internet. Built for professionals who require total confidentiality and complete privacy in all their communications, VIA3 Assured Collaboration Service can offer your healthcare-related organization the functionality, support and education you need to communicate PHI securely in a timely and efficient manner.

Friday, January 7, 2011

US Government Resource Planning Group Maximizes Productivity Using VIA3 for Secure Telework, Conferencing, and Collaboration

The US Government resource planning group “Fentress” has revolutionized their work processes using VIA3 secure Video Conferencing, Document Sharing, and Instant Communications.

Keith T. Fentress, President of Fentress Incorporated, knew that the telework revolution was coming to the US Government, and decided to get in front of the technology wave. He was one of the early adopters of secure web based communication long before President Obama signed law the Telework Enhancement Act, which requires federal agencies to develop more robust and secure telework plans. In doing so, he selected VIA3, a software based FIPS 140-2 Web and Video Conferencing solution. According to Fentress, this “remarkable” technology has revolutionized their work, transformed their company, and connected virtual employees spread out over 5 different states.

For starters, Fentress replaced all internal company calls with videoconferencing. This was a bit of a shock at the beginning, and the employees were concerned about the intrusion of videoconferencing into home offices. After using the product for two months, they quickly saw an increase in camaraderie and efficiency. When previously performing only conference calls, they did not have everyone's attention and found people would be on mute most of the time, distracted, or disconnected. Now with videoconferencing, the attention of team members is sustained, and there is a lot more interactivity.

Another heavy use for their daily Telework is document sharing. Fentress employees have described VIA3’s ease of document sharing as “remarkable”. Though they had this feature prior to using the VIA3, sharing is now much more intuitive and accessible. Once a document is open, you are only two mouse clicks away from sharing it with all participants.

Employees now stay connected constantly through secure Instant Messaging – a feature that normally can be compromised but is 100% safe with VIA3’s FIPS 140-2 AES level security. In addition to the new found confidence stemming from the deep security, they have found VIA3 instant messaging to be so quick and easy that it has become a routine part of their workday. The speed of instant messaging and the ability to transfer files – even large files – is a great benefit.

Efficiencies abound for Fentress in VIA3, including the use of presence awareness. Through the VIA3 “launch pad” Fentress can now tell when each other are in the office, in a meeting, or have stepped away from their workplace. This feature has helped them stay in touch better by seeing everyone’s status. They even take advantage of the ability to add comments, like “in client meeting” or “on vacation.”

Other consulting groups and government agencies wanting to fully comply with the Telework Enhancement Act need to turn to FIPS 140-2 secure conferencing solutions for secure video conferencing, online presentations, meetings of any size, document collaboration, and web-based communications. This means either a hardware intensive fixed point solution, or VIA3.

Government agencies or corporations wanting to try VIA3 can visit www.VIA3.com , or email TLockard@VIACK.com for more information.

Government agencies wanting expert resource planning and consultation can visit http://fentress.com/.