Patient Engagement in Healthcare

Payers and Providers Plan to Use Generative AI to Improve Patient Engagement

Generative AI (genAI) has tremendous potential in healthcare, with payers enthusiastic about using genAI to enhance the patient experience and improve patient engagement and outcomes. A recent survey of CXOs at 350 U.S. health plans and health systems by HFS Research and Cognizant explored the impact of genAI on consumer experiences and engagement. The U.S. healthcare system is experiencing deteriorating health outcomes, declining life expectancy, an increase in chronic conditions, and opioid and mental health epidemics. At the same time, technological innovation is accelerating, AI systems are being adopted at scale, there has been a resurgence in digital-health-fueled primary care, and the introduction of innovative care models. Together there are significant opportunities for reducing costs, enhancing the experiences, and improving health outcomes.

One of the ways that these goals can be realized is through the use of genAI. Surveyed payers were convinced that gen AI was a game changer and would be invaluable in improving the efficiency of administrative functions, especially customer service and claims management, and they were also planning to use genAI to improve member engagement, health and wellness, and the value of coverage.

18% of payers plan to apply genAI to address member management, including hyper-personalization to improve member engagement and streamline interactions with providers. 16% said they plan to use genAI to address the needs of multiple generations and help them with disease prevention and wellness. 14% said they plan to use GenAI to develop dynamic health plans that can adapt throughout the year based on member needs and circumstances, gleaned from social determinants of health (SDOH) while tailoring plans to the individual. Providers generally accepted that genAI has the potential to have a positive impact on care delivery but were less convinced than payers about the impact genAI will have.

Across these two groups, more than 70% of respondents anticipated that the greatest impact of genAI would be on health outcomes and the consumer experience. Approximately 50% of payers and providers said they plan to invest between $1 million and $10 million in genAI, with around 70% of respondents saying that money will be invested in the next two years. While there is a great deal of enthusiasm around genAI and significant investment, only 20% of payers and providers have a GenAI vision, and that must change if they are to improve the success of their investments.

One of the main challenges highlighted by the survey will be the lack of appropriate skills. Payers and providers will need people with programming, statistics, machine learning, data processing, and visualization skills, and those skills are in high demand for other emerging technologies and managing current operations; however, using systems such as ChatGPT, which use plain English language, will reduce the demand for high skills without competing with applications that require technical skills. Further, since the skills to deploy genAI are geography agnostic, providers and payers will be able to recruit from the global talent pool.

The post Payers and Providers Plan to Use Generative AI to Improve Patient Engagement appeared first on HIPAA Journal.

7 Benefits of Patient Scheduling Software

Patient scheduling software is software that can be used by patients to self-book healthcare appointments, by physicians to fill their schedules, and by medical practices to synchronize patient appointments with physician and treatment room availability in order to optimize the use of time and resources. Depending on the capabilities of the software and how it is used, there can be dozens of benefits of patient scheduling software. This article discusses the seven most common benefits.

How Does Patient Scheduling Software Work?

Patient scheduling software most often consists of a cloud-based appointment booking platform which integrates with a healthcare organization’s practice management system and EHR system. Patients access the platform via a web link, patient portal, and/or mobile app to see what slots are available for their preferred physician – or the most relevant physician – and self-book appointments. The booking platform automatically adds each self-booked appointment to physicians’ schedules.

Physicians access their schedules via a web portal or mobile app and can instantly see what their schedule looks like and where gaps exist. Depending on how the platform is integrated with an organization’s practice management system and EHR system, physicians can fill the gaps by sending a text message, email, or push notification via the platform inviting patients with non-urgent health needs (i.e., patients due for a routine health check) to book an appointment in an available slot.

The patient scheduling software gives practice managers a holistic view of patients’ bookings, physicians’ schedules, and – when the platform supports patient messaging – the nature of consultations (i.e., pediatric care, immunizations, home visits, etc.). The holistic view enables practice managers to ensure the right people are in the right place at the right time and that preparations are made (for example) for assisting patients with mobility issues or for consultations that may require infection containment.

