Subscribe to our newsletter

Posts Tagged ‘hipaa laws’

HIPPA, Email Archiving, and Web Design

Wednesday, May 4th, 2011

Including Usability In The Web Design Process

Whether you want a website for a personal project or as part of a business venture, the process of web design is critically important. The idea, of course, is for the end result to be an attractive, fully functional website which attracts visitors and in the case of business oriented sites, customers. Part of designing an effective website is to pay close attention throughout the design process to the goal of making the site user-friendly; if your site isn’t easy for visitors to navigate and find the content or access the functions they’re looking for, they’ll be looking elsewhere.

If you’d like to learn more about making your website easier to use and a generally more inviting destination for visitors, read on. Whether you’re building a new website from the ground up or if you’d like to make some changes to an existing website to enhance its usability, the suggestions below can help you to make your site more appealing to users and thus, more successful overall.

Be Concise:

Your site needs to communicate clearly and quickly to visitors in both design, email archiving, and HIPAA. People are impatient, especially when they’re online. With literally millions of other websites out there to visit, if you take too long to get your point across, you’ve lost your visitors; and if your website is part of your business, this means that you’ve lost them to your competitors.

Tell your visitors what they need to know without unnecessary padding; they’ll appreciate that you get right to the point and will be more likely to return for repeat visits. If your site is a ecommerce site, make sure that the checkout process is quick and easy and that any forms that customers need to fill out are as short as possible. The longer it takes them to complete the process, the more likely they are to decide to take their business elsewhere.

Clarity and Intuitive Navigation:

Apply what is known as the “alien test” to your website. Imagine that you are an alien visitor who just landed on the planet; can you look at your website and tell in 10 seconds or less what it’s all about?

The point of this test is to show the importance of making your site as self explanatory and easy to understand as possible. Your visitors should know at a glance what your site offers and how to find what they’re looking for.  This refers to both the content on your site, which should be as clear as possible and your site’s navigation, which should be equally straightforward. Include a navigation bar on every page with clearly labeled links to the pages and other content on your site which your visitors want. If visitors can’t figure out quickly where to find the information they’re looking for or your site is difficult and confusing to navigate, they’re not going to stick around for long.

Content:

Content isn’t a matter of web design in the strictest sense, but it is so important to your Dallas Web Design site’s usability and its ability to draw visitors that it should be given the same kind of attention and care. Content is king on the web, just as it always has been and having well written content on topics which are relevant to your visitors can go a long way towards helping you attract an audience, especially through organic search engine optimization. You don’t need to flood your site with content, but adding some new and informative pieces to your site on occasion can help to drive traffic as well as making your site more useful to your readers.

Security and privacy:

Consumers are becoming more savvy about online security and especially if you have an ecommerce site, you need to pay a lot of attention to ensuring that your site is secure enough that visitors will feel comfortable doing business there. Even if your site is not overtly commercial, your visitors want to know that their privacy is as important to you as it is to them; unless you have a legitimate reason for doing so, don’t ask your visitors to give out personal information or you may risk losing them. If you’re selling something, your visitors will be willing to share contact information with you once they decide to make a purchase from you - no one is too eager to give out this kind of information unless they need to, even if your site’s security is impeccable.

Tags: , , , , , , , ,
Posted in Web Design | No Comments »

HIPAA requirements, safeguards, and laws.

Monday, June 8th, 2009

Below are the administrative and physical safeguards as outlined in the Federal Register. These requirements are items that must generally be addressed internally, even if you are outsourcing your email.

Standard: ADMINISTRATIVE SAFEGUARDS Sections Implementation Specification Required or Addressable
Security Management Process 164.308(a)(1) Risk Analysis R
Risk Management R
Sanction Policy R
Information System Activity Review R
Assigned Security Responsibility 164.308(a)(2) R
Workforce Security 164.308(a)(3) Authorization and/or Supervision A
Workforce Clearance Procedures R
Termination Procedures A
Information Access Management 164.308(a)(4) Isolating Health Care Clearinghouse Function R
Access Authorization A
Access Establishment and Modification A
Security Awareness and Training 164.310(a)(5) Security Reminders A
Protection from Malicious Software A
Log-in Monitoring A
Password Management A
Security Incident Procedures 164.308(a)(6) Response and Reporting R
Contingency Plan 164.308(a)(7) Data Backup Plan R
Disaster Recovery Plan R
Emergency Mode Operation Plan R
Testing and Revision Procedure A
Applications and Data Criticality Analysis A
Evaluation 164.308(a)(8) R
Business Associates Contracts and Other Arrangement. 164.308(b)(1) Written Contract or Other Arrangement R
Standard: PHYSICAL SAFEGUARDS Sections Implementation Specification Required or Addressable
Facility Access Controls 164.310(a)(1) Contingency Operations A
Facility Security Plan A
Access Control and Validation Procedures A
Maintenance Records A
Audit Controls 164.312(b) R
Integrity 164.312(c)(1) Mechanism to Authenticate EPHI A
Workstation Use 164.310(b) R
Workstation Security 164.310(c) R
Device and Media Controls 164.310(d) Disposal R
Media Re-use R
Accountability A
Data Backup and Storage A

