SlideShare una empresa de Scribd logo
1 de 8
Descargar para leer sin conexión
Messaging in the Healthcare Industry


                       Executive Summary
                       Messaging is becoming more important in the healthcare
                       industry for a variety of reasons. The ability to communicate
                       via email with healthcare providers, payers and patients can
                       dramatically improve the quality of healthcare, can lower
                       healthcare costs by reducing adminstrative overhead and
                       can improve the overall quality and accuracy of
                       communications. Further, Osterman Research has found
                       that the use of email can influence a significant percentage
                       of patients to switch from one provider to another because
                       of the convenience that this communication medium
                       provides. This can result in a significant competitive
                       advantage to providers that make better use of these
                       technologies.

                       That said, messaging for healthcare-related organizations
                       imposes significant demands on users, their employers and
                       the vendors that supply their infrastructure. Certain types of
                       messages must be encrypted in order to satisfy both best
                       practice and statutory obligations for data confidentiality
                       and integrity. Further, it is a best practice for healthcare-
                       related organizations to maintain an easily searchable
                       archive of messages in order to satisfy the provisions of the
                       Health Insurance Portability and Accountability Act (HIPAA)
                       and other requirements, such as to conduct random
                       searches or reviews of emails sent to patients and others.
                       Failure to adequately protect confidential information can
                       result in significant civil or criminal penalties, as well as a loss
                       of reputation and other problems.

                       This white paper examines some of the key issues to consider
                       when evaluating or planning an upgrade of messaging
                       capabilities in a healthcare-related organization. It also
                       discusses Microsoft/FrontBridge’s offerings that are focused
                       on companies that manage healthcare-related information,
                       including providers of medical services, payers, life sciences
                       firms and others.




© 2006 Osterman Research, Inc.                                                       Page 1
Messaging in the Healthcare Industry


                       Key Issues in the Healthcare Industry
                       The use of messaging by healthcare-related organizations
                       can provide tremendous value to a variety of individuals
                       and organizations, including hospital staff, physicians, nurses,
                       payers, benefits administrators and patients. However,
                       perhaps in no other industry is the need for robust and
                       secure messaging more critical than in healthcare given the
                       consequences of poorly executed messaging practices.

                       Healthcare Requirements for Messaging are Numerous
                       There are a wide variety of requirements for messaging in
                       the healthcare industry that impact healthcare providers,
                       employers, vendors of messaging solutions and others:

                       •   Regulatory requirements
                           Key among these requirements is the fact that emails
                           and instant messages must comply with a variety of
                           regulatory provisions regarding both the security of
                           transmission for emails, as well as the retention of records
                           contained within these communications. HIPAA,
                           discussed later in this paper, focuses on both the
                           confidentiality and integrity of the transmission of
                           electronically transmitted Protected Health Information
                           (ePHI).

                       •   Legal considerations
                           Perhaps more so than in any other industry, healthcare
                           information is subject to a variety of legal considerations
                           because of the enormous potential for misuse of this
                           data and the damaging impact that it can have for
                           patients and providers alike. As a result, messaging-
                           related data must be protected from inappropriate use,
                           requiring that adequate controls are placed on the
                           delivery and retention of medical data sent through
                           email systems.

                       •   Secure/encrypted communications
                           Related to both the regulatory and legal aspects of
                           managing email is the critical need to send and receive
                           encrypted messages. For example, any email that
                           contains both a personal identifier, such as a Social
                           Security Number, and a description of a health condition
                           must be encrypted so that a patient’s ePHI cannot be
                           intercepted or altered by an unauthorized party.




© 2006 Osterman Research, Inc.                                                   Page 2
Messaging in the Healthcare Industry


                       •      Archiving requirements
                              Archiving is an important requirement for email in the
                              healthcare industry. For example, HIPAA requires that a
                              variety of documents, including emails, be kept for six
                              years. Medicare requires that medical records be
                              retained for five years as they relate to radiological and
                              nuclear medicine services, as well as inpatient and
                              outpatient services, among others. The Medicare
                              Conditions of Participation requires hospitals to retain
                              medical records for five years. Medicare and Medicaid
                              reimbursement to rural health clinics requires that these
                              clinics maintain medical records for six years, while
                              psychiatric hospitals must retain a variety of medical
                              records for five years.