The 7 Benefits of Patient Scheduling Software

Because different medical practices differ in size and operate in different ways, there is no one-size-fits-all patient appointment scheduling software. It is up to each individual practice to evaluate the options in order to determine the best patient scheduling software solution for their needs. However, whichever online patient scheduling system is selected, it should be capable of delivering the following 7 common benefits at a minimum.

#1 Improved Patient Experience

To fully appreciate how patient self-scheduling software can improve the patient experience, it is best to consider how the availability of patient self-scheduling software is preferable to a patient who lacks the confidence to speak on the phone about their condition with a receptionist, whose first language is not English, or who is too ill to speak – but capable of tapping buttons on a mobile device.

In addition, by giving patients the convenience to book appointments when the practice is closed, the control over which physician they see and when, and the ability to message the practice ahead of the appointment, patients are empowered to take responsibility for their wellbeing – leading to increased patient compliance with prescribed medications and therapies, and better patient outcomes.

#2 Minimized Patient Wait Times

One of the ways in which patient appointment scheduling software minimizes patient wait times is automated gap filling. It was mentioned above that, when a physician identifies a gap in their schedule, they can search practice databases to identify patients with non-urgent health needs and invite them to book an appointment in an available slot to fill the scheduling gap.

As an alternative, some patient appointment scheduling software can analyze appointments already booked for future dates to see if any match the available physician. These patients can then be contacted via their preferred channel of communication (i.e., text message, email, or push notification) to see if they would like to bring their appointment forward to fill the scheduling gap.

#3 Prioritized Care for Urgent Needs

The process of bringing appointments forward to fill scheduling gaps can also be used in reverse to push appointments back or reschedule appointments if a patient with urgent or complicated needs has to be prioritized. In such cases, the patient scheduling system can automatically contact patients with non-urgent appointments to advise them of the change of time/date and request confirmation.

Patients with urgent or complicated medical needs are more likely to require longer appointments or multiple appointments. To reschedule non-urgent patients manually is not only complex and time-consuming, but also prone to errors and miscommunications – notwithstanding that some patients with non-urgent appointments may become abusive over the phone when advised of the change.

#4 Reduced Cancellations & No Shows

A feature that all software for scheduling patient appointments should include is an automated patient reminder. Because some patients with non-urgent medical needs might book an appointment a long time in advance (i.e., during their next vacation from work), this feature sends a reminder to patients before appointments in order to reduce cancellations and no shows through forgetfulness.

The automated patient reminder feature should be customizable so the wording of the reminder can be adjusted to be appropriate for the circumstance. While it can be beneficial for patient attendance to send reminders that use strong and committed language, it may be inappropriate to send a strong and committed message to a patient who has made an appointment for grief counselling.

#5 More Efficient Resource Management

This benefit of automated online patient scheduling not only applies to making better use of physicians’ time, reducing the overhead of managing patient waitlists, and being able to turn off the heating earlier when a treatment room is not going to be used for the rest of the day, but it can also apply to other resources used by the medical practice.

One important resource for small to medium sized medical practices is staff training. All medical practices are required to provide HIPAA training, OSHA training, and emergency preparedness training, and it is difficult to provide group training when physicians have overlapping schedules. By scheduling patient appointments to coincide, staff training can be provided to all members of the workforce at the same time – making more efficient use of training resources.

#6 Improved Billing and Payment Processes

When patient scheduling software is integrated into a practice management system, practice managers can use the same communication tools as used by physicians to fill scheduling gaps in order to bill patients and send payment reminders. The difference between the two processes is, rather than a text message, email, or push notification directing a patient to an appointment scheduling portal, they are directed to a payment portal.

In some cases, integrations between patient scheduling software and practice management systems can support card-on-file payments – similar to those used by multiple online shopping websites. Card on file payments can accelerate collections from patients, reduce non-payments, and protect both patients and practices from credit card fraud. It is also claimed that card on file payments builds trust between practices and patients and contributes towards patient retention.