Tags: , ,
Posted in Uncategorized | No Comments »

Can a patient inspect their own records?

Wednesday, May 27th, 2009

secret

The HIPAA concentrates a lot on protecting PHI from other people, but can a patient see their own records?  In a word yes, after all the patient is the one being talked about in them!

A patient has the right to inspect a copy of their own PHI without charge at any time within reason.  A patient also has the right to obtain a copy of their records, again within reason.  An organization has the right to charge a fee for making a copy, ostensibly to cover the administration cost of the request.  As a record can in some cases be thousands of pages long, the patient should perhaps be selective about what is requested.

Apart from general curiosity there are many reasons why a patient would want to access their PHI.  The records can be used to seek a second opinion on a diagnosis or treatment, having a copy of the record would speed things up considerably.  As would having a copy when accessing a new doctor if a patient changed area or state.  Records are transferred as part of the procedure when changing practitioners, but having a copy of a record would speed things up if something was needed instantly.

Many decisions are based on the contents of a medical record.  If a patient believes they have had decisions that seem incorrect or unfair, then it is logical to find out on what information that decision is based.  If a patient was refused insurance, or the insurance refused a payout then it would also be a good idea to check the records. There may be mistakes or incorrect information in the record that needs to be changed that only you would recognize.  Although having a medical record amended can be a bit of a pain…

Then there is the thorny issue of malpractice.  The PHI may form either the basis or evidence towards a malpractice suit.  Having a copy will aid this both for the patient and their lawyers.

In the end, the patient has the right to view or copy their own medical records.  They don’t even have to have a reason, or disclose it if they don’t want to.

Tags: , , , , ,
Posted in Uncategorized | No Comments »

HIPAA Overview

Wednesday, May 27th, 2009

hipaaThis innocuous acronym stands for Health Insurance Portability and Accountability Act.  This is a federal statute that was enacted in 1996 to attempt to protect the medical records of citizens.  The Act itself is massive, and covers many aspects of medical care and the handling of records and information.  The two that are relevant to our needs are the privacy rule and the security rule.  Both of which will be covered in depth later.  There are other rules provided under the act and they are the Enforcement Rule, the Transactions and Code Sets Rule and the Unique Identifiers rule.

The idea was to have an all encompassing act that covered as much ground as possible with regards patient privacy and confidentiality.  As expected the act is complicated and convoluted even for lawyers to work with, let alone the people it is designed to protect.  It serves to protect any medical record that an individual may have and attempts to afford these records as much control and privacy as possible. The people responsible for enforcing the privacy aspect of HIPAA is the Office for Civil Rights (OCR) and took effect in April 2003.

Within the act, patients are called ‘individuals’ and their medical records are called ‘PHI’ or ‘Personal Health Information’.  Any organization who handles PHI, or pays or receives electronic payment from an organization that conforms to HIPAA is subject to it.  PHI itself is regarded as any “individually identifiable health information” used, stored or transferred by any organization or entity, in any form.

There was a myth that the HIPAA only covered electronic information, but this is false.  It covers medical information as above in any form or media.  It doesn’t matter if it is electronic, paper or oral, the act applies.

The PHI itself is anything that could even loosely identify an individual and associate them with medical information.  It includes any past, present or future medical conditions, any healthcare provision information and any payments related to any healthcare provision.

Basically this all means that an organization covered by HIPAA is not permitted to disclose medical information to anybody unless the individual authorizes it or the privacy rule itself requires it.

Tags: , , , ,
Posted in Uncategorized | No Comments »