                              It is important to note that the majority of Covered
                              Entities1 do not store medical records, per se, in
                              messaging systems. However, a significant and growing
                              proportion of these organizations transmit and store ePHI
                              in messaging systems and this data must be archived.
                              For example, if ePHI is communicated via email, an
                              archive and audit trail should be maintained in order to
                              protect organizations from patients and others altering
                              these records.

                       •      Outbound content filtering
                              A key requirement for any Covered Entity is the ability to
                              manage the content of outbound emails. Because
                              information like ePHI can be accidentally disclosed quite
                              easily through email, it is important for organizations to
                              either block or monitor emails that might violate HIPAA
                              requirements if sent improperly. For example, a Covered
                              Entity should have in place a system that can monitor the
                              content of each outbound email in real time and, if
                              these emails contain ePHI, automatically encrypt them,
                              block them or copy them to a HIPAA Privacy/Security
                              officer. Similar capabilities should be implemented for
                              other organizations, such as life sciences firms, whose
                              employees might accidentally or otherwise transmit
                              intellectual property or other proprietary information
                              through email.

                       •      Finely tunable spam filtering
                              Providers, insurance carriers, benefits administrators and
                              others in the healthcare industry send and receive email
                              content that will trigger most spam filters and generate
                              an unacceptable level of false positives. For example, it
                       1
                           A ‘Covered Entity’ is any organization subject to HIPAA requirements.



© 2006 Osterman Research, Inc.                                                                     Page 3
Messaging in the Healthcare Industry


                           would not be uncommon for an email message sent
                           from a physician to an insurance carrier to include the
                           word ‘breast’, a word that would be far less commonly
                           used in most other industries. Consequently, spam
                           filtering systems used for healthcare providers must be
                           finely tunable to allow certain words to pass through
                           without generating false positives. Further, these filters
                           must be tunable so that certain individuals or functions
                           are allowed to send and receive content that contains
                           these words, while other functions in healthcare
                           organizations not related to patient care can have these
                           words filtered out.

                       A Variety of Industries are Impacted
                       The ‘healthcare industry’, at least in the context of
                       messaging issues, includes a large number of organizations
                       and a variety of industries. For example, messaging issues in
                       the context of healthcare focus not only on medical care
                       providers like hospitals, clinics and physicians’ offices; but
                       also on insurance companies, benefits administrators,
                       government agencies, universities and employers of all
                       types. As a result, there should be consideration of the
                       healthcare-related regulatory and legal considerations
                       associated with messaging for virtually all entities, since most
                       organizations will at one time or another send or receive
                       medical information that may be covered by a statute like
                       HIPAA or that may otherwise need to be encrypted,
                       archived or managed according to a legal requirement or
                       best practice.


                       Key Considerations When Using Messaging

                       HIPAA
                       One of the most important and far-reaching US federal
                       government requirements focused on healthcare is HIPAA.
                       This requirement addresses a number of different areas and
                       one of its primary goals is to reduce the administrative costs
                       and other burdens in the healthcare industry, as well as the
                       costs of programs like Medicare. However, the result for
                       many organizations has actually been an increase in the
                       regulatory burden and bureaucracy associated with
                       providing and managing healthcare.

                       The US Congress included provisions in HIPAA that specify
                       the use of standard electronic formats for the transmission,
                       processing and exchange of administrative and financial
                       data regarding healthcare transactions. Further, HIPAA


© 2006 Osterman Research, Inc.                                                   Page 4
Messaging in the Healthcare Industry


                       established standard electronic data interchange formats
                       for transactions and records like health plan premium
                       payments, benefit enrollment forms, medical claims and
                       medical reimbursements. HIPAA also establishes standard
                       code sets for medical diagnoses and procedures as they
                       are coded for claims and billing.

                       HIPAA also created requirements around the privacy and
                       security of PHI. The HIPAA Privacy Rule focuses on
                       maintaining the confidentiality of PHI, among other
                       provisions. The HIPAA Security Rule is designed, among other
                       things, to ensure that Covered Entities take measures to
                       ensure the confidentiality, integrity and availability of ePHI
                       during transmission and storage.

                       The Impact of HIPAA on Messaging
                       HIPAA has two important implications for messaging. First,
                       messages that contain PHI must be encrypted so that the
                       confidentiality, integrity and availability of ePHI is
                       maintained. As mentioned earlier, this means, for example,
                       that an email that contains PHI, in order to be compliant
                       with the requirements of HIPAA, must be encrypted if it is to
                       be sent outside an organization. Second, it is an important
                       best practice for Covered Entities to retain emails in a readily
                       accessible archive if they contain PHI or other records.