#7 HIPAA Compliant Messaging

Online patient scheduling and payment systems do not only have to be used for patient scheduling and payments. Cloud-based appointment booking platforms have to be secure by design to safeguard the privacy of Protected Health Information (PHI), and this means they can be adapted for other HIPAA compliant messaging purposes that can further improve the patient experience.

Patients may be able to raise health concerns via the platform that can be answered by a physician without the need to visit the practice. Patients may also be able to request copies of PHI or download PHI via the system, while physicians can send patients electronic consent forms to sign digitally ahead of a procedure. Practices can also use the platform to (for example) alert patients to a change in their HIPAA Notice of Privacy Practices.

Patient Appointment Scheduling Software and HIPAA Compliance

Before using patient appointment scheduling software, it is important to consider the implications for HIPAA compliance. This is because no software (of any type) is HIPAA compliant, and even the best patient scheduling software can only support HIPAA compliance. In addition, depending on how the system is accessed by patients, it may be necessary to educate patients about online security.

The reason for educating patients about online security is if, for example, the patient scheduling system connects with an EHR so patients can view their medical histories, patients need to be alerted to the risks of using weak passwords (if the system is accessed via a web portal) or not PIN-locking their mobile devices (if the system is accessed via a mobile app). All advice provided to patients should be documented in case of a subsequent disclosure of PHI attributable to patient negligence.

Workforce members must also be trained on security best practices to prevent data breaches attributable to phishing, malware, and ransomware; while system administrators must ensure the patient appointment scheduling software is configured to comply with the Administrative and Technical Safeguards of the Security Rule (compliance with the Physical Safeguards is most often a shared responsibility between the medical practice and the software vendor).

It is also important that a Business Associate Agreement is entered into with the software vendor before any PHI is disclosed to the vendor and before the patient scheduling software is integrated with a practice management system or EHR. The requirements for a valid HIPAA Business Associate Agreement can be found here; and, if practice managers have any further questions about patient appointment scheduling software and HIPAA compliance, it is advisable to seek professional compliance advice.

The post 7 Benefits of Patient Scheduling Software appeared first on HIPAA Journal.

Increase Staff Productivity & Reduce No Shows With Better Patient Engagement

Healthcare organizations of any size can streamline workflows, increase staff productivity, maximize revenue and reduce no shows by up to 90% as benefits of patient engagement technology.

Benefits Of Patient Engagement TechnologyPatient-centric functionality enhances patient communications with automation, including appointment notification and reminders, online patient scheduling, waitlist management with last-minute cancellation fulfilment, patient experience surveys, and many other features. These can significantly enhance your patients’ perception and experience of your practice.

Typically, HIPAA compliant patient engagement systems integrate easily with all existing practice management software and have a fast return-on-investment.

Surveys Show Patients Appreciate Patient Engagement Technology

Healthcare providers have been slow to adopt communication technology, but according to an Accenture Survey, 60% of patients prefer to use technology for patient-provider communication. This is in part because the Covid crisis altered patient behaviors and expectations of technology usage in healthcare practices. Patients appreciated the more personalized interactions and faster response times that patient engagement technology brings.

Benefits Of Patient EngagementHighlighting the need to prioritize new patient acquisition and loyalty, an Actium survey** says 61% of patients want better patient engagement. 44% of respondents said they don’t regularly see their doctor and 30% said they don’t have a usual source of care, leaving the door open for organizations to register new patients.  The consumers interviewed also said that stronger patient engagement will help them go to clinics for preventive screenings and wellness checks.

Better Patient Experiences

By offering a better patient experience healthcare providers will bring patients into their clinics and keep them coming back. Adding patient engagement to practice management systems enables a clinic to connect with patients in a way that not only engages, but activates, them and makes the patient experience frictionless.

HIPAA compliant patient engagement can be easily added to any existing practice management system to enhance patient communication.

