Handling PHI ? Basic Protocols

Posted by Ecareindia on October 1st, 2013

PHI (Patient Health Information) plays a vital role in the healthcare domain by providing clinical efficiency, enhanced patient care and hassle-free medical billing. So, what is PHI? It documents the history of medical (physical or mental) conditions of a particular patient. To carry out healthcare billing PHI is shared amongst healthcare providers, US medical billing companies and offshore medical billing companies.

The use and disclosure of PHI is restricted by the Privacy Rule, which is included in the HIPAA (Health Insurance Portability and Accountability Act) of 1996 and came into effect in April 2003 and the more recent HITECH Act. The HIPAA standard also includes the Security Rule, which helps secure PHI in electronic form. US medical billing companies (Covered Entities) or allied offshore medical billing companies (Business Associates) should follow some basic protocols while sharing and handling PHI to comply with HIPAA. They are as follows:

FTP Sharing: It is highly essential that US medical billing companies as well as offshore medical billing companies exchange PHI data through a secure way. The FTP used by either of the companies must be compliant with standards like HIPAA, PCIDSS (Payment Card Industry Data Security Standard), SOX (Sarbanes–Oxley Act of 2002) to ensure secure transfer of data.

Email Transfer: Email is the easiest and fastest way of transferring PHI data. However, US healthcare billing and offshore medical billing companies must make sure that they encrypt the mail before sharing. Checking if they comply with HIPAA Privacy Rule is also very important. According to this rule, billing companies can share PHI only with those who are permitted to handle the data. In addition, they should make sure that only the information that will accomplish the business needs is shared.

If the mail is password protected, then the password must be delivered through a separate email. Sometimes the two parties who exchange confidential information decide upon a standard password to decrypt the email every time. A disclaimer notice included at the bottom of the password-protected email can keep medical billing companies from security risks.    

Fax: If US healthcare billing or offshore medical billing companies use the fax mode for transferring PHI data, then they must use a fax cover sheet, which contains basic information like the sender’s name and number of pages faxed. Checking the recipient’s fax number twice before sharing PHI will enhance the security during file transfer.  Also the transmission report needs to be checked every time to make sure it was sent to the correct number and the fax was successfully sent.      

Commercial Cloud Providers: US medical billing and offshore companies can use the commercial cloud providers to store and share PHI data. However, they must make sure that such providers are highly secured and have more than two layers of authentication.

Finding an offshore medical billing company that prudently follows these basic protocols can be a Herculean task. However, when US healthcare billing companies choose to partner with www.ecareindia.com , then there need not be any worries. This offshore medical billing company is ISO 27001:2005 and 9001:2008 certified as well as HIPAA compliant.     

About e-Care India:

e-Care India is one of the renowned medical billing companies in India that promises the above mentioned benefits with total customer satisfaction. With 12 years of experience in the industry, e-Care’s three offshore medical billing delivery centres have been providing end-to-end medical billing services seamlessly to its clients. To know more about e-Care and its services, log on to http://www.ecareindia.com