OpenText Fax & Document Distribution Group

Just a week ago, Emory Healthcare in Atlanta, GA became the latest victim of a major data breach involving protected health information (PHI). The health network announced it was unable to locate 10 computer discs containing PHI for more than 300,000 patients treated between 1990 and 2007.

According to a local news article from the Atlanta Journal-Constitution, Emory President and CEO John Fox admitted that the discs had not been properly stored. Although they were in an office with restricted access and nightly lockdown, the cabinet they were in was not locked.

We can hope that the discs were simply misplaced rather than stolen or destroyed, but incidents like this still occur far too often in the healthcare industry. At risk is not only the privacy of the patients whose health information could now be anywhere, but also Emory itself, because it is bound by strict regulatory mandates like HIPAA and HITECH. Non-compliance can result in crippling fines and a loss of public confidence. Emory has already committed to providing identity theft resources to all of the affected patients.

This latest breach comes just six months after an internal breach in which an employee perhaps unwittingly printed medical records that eventually found their way to an identity theft ring. Nine of 32 affected patients reported that their identities had been stolen, and Emory alerted another 7,200 patients who had been in their care at the time. All told, industry analysts calculate the average cost per breached document at $240. Though the employee was let go, Emory spokesperson Lance Skelly said the printed documents were within the scope of the employee’s job duties. In other words, the paper was the problem. To see how OpenText helps medical facilities of all sizes tackle this issue, watch last month’s webcast with TMCnet.

While many healthcare providers are making great strides in effectively managing today’s patient information, how many of them are effectively evaluating the risk associated with “misplacing” historic documents that fall outside the scope of their EMR deployment? For many organizations, it’s unlikely that their next data breach will result from a virus or a group of teenage hackers. The real threat may simply come from the theft of unattended paper documents or an overzealous cleaner diligently “cleaning up.”

OpenText has a solution designed for problems exactly like this. Alchemy, our document server solution, can capture document images from paper or just about any electronic file format, file them or route them to specific users, and track every instance of access: where, when, and who sees them. Had the files on those discs or the leaked paper medical records been scanned into Alchemy, the physical media could have been safely destroyed and Emory would be in the clear.

Click here to check out Alchemy’s latest release, version 9.0.

The United Kingdom’s Information Commissioner’s Office (ICO) recently released information detailing data security breaches in Great Britain between March 2011 and February 2012. The report came after a Freedom of Information request by satellite manufacturer/TV broadcaster Viasat.

All businesses in the UK are bound by the Data Protection Act of 1998, which is enforced by the ICO to prevent data breaches of personally identifiable information (PII). However, the report found that while the private sector accounted for more than a third of all reported breaches (263 cases), it paid just one £1,000 fine, leaving the public sector (467 cases) with the vast majority of the £791,000 total.

Data security is a global problem, and insufficient reporting/enforcement makes incidents difficult to accurately track and, more importantly, prevent. Government agencies with a commitment to customer privacy spend a lot of money protecting data to avoid crippling fines, (the ICO levied a £140,000 fine against Midlothian Council in 2011 for repeatedly leaking personal data about children and their caregivers to the wrong recipients).

The security of protected health information (PHI) is a particular risk for healthcare institutions, and in the UK, they must comply with strict regulatory mandates not only from the Data Protection Act but also from their individual Safe Haven Policies. As a result, in the UK and around the world, the smart money is on secure document management and delivery.

The National Health Service (NHS) is the UK’s publically funded healthcare network, and its 1.7 million combined staff serve more than 62 million citizens. NHS Manchester turned to OpenText Fax Appliance for its document delivery solution. Prior to adopting a network fax approach, fax machines were spread out geographically, and security was limited to keeping fax machines in locked rooms. Now NHS Manchester employees enjoy consolidated digital document transfer and can send and receive faxes directly and securely from the desktop. All faxes are stored and routed through a central database, and retain a full audit trail recording any access or other activity. With less paper documents changing hands, the likelihood of data breaches is greatly reduced.

To learn more about Fax Appliance, click here.