Benefits Of Patient Engagement To Healthcare Providers

  • Benefits Of Patient Engagement To Healthcare ProvidersReduce No Shows – Up to a 90% improvement in missed appointments.
  • Maximize Revenue – Patient engagement systems automatically fill empty schedule slots and encouraging annual wellness visits generates downstream revenue.
  • Improved Productivity & Focus On Patients – Streamlining and automating 24 x 7 communication reduces the burden on front desk, eliminates errors, and enable staff to spend more time on patient care.
  • More Patients – Healthcare providers who offer 24 x 7 interaction with the practice attract more patients. Recent studies show that younger patients in particular actively seek out and are willing to switch to healthcare providers that offer better digital interaction.
  • Patient Loyalty – Better communication fosters patient loyalty and trust. The added option of post-appointment surveys allow clinics to adapt to individual patients’ needs.
  • Works With Existing Practice Management Systems – A patient engagement solution integrates with all existing practice management systems meaning it is simple and fast to add.

Benefits Of Patient Engagement To Patients

Patient Engagement SystemsAnother Actium survey* highlighted two of the top reasons that patients don’t utilize preventive care as “Making appointments is too much of a hassle” and “I simply forget to make them”. They say 61% consumers surveyed report that they would like to hear more from their doctor.

Implementing a patient engagement system can have many benefits for patients, including:

  • Convenience – 24 x 7 self-scheduling is far more convenient for patients who don’t want to call the clinic when they are busy with work or personal business.
  • Self-Care – Automation encourages patients to set appointments and keep their healthcare on track.
  • Digital Registration & Forms – patients can fill out forms at their convenience before visits.

Features Of Patient Engagement Technology

Automated Appointment Notifications

  • Automatically sends reminders to patients as you or they book in appointments to reduce no-show rates.
  • Create a series of two-way customized automatic notifications to confirm and remind patients of upcoming appointments.
  • Works seamlessly with existing scheduling software and spreadsheets.
  • Integrates with EHRs and EMRs.
  • HIPAA compliant and encrypted.

Patient Self-Scheduling

  • Patients can book their own appointments 24 x 365.
  • Include ‘Schedule Now’ or ‘Request an Appointment’ links in specified notifications and reminders and on your website, social media pages and email newsletters.
  • The clinic has full control over when patients can book appointments and how long they need for each appointment type.

Waitlist Management

  • Detects cancellations in schedules and automatically fills these vacant spots with people on the waiting list.

Continuing-Care Notifications

  • Notifies patients when they are due continuing-care appointments using your scheduling and delivery preferences.

Patient Reactivation

  • Identifies patients who are overdue for appointments by monitoring visit history and recall schedules.
  • Automatically notifies them to set appointments and keep their healthcare on track.
  • Sends reminders to schedule overdue appointments.
  • Extra reminders demonstrate to patients you care about them and value their patronage. These reminders can have a significant impact on overall retention rates.

Auto Rescheduling

  • Automate the time-consuming task of rescheduling patients after appointment cancellations and no-shows. The auto-rescheduling feature detects these events and automatically contacts patients to get them rescheduled without relying on staff’ intervention.

Fill My Schedule Now

  • Maximize revenue by filling empty slots in your schedule. Fill My Schedule Now only contacts patients that match the exact parameters set by the clinic, and those patients can then easily self-book their own appointments.

Digital Registration Forms

  • Digital registration enables you to email or text patients a link to a registration form they can fill out at their convenience before visits.

Find Out More

Find out more about the Benefits Of Patient EngagementFind out more about the benefits of patient engagement solutions by filling in a form on this page. You will be contacted by a member of staff from Rectangle Health our page sponsor.

You can ask questions, request a demonstration, or arrange a no risk evaluation, all with no obligation.

Since 1983 Rectangle Health has been providing technology solutions exclusively for healthcare organizations. Their fully HIPAA compliant solutions are used by over 60,000 healthcare providers in the U.S and they process over $6 billion of patient payments annually.