                       Every Covered Entity must ask itself two key questions
                       regarding the use of email sent outside of its network:

                       1. Is it acceptable to send a particular email that contains
                          PHI according to HIPAA Privacy regulations?

                       2. If the answer to the above question is ‘Yes’, did we take
                           the steps necessary to ensure the confidentiality, integrity
                           and availability of this data during transit, such as
                           encrypting the information?

                       Requirements for the Use of Messaging in Healthcare
                       There are a variety of requirements for the use of messaging
                       in healthcare-related organizations and in those
                       organizations that deal with healthcare-related information:

                       •   Encryption
                           PHI is among the most sensitive types of data that can be
                           sent through email or instant messages. As a result, best
                           practice, as well as statutory requirements like HIPAA,
                           require that certain types of information be encrypted in
                           order to protect the confidentiality of this data. It is also


© 2006 Osterman Research, Inc.                                                   Page 5
Messaging in the Healthcare Industry


                           important as a best practice that archived data be
                           protected from tampering or violation of confidentiality.

                       •   Disaster recovery
                           Organizations that maintain ePHI must implement a
                           disaster recovery plan to protect this data and should
                           include as a key component of this plan the protection
                           of email systems and their associated message stores.

                       •   Solutions must be easy to use
                           One of the fundamental requirements for the use of any
                           messaging system in the context of healthcare is that it
                           must be easy to use. The tunability of spam filters, the
                           encryption and decryption of messages, and other
                           capabilities must be easy to set up and maintain given
                           that messaging infrastructures will often be managed by
                           small organizations without dedicated IT staff, such as
                           physicians’s offices or small businesses.

                       •   Messaging must be reliable
                           Messaging capabilities used in the healthcare field must
                           be reliable given the time sensitivity of much of the
                           communications in this field and the inability to tolerate
                           delayed message delivery times, an unacceptable level
                           of false positives, and so forth.

                       •   Flexible deployment capabilities
                           The healthcare field includes a wide variety of
                           organizations, from large hospitals and insurance
                           companies with large IT staffs that can easily manage
                           internal messaging systems, down to individual
                           physicians’ offices with a staff of only a few people and
                           no dedicated IT resources. As a result, these
                           organizations need flexible deployment options,
                           including the ability to use software-based messaging
                           systems, appliances and managed service offerings,
                           often within the same organization.

                       •   Long-term archiving
                           Archiving is a critical requirement for a significant
                           proportion of the data sent and received by
                           organizations even peripherally related to healthcare.
                           For example, healthcare providers, such as hospitals,
                           must retain medical records under various laws and
                           regulations – for five years in some cases, for six years in
                           others, for two years after a patient’s death, for the life of
                           the patient, etc. Some of these records are subject to
                           HIPAA privacy rules and so archives that contains PHI


© 2006 Osterman Research, Inc.                                                     Page 6
Messaging in the Healthcare Industry


                           must be maintained in such a way that the integrity of
                           the data is preserved.


                       About Microsoft Exchange Hosted Services
                       Microsoft Exchange Hosted Services offer a cost-effective
                       way for enterprises to actively ensure the security and
                       availability of their messaging environment, while instilling
                       confidence that their messaging processes satisfy internal
                       policy and regulatory compliance requirements. A seamless
                       extension of Microsoft Exchange that operates over the
                       Internet as a service, the complete set of services includes
                       hosted filtering for spam and virus protection; hosted
                       archiving to satisfy compliance requirements and internal
                       policies; hosted encryption to preserve e-mail confidentiality;
                       and, hosted continuity for ongoing access to messaging
                       systems during and after disasters. Microsoft Exchange
                       Hosted Services provide value to corporate customers by
                       eliminating upfront capital investment, freeing up IT
                       resources, and removing incoming e-mail threats before
                       they reach the corporate firewall. For more information, visit
                       http://www.microsoft.com/exchange/services




© 2006 Osterman Research, Inc.                                                  Page 7
Messaging in the Healthcare Industry




                       © 2006 Osterman Research, Inc. All rights reserved.

                       No part of this document may be reproduced in any form
                       by any means, nor may it be distributed without the
                       permission of Osterman Research, Inc., nor may it be resold
                       by any entity other than Osterman Research, Inc., without
                       prior written authorization of Osterman Research, Inc.

                       THIS DOCUMENT IS PROVIDED “AS IS”. ALL EXPRESS OR
                       IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES,
                       INCLUDING ANY IMPLIED WARRANTY OR FITNESS FOR A
                       PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE
                       EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE
                       ILLEGAL.