To read the full NHS Manchester case study, click here.

Recently we co-sponsored a well-attended webinar highlighting the current state of security and compliance in the healthcare industry. Speakers Rebecca Herold (the Privacy Professor), privacy, security and compliance guru , and Chris Patterson, IT Administrator at Florida Heart and Vascular Associates, were extremely helpful in enlightening the audience using real-world examples and the most up-to-date data.

We’ve had some time to reflect on the webinar, and also to take a look at the responses to the polling questions. Here are a few realities we can take away from these resources:

■ Security and compliance remain the most important issues in healthcare after quality
patient care

■ The healthcare industry is not yet where it needs to be in terms of securing
private health information

■ Solutions do exist to mitigate the problems

■ Digital fax and document delivery will continue to play a central role in these solutions

The problems
Healthcare providers need to maintain a high level of data security for three main reasons: patient care, patient privacy and regulatory compliance. The rise in the use of fax to securely manage and deliver electronic medical records (EMR) solutions are  helping institutions address these concerns, but even fax is vulnerable to tampering if not properly protected, and data leaks continue to plague the industry.

Rebecca shared several real-life examples of recent breaches in fax security including hacking of fax servers, wrong numbers/email addresses, use of standalone fax machines and public networks, and improper document disposal. These problems come from a mixture of human and technological error and often lead to costly failures of compliance with government mandated regulations like HIPAA and HITECH.

According to the poll, about half of healthcare providers are unsatisfied with their ability to comply with HIPPA using digital documents, and more than half of physicians still rely primarily on paper charts.

The success stories 
The good news is that digital fax and document management solutions like Fax Appliance, RightFax and Alchemy are working for thousands of healthcare professionals, including Patterson. After deploying an OpenText fax solution, Patterson reported that security has improved and the hospital has enjoyed savings of more than $200,000 in the three years since implementation. Patterson also said his fax solution paid for itself within two months and has effectively replaced the work of two-and-a-half full-time employees.

The security of Protected Health Information (PHI) is a primary concern for healthcare institutions. PHI management is important not just for patient care and privacy, but also to meet strict regulatory compliance mandates. In the third installment of a bi-annual survey of healthcare providers, a report published in April details the current state of patient data security. The report was commissioned by Kroll Advisory Solutions, a leading risk consulting firm, and published by HIMSS Analytics, a world leader in healthcare IT reporting.

The reason for the report stems from concern over patient data security in light of increased adoption of mobile technology for the exchange of electronic health records (EHR) and, more specifically PHI. By moving PHI to mobile devices, it becomes more vulnerable to breaches. In fact, 31 percent of survey respondents indicated that “information available on a portable device was among the factors most likely to contribute to the risk of a breach.”

An earlier report by the Department of Health and Human Services (HHS) found that 207 data breaches in 2010 affected 500 people or more and were caused by:

• Theft
• Loss
• Unauthorized access/disclosure
• Human/technological error
• Improper disposal

Theft accounted for almost half of all breaches that year and affected an estimated 2,979,121 individuals. In the HIMSS survey, more than half of all breaches were internal, but third-party sources were also recorded. Almost all respondents require third parties to sign a business agreement before handling EHR, but only about half indicated they ensure that their third-party vendors conduct regular risk analysis to identify vulnerabilities.

The HIMSS Analytics report found that on top of security issues, healthcare institutions are being torn in two directions. On the one hand, they are tasked with protecting PHI, but on the other they are expected to comply with a multitude of strict regulatory mandates like HIPAA and HITECH. “While organizations are actively taking steps to ensure that patient data is secure, they are so focused on meeting compliance requirements that they have little awareness of the efficacy of their security programs.”

Debate also remains over who exactly oversees which elements of EHR: “As organizations struggle to address data and privacy breaches, a lack of ownership for the issue across the industry remains. Various titles hold responsibility for pieces of the compliance puzzle, ensuring that their organizations meet the mandates and regulations set forth, but the overall security picture continues to elude most.”