The HIPAA Journal has arranged a 10% reader discount on Rectangle’s list price for their patient engagement solution.

By supporting one of our sponsors, you are helping The HIPAA Journal to continue to provide our news service free of charge.

The post Increase Staff Productivity & Reduce No Shows With Better Patient Engagement appeared first on HIPAA Journal.

Is SparkPost HIPAA Compliant?

SparkPost is not HIPAA compliant because the terms and conditions of the now rebranded service prohibit violations of “any legal, regulatory, self-regulatory, governmental, statutory requirements of codes of practice”. As SparkPost lacks the safeguards to comply with HIPAA, any use of the service that discloses Protected Health Information (PHI) would be a violation of HIPAA.

SparkPost is an email service that enables customers to automate email processes (i.e., welcome emails), develop multi-step email campaigns, and send targeted bulk emails based on customer behaviors. Since the brand’s acquisition by MessageBird in April 2021, customers have also been able to take advantage of SMS marketing, WhatsApp marketing, and social media marketing capabilities.

The service’s appeal is likely to increase in the coming months following the announcement that MessageBird is being rebranded as and reducing its pricing to below that of its main U.S. rivals. The motive behind the rebranding exercise is rumored to be an attempt to get a bigger foothold in the U.S. market for the Dutch-based company ahead of an IPO in 2024 or 2025.

Using SparkPost in the Healthcare Industry

For organizations in the healthcare industry that send bulk communications (i.e., newsletters), SparkPost can manage more outbound mail than most SMTP email services, has excellent delivery rates, and produces open and click tracking analyses. However, none of SparkPost’s services can be used to send PHI to contacts without the authorization(s) of the subject(s) of the PHI.

This is because – at present – SparkPost does not have the necessary safeguards to comply with the requirements of the HIPAA Security Rule. In addition, SparkBird’s parent company – – will not currently enter into a Business Associate Agreement with customers. This may change if the rebranding and price drop attracts the interest of the U.S. healthcare market.

However, until this happens, the answer to the question is SparkPost HIPAA compliant is a solid “no”. Covered entities and business associates can use the service for bulk emails and allowable marketing activities, but not to collect, maintain, or transmit PHI. Organizations wishing to use a HIPAA compliant bulk communication service should review the many other available options.

The post Is SparkPost HIPAA Compliant? appeared first on HIPAA Journal.

Is JotForm HIPAA Compliant?

JotForm is HIPAA compliant and can be used to collect, store, and share Protected Health Information (PHI) provided businesses subscribe to a Gold or Enterprise plan and agree to the terms of JotForm’s Business Associate Agreement. Existing subscribers with a Starter, Bronze, or Silver plan must upgrade their plan to use JotForm in compliance with HIPAA.

JotForm is a software solution for creating online forms that can be used in the healthcare industry to simplify the collection and documentation of PHI. Use cases include collecting PHI during the patient intake process, documenting patient consent and authorizations, soliciting patient feedback, and scheduling appointments via forms embedded into a web page or patient portal.

JotForm integrates with multiple HIPAA compliant productivity and collaboration tools (i.e., OneDrive, Google Workspace, Salesforce, etc.) to streamline workflows and increase efficiency. Through these integrations, it is also possible to transmit PHI to EHRs or other systems to improve the patient experience. However, in order to use the software solution with PHI, it is first necessary to make JotForm HIPAA compliant.

How to Make JotForm HIPAA Compliant

The first step to making JotForm HIPAA compliant is to subscribe to a Gold or Enterprise plan, as these are the only two plans to support HIPAA compliance. Both the Gold and the Enterprise plans encrypt data, store data in a HIPAA compliant environment, and have the necessary access, activity, and auditing capabilities. Full information about JotForm and HIPAA compliance can be found here.

Organizations that have a Starter, Bronze, or Silver plan must upgrade their plan to make their use of JotForm HIPAA compliant. JotForm provides a wizard to help organizations upgrade to their new plan which imports data from the existing plan to the new plan and checks imported forms for compliance with HIPAA – highlighting any issues that need to be resolved before the forms can be imported.