© 2006 Osterman Research, Inc.                                                Page 8

Más contenido relacionado

Más de Microsoft Private Cloud

Hyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivityHyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivityMicrosoft Private Cloud
 
AcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper VAcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper VMicrosoft Private Cloud
 
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data QuestMicrosoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data QuestMicrosoft Private Cloud
 
Cloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the CloudCloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the CloudMicrosoft Private Cloud
 
Economics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO SurveyEconomics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO SurveyMicrosoft Private Cloud
 
Assess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth ModelingAssess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth ModelingMicrosoft Private Cloud
 
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case StudyTicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case StudyMicrosoft Private Cloud
 
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...Microsoft Private Cloud
 
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case StudyGodiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case StudyMicrosoft Private Cloud
 
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...Microsoft Private Cloud
 
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...Microsoft Private Cloud
 
Simplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: WhitepaperSimplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: WhitepaperMicrosoft Private Cloud
 
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...Microsoft Private Cloud
 
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...Microsoft Private Cloud
 
Deployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: WhitepaperDeployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: WhitepaperMicrosoft Private Cloud
 
Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...Microsoft Private Cloud
 
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...Microsoft Private Cloud
 
Cloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from MicrosoftCloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from MicrosoftMicrosoft Private Cloud
 
Reduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online SuiteReduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online SuiteMicrosoft Private Cloud
 

Más de Microsoft Private Cloud (20)

Hyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivityHyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivity
 
AcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper VAcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper V
 
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data QuestMicrosoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
 
Cloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the CloudCloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the Cloud
 
Economics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO SurveyEconomics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO Survey
 
Assess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth ModelingAssess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth Modeling
 
A Guide To Finding Your Cloud Power
A Guide To Finding Your Cloud PowerA Guide To Finding Your Cloud Power
A Guide To Finding Your Cloud Power
 
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case StudyTicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
 
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
 
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case StudyGodiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
 
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
 
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
 
Simplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: WhitepaperSimplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: Whitepaper
 
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
 
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
 
Deployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: WhitepaperDeployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: Whitepaper
 
Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...
 
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
 
Cloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from MicrosoftCloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from Microsoft
 
Reduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online SuiteReduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online Suite
 

Último

Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 

Último (20)

Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 

Microsoft Unified Communications - Messaging in Healthcare Industry Whitepaper

  • 1. Messaging in the Healthcare Industry Executive Summary Messaging is becoming more important in the healthcare industry for a variety of reasons. The ability to communicate via email with healthcare providers, payers and patients can dramatically improve the quality of healthcare, can lower healthcare costs by reducing adminstrative overhead and can improve the overall quality and accuracy of communications. Further, Osterman Research has found that the use of email can influence a significant percentage of patients to switch from one provider to another because of the convenience that this communication medium provides. This can result in a significant competitive advantage to providers that make better use of these technologies. That said, messaging for healthcare-related organizations imposes significant demands on users, their employers and the vendors that supply their infrastructure. Certain types of messages must be encrypted in order to satisfy both best practice and statutory obligations for data confidentiality and integrity. Further, it is a best practice for healthcare- related organizations to maintain an easily searchable archive of messages in order to satisfy the provisions of the Health Insurance Portability and Accountability Act (HIPAA) and other requirements, such as to conduct random searches or reviews of emails sent to patients and others. Failure to adequately protect confidential information can result in significant civil or criminal penalties, as well as a loss of reputation and other problems. This white paper examines some of the key issues to consider when evaluating or planning an upgrade of messaging capabilities in a healthcare-related organization. It also discusses Microsoft/FrontBridge’s offerings that are focused on companies that manage healthcare-related information, including providers of medical services, payers, life sciences firms and others. © 2006 Osterman Research, Inc. Page 1
  • 2. Messaging in the Healthcare Industry Key Issues in the Healthcare Industry The use of messaging by healthcare-related organizations can provide tremendous value to a variety of individuals and organizations, including hospital staff, physicians, nurses, payers, benefits administrators and patients. However, perhaps in no other industry is the need for robust and secure messaging more critical than in healthcare given the consequences of poorly executed messaging practices. Healthcare Requirements for Messaging are Numerous There are a wide variety of requirements for messaging in the healthcare industry that impact healthcare providers, employers, vendors of messaging solutions and others: • Regulatory requirements Key among these requirements is the fact that emails and instant messages must comply with a variety of regulatory provisions regarding both the security of transmission for emails, as well as the retention of records contained within these communications. HIPAA, discussed later in this paper, focuses on both the confidentiality and integrity of the transmission of electronically transmitted Protected Health Information (ePHI). • Legal considerations Perhaps more so than in any other industry, healthcare information is subject to a variety of legal considerations because of the enormous potential for misuse of this data and the damaging impact that it can have for patients and providers alike. As a result, messaging- related data must be protected from inappropriate use, requiring that adequate controls are placed on the delivery and retention of medical data sent through email systems. • Secure/encrypted communications Related to both the regulatory and legal aspects of managing email is the critical need to send and receive encrypted messages. For example, any email that contains both a personal identifier, such as a Social Security Number, and a description of a health condition must be encrypted so that a patient’s ePHI cannot be intercepted or altered by an unauthorized party. © 2006 Osterman Research, Inc. Page 2
  • 3. Messaging in the Healthcare Industry • Archiving requirements Archiving is an important requirement for email in the healthcare industry. For example, HIPAA requires that a variety of documents, including emails, be kept for six years. Medicare requires that medical records be retained for five years as they relate to radiological and nuclear medicine services, as well as inpatient and outpatient services, among others. The Medicare Conditions of Participation requires hospitals to retain medical records for five years. Medicare and Medicaid reimbursement to rural health clinics requires that these clinics maintain medical records for six years, while psychiatric hospitals must retain a variety of medical records for five years. It is important to note that the majority of Covered Entities1 do not store medical records, per se, in messaging systems. However, a significant and growing proportion of these organizations transmit and store ePHI in messaging systems and this data must be archived. For example, if ePHI is communicated via email, an archive and audit trail should be maintained in order to protect organizations from patients and others altering these records. • Outbound content filtering A key requirement for any Covered Entity is the ability to manage the content of outbound emails. Because information like ePHI can be accidentally disclosed quite easily through email, it is important for organizations to either block or monitor emails that might violate HIPAA requirements if sent improperly. For example, a Covered Entity should have in place a system that can monitor the content of each outbound email in real time and, if these emails contain ePHI, automatically encrypt them, block them or copy them to a HIPAA Privacy/Security officer. Similar capabilities should be implemented for other organizations, such as life sciences firms, whose employees might accidentally or otherwise transmit intellectual property or other proprietary information through email. • Finely tunable spam filtering Providers, insurance carriers, benefits administrators and others in the healthcare industry send and receive email content that will trigger most spam filters and generate an unacceptable level of false positives. For example, it 1 A ‘Covered Entity’ is any organization subject to HIPAA requirements. © 2006 Osterman Research, Inc. Page 3
