The electronic prescribing of controlled substances (EPCS) has been a topic of discussion surrounding the ways we can take preventive measures and utilize technology. The use of EPCS can make a difference by streamlining clinical workflows and providing critical security measures that are designed to help prescribers prevent prescription drug abuse. Using this as a management tool would also help with drug-drug interactions, inappropriate dosing, and dosage reminders, which could help reduce errors as well as enhance the safety of patients.
The HIPAA Privacy Rule ensures clients’ privacy rights and protections regarding their health information. Nevertheless, the Privacy Rule recognizes when health information may need to be shared to make sure clients receive the best treatment and to ensure the health and safety of the client or others.
Sharing information related to mental health
HIPAA permits mental healthcare providers to share protected behavioral health information in the following instances.
- Communicate with a client’s family members, friends, or other responsible parties directly involved in the client’s care. You should get the client’s written consent first, if possible.
- Communicate with family when the client is a dependent adult or a minor.
- Consider the client’s capacity to agree or object to sharing information. Per HIPAA, this could include when a client is “unconscious, experiencing temporary psychosis, or is intoxicated and cannot agree or object.”
- Involve family members, friends, or other responsible parties when clients fail to adhere to medication.
- Listen to family members about clients receiving mental health treatment.
- Communicate with family members, law enforcement, or others if the client poses a “serious and imminent threat of harm to self or others.”
- Communicate with law enforcement about the release of a client brought in for an emergency psychiatric hold.
HIPAA Privacy Rule allows disclosure of mental health information for treatment in the above situations and other purposes with appropriate protections.
- Disclose only the minimal amount of information necessary for the intended purpose.
- Psychotherapy notes get heightened protection by the Privacy Rule, which restricts them from release.
- There may be federal regulations governing alcohol and drug abuse confidentiality, and state laws may offer more stringent protections.
If you’re faced with a medication compliance situation with a client, you may communicate with family members or other responsible parties about the compliance issues. This can help you guide your client towards medication compliance and a better outcome for treatment.
On the other hand, only divulge the minimum amount of information required. Be cognizant of both the Privacy Rule and the restrictions on protected mental health information.
The Remarkable Health difference
Remarkable Health’s flagship platform, CT|One, offers a fully integrated behavioral health EHR platform that offers medication compliance and safeguards to help you properly treat your clients with minimal risk.
CT|One has a drug/drug and allergy interaction alert that activates if a known interaction exists. It alerts the user as well as provides information on the specific interaction and the resource from which it came. The interaction alert recognizes minor, moderate, and severe levels, and you can configure it to suppress alerts.
Remarkable Health is proud to be recognized as one of “The Best of Future: Companies To Watch In The Years Ahead” by BestCompaniesAZ as part of their 15th anniversary serving Arizona’s business community. This category of “Best of Future” honors companies that demonstrate great potential for growth and representing a new era of businesses in Arizona.
“Great companies are the product of amazing people,” said Peter Flick, CEO of Remarkable Health. “We have created a culture that celebrates having fun while achieving operational excellence, which has brought and continues to draw in great talent. Being listed as one of the 100 Best companies in Arizona is a huge honor and proves that what we are doing works. We are building something special in Phoenix.”
Remarkable Health’s core values are centered on people and culture. We understand that our associates make this company Remarkable and we continue to invest in them to build a best-in-class organization. We’re excited about the team we’re building, the future of our company, and how we can serve the behavioral health industry.
Check out Remarkable Health in the latest article by BestCompaniesAZ: https://bestcompaniesaz.com/introducing-the-best-of-future-companies-to-watch-in-the-years-ahead/
About Remarkable Health:
Remarkable Health (formerly ClaimTrak) is a leading Provider Success Software company focused on the Behavioral Health and Human Services community. For the last 25 years, our software has enabled hundreds of health care providers to improve more lives by spending less time in front of a screen and more time helping their clients. Our flagship product, CT|One, is a complete hosted Electronic Health Record (EHR) – Clinical, Billing, Scheduling, Medication Management / e-Prescribing, Reporting, etc. – for inpatient, outpatient and residential settings.
BestCompaniesAZ is a consulting firm dedicated to identifying, developing and promoting great workplaces. BestCompaniesAZ has been at the forefront of building sought-after employer brands and prestigious workplace awards programs since 2002, including the “2003 Best Companies to Work for in the Valley” program (published by the Phoenix Business Journal), Arizona Most Admired Companies (published by AZ Business Magazine and BestCompaniesAZ), and Top Companies to Work for in Arizona (published by azcentral and Republic Media). BestCompaniesAZ provides consulting services for organizations committed to workplace excellence, including employee surveys, best practices, national and local public relations, employer branding, culture development and promotional services. For more information, visit http://www.bestcompaniesaz.com or phone 480-545-5151.
