edgeMED
Testimonials Resource Center Contact
Company

Company

Home Company

HIPAA

HIPAA

edgeMED's software conforms to the Standards for Privacy of Individually Identifiable Health Information ("Privacy Rule"), a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services ("HHS") issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). The Privacy Rule standards address the use and disclosure of individuals' health information-called "protected health information" by organizations subject to the Privacy Rule - called "covered entities," as well as standards for individuals' privacy rights to understand and control how their health information is used.

Medical practices and other providers are required by HIPAA to utilize standard electronic formats for exchanging administrative information (claims forms for example) with health plans and insurance companies. Most providers will depend on their practice management system (PMS) software vendors, or billing and accounting software vendors, to assist the practice transition from electronic submission of data in non-HIPAA formats to submission in HIPAA-standard formats. edgeMED's software systems ensure that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care.

Data Security

Effective April 2005, HIPAA now mandates security measures to (1) physically AND electronically secure electronic protected health information (PHI) against unauthorized retrieval, (2) reliably store the electronic data, and (3) provide for emergency access to the data.

edgeMED's software contains preventative measures for accessing patient Information such as:

  • Secure data transfer: edgeMED utilizes encryption to secure the electronic transfer of all data.
  • Secure log-in: edgeMED requires proper User authentication to gain access to protected patient records.
  • Automatic timed logout: The Security Permissions include requirements that Users be automatically logged out after a period of time, to prevent unauthorized access of patient information.
  • User logging: edgeMED automatically tracks all Users logging into and out of the system for reference by a system administrator.

Privacy

Privacy regulations protect the confidentiality of the patient's individual medical information with respect to others. These privacy regulations apply to all PHI - paper, verbal and electronic. Once any information that may reveal a patient's identity is added to a document and that document is stored or electronically transmitted, the privacy provisions are in force.

edgeMED provides some important privacy tools for our clients:

  • Enhanced Security: edgeMED's systems restrict access to Protected Health Information [PHI] based on administrative rights and user roles, so that the electronic information is displayed only to those whom you authorize.
  • Consent: edgeMED can provide a set of helpful patient consent management forms, which may be stored within the patient record.

In addition, as a Business Associate of our clients, edgeMED is allowed access and use of PHI only as necessitated to deliver our contracted services to our provider clients. This includes secure storage of patient data, and access to that data as needed to perform support requested by our clients. Our in-house software support teams have stringent guidelines and policies on confidentiality and will immediately destroy any PHI, once the specific support or service is complete.

edgeMED's HIPAA Relationships

Medical providers are designated as "Covered Entities" under the regulations. Those covered entities are responsible to ensure that their agents and business partners meet certain obligations with respect to privacy and security. Such parties are designated as "Business Associates", and the provider generally will have a "Business Associate Agreement" with those parties to ensure those obligations are met.

A practice management software company, such as edgeMED, is typically a Business Associate of our clients. As such, we consider ourselves to have four primary responsibilities:

  1. Ensure that we thoroughly understand HIPAA regulations and relationships.
  2. Provide software and services that help you comply with your HIPAA obligations (and meet our Business Associate obligations to you).
  3. Ensure that our agents and business partners use systems and processes that are consistent with the Business Associate obligations we have to our clients.

While edgeMED is responsible for ensuring that our partners conform to our Business Associate obligations, our client providers may wish to establish direct Business Associate agreements with claims clearinghouses accessed via our software (because the providers enter into direct business agreements with them). This option should be reviewed by each covered entity with their HIPAA legal counsel.

As the HIPAA regulations continue to change and various deadlines arrive, edgeMED will continue to lead the way in providing the best tools to help you meet your HIPAA obligations.

Links to Additional Resources

HIPAA.org
Implementation Guides (free download)
Strategic National Implementation Process
Final Transaction Rule
Electronic Transaction FAQs
Code Set FAQs
Final Privacy Rule
Privacy FAQs
Final Security Rule (PDF format)

HIPAA is a very detailed piece of legislation, and the information presented here should not be considered a legal opinion. The reader should consult legal counsel to obtain a legal opinion or other information required by their individual circumstance.
Request Demos
Request Info

Testimonials

"We have been with edgeMED for over 20 years. Your Practice Management software has always performed flawlessly. It is effective, has improved productivity and increased the profitability of our Practice..."

- Cardio-Pulmonary Associates, PA

"Over the years we have referred many new clients to the edgeMED product because of the integrity of their business and the stability of the software. Our office has been so pleased with the product and support..."

- Richard Mann, DPM