  • 4. Messaging in the Healthcare Industry would not be uncommon for an email message sent from a physician to an insurance carrier to include the word ‘breast’, a word that would be far less commonly used in most other industries. Consequently, spam filtering systems used for healthcare providers must be finely tunable to allow certain words to pass through without generating false positives. Further, these filters must be tunable so that certain individuals or functions are allowed to send and receive content that contains these words, while other functions in healthcare organizations not related to patient care can have these words filtered out. A Variety of Industries are Impacted The ‘healthcare industry’, at least in the context of messaging issues, includes a large number of organizations and a variety of industries. For example, messaging issues in the context of healthcare focus not only on medical care providers like hospitals, clinics and physicians’ offices; but also on insurance companies, benefits administrators, government agencies, universities and employers of all types. As a result, there should be consideration of the healthcare-related regulatory and legal considerations associated with messaging for virtually all entities, since most organizations will at one time or another send or receive medical information that may be covered by a statute like HIPAA or that may otherwise need to be encrypted, archived or managed according to a legal requirement or best practice. Key Considerations When Using Messaging HIPAA One of the most important and far-reaching US federal government requirements focused on healthcare is HIPAA. This requirement addresses a number of different areas and one of its primary goals is to reduce the administrative costs and other burdens in the healthcare industry, as well as the costs of programs like Medicare. However, the result for many organizations has actually been an increase in the regulatory burden and bureaucracy associated with providing and managing healthcare. The US Congress included provisions in HIPAA that specify the use of standard electronic formats for the transmission, processing and exchange of administrative and financial data regarding healthcare transactions. Further, HIPAA © 2006 Osterman Research, Inc. Page 4
  • 5. Messaging in the Healthcare Industry established standard electronic data interchange formats for transactions and records like health plan premium payments, benefit enrollment forms, medical claims and medical reimbursements. HIPAA also establishes standard code sets for medical diagnoses and procedures as they are coded for claims and billing. HIPAA also created requirements around the privacy and security of PHI. The HIPAA Privacy Rule focuses on maintaining the confidentiality of PHI, among other provisions. The HIPAA Security Rule is designed, among other things, to ensure that Covered Entities take measures to ensure the confidentiality, integrity and availability of ePHI during transmission and storage. The Impact of HIPAA on Messaging HIPAA has two important implications for messaging. First, messages that contain PHI must be encrypted so that the confidentiality, integrity and availability of ePHI is maintained. As mentioned earlier, this means, for example, that an email that contains PHI, in order to be compliant with the requirements of HIPAA, must be encrypted if it is to be sent outside an organization. Second, it is an important best practice for Covered Entities to retain emails in a readily accessible archive if they contain PHI or other records. Every Covered Entity must ask itself two key questions regarding the use of email sent outside of its network: 1. Is it acceptable to send a particular email that contains PHI according to HIPAA Privacy regulations? 2. If the answer to the above question is ‘Yes’, did we take the steps necessary to ensure the confidentiality, integrity and availability of this data during transit, such as encrypting the information? Requirements for the Use of Messaging in Healthcare There are a variety of requirements for the use of messaging in healthcare-related organizations and in those organizations that deal with healthcare-related information: • Encryption PHI is among the most sensitive types of data that can be sent through email or instant messages. As a result, best practice, as well as statutory requirements like HIPAA, require that certain types of information be encrypted in order to protect the confidentiality of this data. It is also © 2006 Osterman Research, Inc. Page 5
  • 6. Messaging in the Healthcare Industry important as a best practice that archived data be protected from tampering or violation of confidentiality. • Disaster recovery Organizations that maintain ePHI must implement a disaster recovery plan to protect this data and should include as a key component of this plan the protection of email systems and their associated message stores. • Solutions must be easy to use One of the fundamental requirements for the use of any messaging system in the context of healthcare is that it must be easy to use. The tunability of spam filters, the encryption and decryption of messages, and other capabilities must be easy to set up and maintain given that messaging infrastructures will often be managed by small organizations without dedicated IT staff, such as physicians’s offices or small businesses. • Messaging must be reliable Messaging capabilities used in the healthcare field must be reliable given the time sensitivity of much of the communications in this field and the inability to tolerate delayed message delivery times, an unacceptable level of false positives, and so forth. • Flexible deployment capabilities The healthcare field includes a wide variety of organizations, from large hospitals and insurance companies with large IT staffs that can easily manage internal messaging systems, down to individual physicians’ offices with a staff of only a few people and no dedicated IT resources. As a result, these organizations need flexible deployment options, including the ability to use software-based messaging systems, appliances and managed service offerings, often within the same organization. • Long-term archiving Archiving is a critical requirement for a significant proportion of the data sent and received by organizations even peripherally related to healthcare. For example, healthcare providers, such as hospitals, must retain medical records under various laws and regulations – for five years in some cases, for six years in others, for two years after a patient’s death, for the life of the patient, etc. Some of these records are subject to HIPAA privacy rules and so archives that contains PHI © 2006 Osterman Research, Inc. Page 6
  • 7. Messaging in the Healthcare Industry must be maintained in such a way that the integrity of the data is preserved. About Microsoft Exchange Hosted Services Microsoft Exchange Hosted Services offer a cost-effective way for enterprises to actively ensure the security and availability of their messaging environment, while instilling confidence that their messaging processes satisfy internal policy and regulatory compliance requirements. A seamless extension of Microsoft Exchange that operates over the Internet as a service, the complete set of services includes hosted filtering for spam and virus protection; hosted archiving to satisfy compliance requirements and internal policies; hosted encryption to preserve e-mail confidentiality; and, hosted continuity for ongoing access to messaging systems during and after disasters. Microsoft Exchange Hosted Services provide value to corporate customers by eliminating upfront capital investment, freeing up IT resources, and removing incoming e-mail threats before they reach the corporate firewall. For more information, visit http://www.microsoft.com/exchange/services © 2006 Osterman Research, Inc. Page 7
  • 8. Messaging in the Healthcare Industry © 2006 Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. THIS DOCUMENT IS PROVIDED “AS IS”. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. © 2006 Osterman Research, Inc. Page 8