The keys then are:

• Controlled document access
• Confidence in third-party vendors
• Clearly defined security and privacy roles

The good news, according to the report, is that the priority of compliance has raised awareness about the gaps in patient data security. Respondents ranked their preparedness at an average of 6.40 on a scale of one to seven in 2012, compared to 6.06 in 2010 and 5.88 in 2008.

While mobile devices remain a concern, technology isn’t always to blame for data breaches, and can in fact be the solution. Such is the case for the thousands of healthcare institutions using fax and document delivery solutions to manage their EHR. Fax is still the preferred method of secure document delivery for healthcare institutions worldwide, and new fax technologies are changing the way we interact with fax.

No longer are workers sending and receiving paper documents at a fax machine in a public area. Instead, they can fax securely via encrypted email, or securely over IP from private, password-protected workstations. Other technologies include archiving tools that can capture, file, distribute and manage millions of documents from a single repository, and can control exactly which users can see a particular record. This allows only the appropriate healthcare professionals easy and immediate access to EHR not only to provide faster, better care for patients, but also to respond quickly to external requests for information.

Tasked with both patient data security and regulatory compliance, digital fax technology can solve problems for the smallest clinic to the largest healthcare network. In light of the HIMSS report’s findings, implementing a secure document management system is good for patients and good for business.

See the full report here.

To learn more about EHR management solutions for healthcare providers, visit OpenText’s Fax and Document Delivery Group healthcare page.

Tens of thousands of businesses around the world already use OpenText’s Alchemy Server to manage their critical documents. On April 18, 2012 new features in the areas of capture, access, workflow and retention were released as Alchemy 9.0. See the full press release here.

Alchemy 9.0 is a simple solution for managing documents. Any business that relies on thorough and precise tracking of records will benefit from Alchemy’s unique capabilities. Here are a few of them:

• Alchemy 9.0 captures and archives paper or electronic documents from MFP, desktop, back-office and third-party applications.

• All of your documents reside in a single, centralized database.

• Full-text search allows “Google-style” search of all documents just by plugging in a word or phrase.

• Alchemy 9.0 helps you create simple workflows so documents are automatically routed to the correct decision-makers depending on their status (e.g. “accepted” or “rejected”).

• Retention utilities let you manage the lifecycle of your documents from creation to deletion based on any criteria you choose (e.g. you can tell Alchemy to delete certain records days, weeks, months or years after a chosen event).

Immediate benefits include reduced payroll burn from manual document management like faxing and filing; reduction of paper and paper-related supplies; less hardware and maintenance on MFPs and fax machines; and audit-readiness for less risk of compliance failure.

Alchemy is particularly useful for small- to medium-sized businesses with an internal or mandated need for secure document management. Healthcare, legal, financial and manufacturing institutions in particular face severe fines for improper, inaccurate or incomplete document access and management.

We are very excited about this release and the enhanced capabilities of Alchemy 9.0, and you should be too!

Check us out at http://getdocumentmanagement.com or to view more fax and document solutions, see OpenText’s full suite at http://faxsolutions.opentext.com.

Darren Boynton
Product Marketing Manager
OpenText Corporation

We recently partnered with Healthcare IT News on a new survey report titled, Digital Document Delivery and Management: Achieving Compliance, Security and Improved Patient Care. The report details key findings from a survey investigating trends in the adoption of digital document management systems by healthcare institutions since the rollout of the HITECH Act’s financial incentive programs. The report was based on a January survey of 288 healthcare professionals ranging from senior IT managers and their staff to medical and clinical professionals. Respondents were chosen from healthcare institutions of all sizes. The diverse sample offered a unique insight into the current state of the healthcare IT marketplace and the internal and external drivers that allow some healthcare institutions to keep up with new regulations and IT solutions, and prohibit others from doing so. The survey answered five main questions:

• Who currently has a digital document delivery and management solution?
• What drives organizations to adopt new technologies?
• What challenges do healthcare professionals face regarding document management?
• What are the primary obstacles to adopting a digital document management solution?
• How do organizations primarily share protected health information (PHI)?

