Protecting Patient Information and Data Transfer Solutions

BreusIn the last issue of Sleep Review, Natalie Morin, RPSGT, wrote an excellent guest editorial about the efficiencies of outsourcing your scoring needs. One can save time and money by using a group that can produce high-quality scoring for a fraction of the cost of a full-time registered technician (if, for example, you have only a two-bed laboratory and cannot keep a full-time technician busy).

Another important consideration that can help to save both time and money is the transfer of digital data to both your scoring technician (whether in-house or outsourced) and your interpreting physician. In our laboratories, we use a system that allows sleep studies to be sent to all the referring doctors and financial billing centers. All the files were completely secure, encrypted, Health Insurance Portability and Accountability Act (HIPAA) compliant. It does not get much better than that.

Now is the time to address any and all concerns involving the steps that each of you must take to protect patient information. Far too many of the entrepreneurs and companies that I speak to have all of the documentation that says they are “compliant” with HIPAA guidelines but they have none of the processes in place to ensure it.

The following are some of the major areas for concern that should be addressed in every location.

Network Setup—The environment in which you operate your laboratory can impact the entire business process and especially revenue and profits. Investing a small amount in proper PC operating systems, virus protection, firewalls, and other network systems can go a long way down the road to compliance.

Storage of Data—This is your primary storage department. It may be a server or an off-site storage facility, but, for most, it has been CDs that are burned, never verified, and not stored in a controlled environment. These files can be anywhere from 25MB to 250MB so prepare for enough space and be sure to verify data before archiving.

Archiving Data—As an extension of data storage, make sure that you have plans to store this data for a minimum of 7 years. Again, pay attention to storage space restraints and partner with someone who can manage this process for you or make sure that the hardware you purchase has the proper capacity.

Data Transfer or Centralization—This is one of the most strategic components of the future of the sleep industry. Utilizing either a local network or a private network application, laboratories can now centralize their data for a variety of purposes including centralized scoring, quality assurance checks, storage and archiving, and research. This needs to be done in an encrypted environment that is not accessible to anyone other than those with the required permissions.

HIPAA Documentation—Each provider should have HIPAA adoption notices, business associate agreements, nondisclosure agreements, and privacy notices for personal health information. Please make sure all vendors involved in your operations have these items and certainly question them if they do not.

Today is the day to ensure that things are done the right way—the HIPAA way. The next few years should reward us all financially and allow us to treat an unforeseen number of patients in our sleep centers in new and more efficient ways. Address the issues above; define your internal processes for security, scheduling, marketing, and technician training; and then “buckle up your chin strap” and get ready.

Michael J. Breus, PhD, is a diplomate of the ABSM; founder of The Sleep Center Management Institute ( ) ; clinical director of SleepEx Systems ( ), both in Atlanta; and a member of Sleep Review’s Editorial Advisory Board.