Once a Gold or Enterprise plan is created, organizations are required to agree to the terms of JotForm’s Business Associate Agreement before using the account to collect, store, or share PHI. Like most major software providers, JotForm has a standard one-size-fits-all Agreement. Accounts holders must digitally sign the Agreement, after which a copy is sent to the account holder by email.

Considerations Before Using JotForm

JotForm is an excellent option for collecting, storing, and sharing PHI in compliance with HIPAA, but there are a few things organizations should consider before adopting the software solution or upgrading an existing plan to a Gold or Enterprise plan to make JotForm HIPAA compliant.

The first of these is how PHI will be transmitted from JotForm’s servers to individuals or systems. JotForm warns against the use of unencrypted email, but organizations should also be conscious of the fact that if an integrated service is being used (i.e., OneDrive), the integrated service also has to be configured to be HIPAA compliant and supported by a Business Associate Agreement.

In a similar vein, it is important to be aware that not all integrations with JotForm support HIPAA compliance. JotForm notes that although it is possible to integrate services such as HubSpot, Mailchimp, and Zapier into the platform, these services are not HIPAA compliant and should not be used to receive, store, or forward PHI to other services.

The final consideration is if an organization is an existing JotForm customer who currently collects non-covered data via website forms (i.e., names and phone numbers, but not health information). In such cases, it is worth considering that existing forms will be migrated from their current server to a secure server, and any embedded links to the existing forms will need replacing.

Organizations who are unsure about how to make JotForm HIPAA compliant or use JotForm in compliance with HIPAA should reach out to JotForm’s Support Team or seek compliance advice.

The post Is JotForm HIPAA Compliant? appeared first on HIPAA Journal.

Is Zendesk HIPAA Compliant?

Zendesk is HIPAA compliant for covered services in HIPAA-enabled Service Plans, provided organizations agree to the terms of Zendesk’s Business Associate Agreement and configure services to comply with Zendesk’s Security Configuration Requirements. Depending on how the platform is used, it may also be necessary to disable third party apps and integrations, or enter into separate Business Associate Agreements with third party software vendors.

Zendesk is a customer experience platform that was originally designed as a customer service solution but now also includes sales, customer management, and workforce productivity services. By default, Zendesk is not HIPAA compliant because it prohibits customers from storing or transmitting  Protected Health Information (PHI) under §2.3 of the Main Services Agreement unless “expressly agreed to otherwise by Zendesk in writing”.

However, because many customers want to use the platform to create, collect, store, or transmit PHI, Zendesk provides a number of options for overcoming this prohibition. These include subscribing to a HIPAA-enabled Zendesk Suite plan, or purchasing a HIPAA-enabled Add-On such as the Advanced Data Privacy and Protection Add-On which includes access logs, advanced encryption, redaction capabilities, and data retention policies.

The Zendesk Business Associate Agreement

Like many software providers, Zendesk does not sign customers’ Business Associate Agreements but instead provides a “one-size-fits-all” addendum to the Main Services Agreement/Service Order Form. The addendum covers all the necessary terms of a Business Associate Agreement and lists the responsibilities of both parties. It also lists which Zendesk services are covered by the agreement – which may be subject to change according to Zendesk’s “Advanced Compliance” web page.

The Advanced Compliance web page also notes that Zendesk does not maintain PHI in designated records sets. This means Zendesk is not required to comply with individuals’ request to obtain copies of PHI or make corrections to PHI at the customer’s request. Under the terms of the Business Associate Agreement, covered entities and business associates are solely responsible for complying with the patients’  rights requirements of the Privacy Rule.

Making Zendesk HIPAA Compliant

In addition to subscribing to a HIPAA-enabled Service Plan or Add-On and signing Zendesk’s Business Associate Agreement, it is also necessary for covered entities and business associates to configure services according to the Security Configuration Requirements to make Zendesk HIPAA compliant. This is not an “optional” requirement. It is a condition of the Business Associate Agreement, and customers that fail to make Zendesk HIPAA compliant could see the service terminated.