The survey looked at a wide range of barriers to the adoption of new health IT in general. Respondents overwhelmingly cited lack of resources as the biggest deterrent, followed by lack of support or buy-in from medical staff and integration problems.

When asked specifically about health record digitization, the survey found that more than a third of respondents had already adopted a digital document management solution and another third were testing, researching, or planning implementation. However, that left about a third of respondents without any solution, and many still weighing their decision.

Digital document delivery is not yet in every hospital and clinic, but the survey did find that 56 percent of office-based physicians used an electronic medical record (EMR) in 2011, a six-percent increase from 2010, indicating a move in the direction of increased adoption on the practitioner side.

Healthcare institutions still rely heavily on faxed documents due to their legal properties and ubiquity, but traditional faxing creates a lot of paper that is difficult to track and vulnerable to tampering. The study said, “Given that many faxed documents contain protected health information (PHI), and two-thirds of respondents share PHI via their EMR systems, it is critical that healthcare organizations integrate their faxing solutions with their EMR systems.” Indeed, security and searchability were cited by almost half of all respondents as the biggest challenge they face when managing documents.

Several case studies were included in the report focusing on the benefits enjoyed by healthcare facilities that do digitize their health records. The study concluded that “the secure and efficient electronic capture, management and delivery of patient information are the foundation to achieving the transformative goals of improving quality of care and patient safety.”

View the report by Healthcare IT News and OpenText here.

By Susie Cornelius, ProcessFlows

It was recently announced that 132 local authorities have admitted to losing sensitive data in the past three years. Some incidents were more serious than others, but at least 35 councils lost information about children in their care. (http://www.computing.co.uk/ctg/news/2127193/loss-epidemic-uk-local-authorities).

In 2010, Hertfordshire County Council was fined £100,000 for faxing sensitive information to the wrong recipients. Since then, other public sector organisations, including the police force and the NHS, have also been fined for similar, avoidable, leaks of personal data.

Councils that have breached the Data Protection Act by failing to protect personal information are being fined by the Information Commissioner’s Office (ICO) – a UK independent authority set up to uphold information rights in the public interest by promoting openness from public bodies and data privacy for individuals.

Fax security should be a major concern for any public sector organization, and councils need to start reevaluating the security risks of their fax processes in order to avoid costly ICO fines.

OpenText RightFax is the most trusted, cost-effective and integrated network fax solution, with robust security features designed to minimise the risk of sending sensitive fax messages to the wrong recipient.

Switching to electronic fax guarantees the security of fax information by providing a traceable, efficient and quick faxing process from the desktop.

ProcessFlows is a UK Distributor, Support Centre and Authorised Training Partner for OpenText RightFax and OpenText Alchemy. ProcessFlows can help you secure all types of documentation and processes, their automated solutions for invoice processing, fax distribution, document management, digital mailroom are fully compliant and provide data security at every stage of the document journey.

For more information on ProcessFlows, contact enquiries@processflows.co.uk.

The complex and dynamic healthcare IT marketplace was on full display at HIMSS12 in Las Vegas last month. After spending a few days interacting with partners, customers and healthcare IT consumers as a representative of OpenText’s Fax and Document Distribution Group (FDDG), three main trends stood out to me that I feel are important to share with those unable to attend, whether health professionals with IT problems or vendors with IT solutions.

The Cloud
Despite early fears that managing and exchanging sensitive documents like patient information in the cloud would be too unstable or vulnerable, the sentiment is shifting as businesses across all industries become better informed – and consequently more comfortable – with the emerging medium.

Quite a few healthcare IT vendors have done a commendable job of demonstrating that cloud computing can be secure. Although many hospitals and other healthcare providers are realizing they need to step outside of traditional technologies in general, their initial hesitation to embrace cloud is understandable. Many of these institutions have spent a lot of time and money building an IT infrastructure that, while perhaps not as efficient or up-to-date as they would like, makes them feel confident that their sensitive documents are safe. It was great to see more hospitals getting out of their comfort zones and investigating new technologies.