Choosing the right solution for your behavioral health EMR compliance requirements is imperative.
Do you know what to look for?
Find a behavioral health EMR solution that has received certification by the Office of the National Coordinator (ONC). This ONC HIT certification means the EMR solution has shown the technological capability, functionality, and security requirements required by the Secretary of Health and Human Services.
How CT|One helps you achieve EMR compliance.
- Restricting access to certain windows using passwords. Restrict access by setting a password on specific windows and only providing the password to users who need it.
- The ability to restrict access to a specific client’s chart to specific staff. CT|One calls it Client Lookup Restrictions. For example, if an agency has an employee’s family member in for treatment, the system admin can “lock down” this chart. Only specific supervisory staff may see it. This could extend to any situation, such as a celebrity or dignitary in for treatment.
- CT|One’s medication module uses Medication Permission Levels to determine who can add a medication to a client and who can add a medication on behalf of another staff.
- Assessments/documentation are due at specific intervals, which makes complying with clinical documentation challenging. CT|One has an alert feature you can configure to alert when this documentation is missing, about to come due, or is past due. It also allows for a wide range of “if then” scenarios to be set up that result in an alert to a user.
A fully integrated EMR is an investment in your agency’s future and your clients’ care.
The right behavioral health EMR solution can help you achieve EMR compliance. It can remove the administrative barriers that keep your staff and clinicians from spending more time with clients.
A mixed bag of systems/solutions won’t offer the robust system you need for behavioral health EMR compliance.
CT|One is the answer.
Remarkable Health’s fully integrated behavioral health EMR platform, CT|One, has the functionality you need for the entire client lifecycle. And it can help you with compliance.
Imagine this EMR solution and the difference it could make. What could your agency accomplish?
Schedule a demo.
Contact Remarkable Health today to schedule a demo of CT|One. CT|One dramatically increases efficiencies, giving clinicians more time with clients so they can create remarkable outcomes.
HIPAA privacy compliance is a serious matter for behavioral health agencies, and failure to comply can result in crippling financial penalties or even criminal charges.
This handy HIPAA EHR compliance checklist will help you make sure your system meets or exceeds the compliance safeguards.
HIPAA EHR Compliance Checklist
- Know what constitutes protected health information (PHI), and pinpoint all instances of PHI in your organization.
- Identify someone in your agency who will serve as a patient privacy champion. Make him or her your formal “privacy official.” This person will create and implement policies and processes designed to ensure full compliance with HIPAA privacy standards. Other staff should feel comfortable coming to your privacy official with concerns, questions, and requests.
- Develop a Notice of Privacy Practices that “provides a clear, user-friendly explanation of individuals’ rights with respect to their personal health information” and your agency’s privacy practices. Distribute your notice to all clients and staff.
- Record all uses and disclosures of PHI in your organization. The right EMR compliance solution automates this step.
- Allow patients an appropriate level of control over their own PHI, like an access portal to their information. Make sure it is consistent with the HIPAA Privacy Rule.
- When necessary, get explicit, written consent to disclose PHI.
- Stick to the “minimum necessary” method for disclosing PHI. Only use, give or ask for the least amount of PHI to carry out the intended purpose.
- Create a list of your business associates (e.g., any external company that may be exposed to your clients’ PHI). Make sure you have signed Business Associate Agreements with each.
- Implement adequate physical, technical, and administrative safeguards per HIPAA’s Security Rule to prevent illegal PHI disclosure—whether disclosure is intentional or unintentional.
- Make sure your staff has continuous training on HIPAA policies and procedures. Your privacy officer should keep a record of the policies and document associated training.
If you follow the above checklist, your behavioral health agency will be in a good position on HIPAA EHR compliance and privacy rules. Since HIPAA compliance is a serious matter, action steps like the ones mentioned here will get you closer to compliance.
The Remarkable Health difference
Remarkable Health’s CT|One is a fully integrated behavioral health EHR solution designed to improve client care and achieve efficiencies. You also get help automating administrative and technical privacy safeguards to achieve HIPAA compliance.
Contact us today to request a demo of CT|One today to discover the power of an EHR solution designed specifically for behavioral health providers.
EHR systems are software or an electronic program that keeps client charts safer and more secure than traditional paper charts.
Since mental health EHRs contain protected health information (PHI) in a secure hosting environment, whether cloud-based or on-site, they are accountable to HIPAA compliance.
Here are the top 5 considerations for HIPAA and EHR implementation.
#1—Enhance your agency’s administrative controls
Your first action step should be to update policies and procedures for employees to follow the HIPAA safeguards. A well planned policy and procedure manual distributed to staff will help you make sure everyone knows what privacy and security of PHI entails.
Next, provide stringent training to employees so they are aware of and on the lookout for security risks and malicious attacks. Make sure you document employee training for verification.