The Security Configuration Requirements are not particularly complicated for a system administrator with experience of the Security Rule, as they mostly consist of controls to meet the requirements of the Technical Safeguards (i.e., user authentication, automatic logoff, etc.). However, admins are advised to take care over how notifications are configured to prevent disclosures of PHI when the platform sends an acknowledgement of a support ticket by email.

Why User Training is Important

It is not only necessary to make Zendesk HIPAA compliant if covered services are going to be used to create, collect, store, or transmit PHI, but it is also important to train users on how to use Zendesk in compliance with its terms and conditions – particularly when users connect to Zendesk via personal mobile devices. This is because Zendesk places restrictions on how mobile devices are configured to secure PHI stored on the platform (see Section VIII of the Security Configuration Requirements).

In addition to training users to use Zendesk in compliance with its terms and conditions, it may also be important to train users how to use Zendesk in compliance with HIPAA – especially with regards to permissible uses and disclosures and the minimum necessary standard. Organizations who are unsure about how these HIPAA compliance requirements may affect their use of the Zendesk platform should seek professional compliance advice.


The post Is Zendesk HIPAA Compliant? appeared first on HIPAA Journal.

Is Ademero HIPAA Compliant?

Content Central by Ademero is HIPAA compliant and organizations in the healthcare sector can use the cloud-based document management system to streamline document-intensive processes and workflows when documents contain Protected Health Information (PHI). Ademero has told us the company is willing to enter into a Business Associate Agreement with HIPAA covered entities and business associates as necessary.

What is Content Central?

Content Central is an enterprise document management system that works by capturing documents and files from scanners, network folders, and email accounts, and converting them into searchable PDF files. The PDF files can be grouped together according to administrator-defined values and are stored in a secure cloud server for remote retrieval by authorized users. The process can significantly accelerate workflows by eliminating delays attributable to searching for and retrieving documents.

Once retrieved, documents can be shared with or among other authorized users via the Content Central platform without using external solutions. Alternatively, Content Central can be integrated with collaboration and productivity suites such as Microsoft Office 365 and Google Workspace – subject to the integrations being configured to support HIPAA compliance and a Business Associate Agreement being signed with the third party service provider.

Is Content Central by Ademero HIPAA Compliant?

Ademero Software has developed Content Central with HIPAA compliance at top of mind. The system includes unique user identification controls, automatic logoff, and emergency administrator access to comply with §164.312 of the Technical Safeguards. All documents are encrypted in transit and at rest, and the system’s audit controls allow administrators to track logon and logoff activity, file access, and document histories (i.e., edits, copies, and downloads).

Other than assigning user IDs (or integrating Content Central with an existing SSO solution), applying user permissions, and enabling or disabling “system fields”, there is little administrators have to do to make Content Central by Ademero HIPAA compliant. The company is flexible about the content of optional clauses in customers’ Business Associate Agreements and are happy to speak with compliance officers or system administrators who may have operational concerns.

Considerations before Adopting a Document Management System

There are two considerations to take into account before adopting a document management system – the first being that, when paper documents are converted into digital documents, members of the workforce may initially find PHI harder to access and tempted to take compliance shortcuts “to get the job done”. This risk of non-compliance can be overcome by tailoring HIPAA training to explain the purpose of the additional security measures and why they should not be circumnavigated.

The second consideration is the compliant disposal of PHI maintained on paper once it has been scanned and converted into a digital document. HHS’ Office for Civil Rights has published a fact sheet about the compliant disposal of PHI and has fined companies who do not comply with the HIPAA disposal requirements. If your organization is unsure about how best to dispose of PHI in compliance with HIPAA, it is recommended you seek professional compliance advice.

The post Is Ademero HIPAA Compliant? appeared first on HIPAA Journal.