Mobility
To some people, a PDA or other mobile device is simply a phone, a scheduling tool, or even just a neat gadget. But to a growing number of healthcare professionals, these mobile devices have become critical to managing and sharing documents, and, more importantly, delivering quality care.

The continually expanding capabilities and security of mobile devices are making them more and more attractive to healthcare professionals, especially those that need to share sensitive information quickly and without being tied to a desk or a fixed appliance.

HL7 Messaging
Health Level-7 (HL7) messaging is beginning to generate a lot of renewed attention. Originally developed in the U.S. more than 20 years ago as a standard for healthcare information systems, it was quickly adopted by many other nations and remains an important way of managing healthcare information in a unified manner.

Security and compliance has become one of the most daunting challenges for healthcare providers, but their need to communicate quickly and often internationally is growing as well. HL7 is being revisited as a cornerstone for sharing medical records and other health documents.

With these and many other changing trends in mind, our healthcare IT solutions must keep pace. OpenText FDDG will continue to develop document interchange technologies that meet the needs of the Healthcare industry.  Fax remains important, and even as electronic interchange of records grows in Healthcare, fax will still be a backstop.  OpenText continues to put a major focus on secure operability in the cloud, access to critical documents via mobile device, and compatibility with the widest range of applications possible. As Healthcare IT requirements evolve, you can be certain that OpenText will be there to provide superior solutions.

Managing excessive paper-based medical records is not for the faint of heart — especially when compliance violations can result in fines that well exceed seven figures. Healthcare organizations that employ a virtually “paperless” EMR or EHR solution may believe that they are immune to penalties but that’s simply not the case. Send a fax to the wrong person or leave a fax in whole or part at an unattended fax machine and you could be subject to costly fines. In fact, the number and amount of compliancy fines in the US is at an all-time high.

Join OpenText on April 12th at 2:00PM Eastern / 11:00AM Pacific for an educational webinar, where you will hear from security and privacy expert Rebecca Herold, AKA the Privacy Professor, and learn about the risks associated with paper-based communications and processes. During the webcast, attendees will also hear from Chris Patterson, the IT Administrator for Florida Heart and Vascular Associates, and see how they integrated an OpenText digital faxing solution to achieve HIPAA compliance, improve processes, and dramatically lower costs.

Who should attend?

• Healthcare Compliance Officers adopting new healthcare compliance initiatives
• Healthcare Professionals wanting to protect and secure patient information
• Healthcare Practice Managers seeking to improve productivity and patient care
• Healthcare Informatics roles searching for ways to improve workflow and streamline business processes

Register today!

After attending this year’s HIMSS tradeshow, I am as excited as ever about the direction healthcare is heading with regard to new information technologies. Even compared to last year’s event, I can see a real difference in the passion healthcare providers are displaying in seeking out new technologies to deliver better care and service–in particular those that can help them address security, compliance and data privacy. Yes, regulations and compliance mandates like HIPAA means a lot more accountability and a lot more work. But rather than responding to this requirement as if they are being forced to comply, the healthcare community seems eager to find the smartest IT solutions for their compliance needs. They understand that, ultimately, regulatory compliance will improve not just document security, but also patient care and even bottom line.

I attended HIMSS12 representing OpenText’s Fax and Document Distribution Group in an effort to connect with customers in need of a fax-based document management solution. HIMSS is designed to make the job of finding the right IT solutions easy, but it can be difficult to find something if you don’t know what you should be looking for. In some cases, people don’t even know that fax technology can be a viable and effective solution for them. For example, at HIMSS12, I met someone who provides consultancy services for hospitals to improve their process workflows, and she said it had never occurred to her that fax could solve problems for her clients. Further discussions with her saw her realize that OpenText fax solutions can help quite a few of her clients increase efficiency and productivity, reduce costs and enhance the service they offer their customers. It felt great to help her, and it was a welcome reminder that trusted fax technology continues to play a pivotal role in the healthcare marketplace.

It was heartening to see a vibrant healthcare IT dialogue at play, and I look forward to attending next year.