Finally, make sure you run background checks on all employees.
#2—Monitor physical and system access
Create physically inaccessible safeguards to prevent against unauthorized individuals. This could be as simple as locking office doors and ensuring your EHR system has an automatic logoff feature for idle workstations.
You also need contingency plans in place in case of emergencies. Cover who has access to PHI and how PHI is accessed.
Thirdly, each employee should have unique passwords and PINs a central position monitors. It is also good to change passwords periodically.
Lastly, make sure you can password protect certain windows or screens in your EHR to restrict access to only those who need it.
#3—Audit system users
A system audit is a log that captures all attempts to access EHRs and PHI and documents the access results.
Identify weaknesses in how users access your behavioral health EHR system that could leave a hole for unauthorized users. Make each employee aware of proper procedures to tighten up any holes.
Next, you should educate users on how to detect possible security breaches or attempts. This is an ongoing practice requiring awareness training and refresher courses to keep everyone diligent.
Finally, publish the consequences to employees for not complying with HIPAA guidelines and your policies and procedures.
Data encryption is one of the most important aspects of HIPAA and EHR implementation. Make sure your EHR platform encrypts data during transmission and decrypts received data.
To make the most out of your encryption procedures, use data encryption best practices and expert methods.
When it is time to dispose of PHI, make sure you do it properly. Create policies and procedures for PHI destruction and disposal and make sure staff adhere. This is applicable for both electronic and paper PHI.
Remove any data from hardware you are repurposing, and keep track of where hardware moves and the loaded information on each machine.
These 5 considerations will help streamline your EHR implementation and keep you compliant with HIPAA safeguards and regulations. There is truth in the saying “An ounce of prevention is worth a pound of cure.” Use the above to proactively safeguard your PHI before, during, and after implementation.
The Remarkable Health difference
Remarkable Health’s CT|One is a fully integrated behavioral health EHR platform that lets you easily record, track, and manage client progress and administrative efforts like scheduling, billing, and reporting.
Our easy-to-use behavioral health EHR platform ties all aspects of your agency into one comprehensive system. Improve your workflows and create efficiencies that result in better client outcomes. CT|One removes the administrative barriers so you can spend more time with clients, helping them become better versions of themselves.
Behavioral health agencies handle clients’ sensitive, protected health information (PHI). Therefore, EMR compliance is a primary concern for both your agency and your clients.
The HIPAA Security Rule contains the standards to safeguard and protect PHI while in transit. The Security Rule as three parts, and the following checklist addresses each one.
Each action item will help you achieve EMR HIPAA compliance, mitigating the risk of substantial fines and criminal or civil charges for failure to comply.
- Access control. Access control includes centrally-controlled, unique usernames and passwords for each user. Also included are your procedures on how you’ll release PHI during an emergency.
- Encryption and decryption. Your EMR system should encrypt data during transmission, decrypting the data when received.
- Audit controls. Audit controls are logs of attempted access to PHI. They record what users do with the data once they access it.
- Automatic logoff. Your system should automatically log off users after a period of idle time to prevent unauthorized access to unattended devices.
- Physical access. Create procedures to control and record any person who has physical access to stored PHI, including safeguards to prevent unauthorized access. This includes every staff member from management to the janitorial staff.
- Workstation use. Implement policies restricting use of workstation with access to PHI and how users can perform functions on those workstations.
- Hardware inventory. Inventory all hardware and keep a record of where each item moves.
- Risk assessment. Conduct risk assessments to identify potential weaknesses where breaches of PHI could occur.
- Risk management policy. Create and test a risk management policy at regular intervals that includes sanctions for employees who fail to comply with HIPAA regulations.
- Employee training. Train employees to be secure, raise awareness, and identify malicious software or attacks. Document all training.
- Contingency plan. Develop a contingency plan detailing how you will continue critical business processes and protect the integrity of your PHI during an emergency. Test your plan periodically.
- Third-parties. Restrict third-party access. Make sure all business associates sign Business Associate Agreements.
- Breach policies. Develop policies and procedures on when and how to report an incident, and take daily action to prevent a breach.
Keep this EMR HIPAA compliance checklist handy to help you cover the Security Rule’s important technical, administrative, and physical safeguards. By proactively learning and acting upon this EMR HIPAA compliance checklist, you’ll mitigate the risk of a breach—which no one wants.
The Remarkable Health difference
Remarkable Health’s CT|One is a fully integrated behavioral health EMR system designed to improve client care and achieve efficiencies. You get practical and accessible functionality to help you achieve compliance. From automatic logoff to passwords restricting screens from unauthorized users, CT|One can help you with the everyday concerns of EMR HIPAA compliance.
Contact us today to request a demo today to discover the power of an EMR solution designed specifically for behavioral health providers.