Understanding all the steps to proper HIPAA compliance can be complex, but it’s essential to keeping sensitive information safe. These systems are put in place to protect confidentiality, integrity, and availability of personal health information.
When it comes to optimizing our workflow—while maintaining strict HIPAA compliance—it can be hard to strike a balance between security, innovation and efficiency. To make it work, you must have the proper resources in place with an experienced team trained to handle every step of the process.
HIPAA Compliant Printing
At SunDance, we understand that HIPAA compliance is an ongoing practice—subject to advances in technology, changing policies, new procedures and updated HIPAA rules. It may seem counter-intuitive, but when set up and executed properly, adhering to HIPAA compliance strategies and systems can save time and resources in many ways.
With our daily workflow, we employ a set of security measures in place to ensure the safety and chain-of-custody of our pharmaceutical print projects. Here’s a look at the process SunDance uses when a HIPAA-flagged job moves through our plant.
Identifying HIPAA Jobs
At the beginning of the project, there are three ways that our team determines if a job requires HIPAA compliance:
• If client-provided artwork contains private health information
• If the data list contains private health information
• If the combination of graphics, copy and data list may reveal private health information.
Once we assign HIPAA status of an incoming job, we use a number of measures to ensure security from the start.
• Files are transferred and stored on a secure server with restricted access
• Our secure FTP site allows clients to transfer files in compliance with HIPAA regulations
• All files are archived for 90 days
• Data lists are scrubbed using NCOA, Move Update and CASS certification requirements
When it is determined that a job needs this level of compliance, we mark it in our production software as a HIPAA flag to ensure proper security procedures through every step of the workflow.
When a HIPAA-flagged job enters the workflow, we have strict quality control and review processes in place to ensure compliance.
• We utilize a 24/7, access-controlled and monitored printing process for HIPPA jobs
• Cameras are located around the facility for controlled access
• The only identifying information is the job specification ticket
• When completing digital production on pre-printed variable pieces, the top sheet of every bin is covered during printing
Our workflow is set up to move a HIPAA-flagged job through the production process and into the mail stream as soon as possible. Less time in the plant leaves less chance for any lapse in HIPAA compliance and security. This is where a strict workflow process so important. At SunDance, we perform a same-day turnaround on these jobs so there is no room for a potential violation.
When we receive a large job that exceeds a single-day capacity, the job is completed on the last full mail tray and then locked in a restricted-access storage room. Any pieces without variable data imprinting will remain in place. If we are working with digital jobs containing pre-printed variable information, the entire job will be stored in the restricted storage area.
Should we add something here about secure waste steam management—do we have a process for that?
The Importance of HIPAA Workflow
The importance of HIPAA compliance cannot be overstated. In addition to possible financial penalties for non-compliance, it’s our duty to protect the patient’s most sensitive data. When we are entrusted with these jobs, we take the responsibility seriously. We know that creating and enforcing a step-by-step system allows us to deliver HIPAA-flagged jobs securely and with efficiency.
If you have any questions or need assistance with your upcoming HIPPA project, contact a customer service representative today to see how SunDance can help.