LSS Data Systems - HIPAA FAQs

HIPAA Frequently Asked Questions

LSS has been closely monitoring the HIPAA regulations as they become finalized. We are focusing our efforts on the Administrative Simplification aspects of HIPAA, as this is the area that most directly impacts our customers and us. Administration Simplification includes provisions for Electronic Data Interchange (EDI), Patient Privacy, and Security. Final rules have been published for some of the EDI sections (Transaction and Code Sets) and Privacy sections.

The transaction sets that we support are available in the HIPAA-mandated ANSI formats. If you have already licensed Electronic Claims and Electronic Remittance, and the payor or payors with whom you exchange them are upgrading to the HIPAA formats, there will be no additional license fees. If you are currently utilizing a print-image method for claim submission to a clearinghouse vendor, or if you are not currently using EDI transactions and wish to start using the HIPAA-mandated ANSI transaction sets, additional license fees may apply.

We have evaluated our existing software in light of the guidelines suggested in the final Privacy rule. Extensive audit logs already exist for changes to demographic and financial data. If you are using our Electronic Ambulatory Record, the audit logs include all events in which patient clinical data was viewed, changed or appended. We support the use of electronic signature of clinical records. Once a record has been electronically signed, all edits and additions to the record must be made through an addendum. As with your MEDITECH system, the ability to use a double-key password system, in which both a user ID and password are required, is already available.

LSS has always stressed the importance of keeping patient data confidential. Confidentiality language is in all of our contracts stating that we agree to protect the privacy of the data we access while supporting your system. We are also reviewing all of our internal standard operating procedures regarding the handling of data.

As a result of our ongoing dedication to patient privacy and our seamless integration with MEDITECH, we feel very well positioned to address HIPAA concerns. A list of responses to frequently asked questions (FAQ's) follows this general statement.

(1 of 6)

What features/functionality is included in the application to prevent improper disclosure of private health information?

(1 of 6)

Each site user is assigned a unique mnemonic in the MIS User Dictionary and is also required to use a unique password to access the system. By utilizing the NPR customization tool, it is possible to create a custom menu to restrict a user's access to only include the functions that the user needs to perform the duties of their job. The system includes a standard time-out feature on all screens and menus. If a session is inactive for a specified time, the record will be exited and the user will be returned to the menu. If no action occurs after that, the system will sign the user off of the system. Furthermore, LSS restricts dial-up access to client sites to LSS staff that have been properly trained on accessing client systems, including training on patient confidentiality. An internal audit log is maintained for LSS staff accessing our MAGIC client systems.

(2 of 6)

Does the application have audit capability?

(2 of 6)

There are several ways to gather audit information. There are MIS-level audit logs that store access information by user, database, menu option, date and time. Within each database there is an audit log of changes that have been made to each billing account, what user made the change, when the change was made and the old and new value. Our Electronic Ambulatory Record includes access logs that list which users have viewed, updated or changed clinical information and when they accessed the record.

(3 of 6)

We want the ability to assign security privileges to users' roles. Does the system have this capability?

(3 of 6)

The NPR customization tool allows customers to create user or job-role specific menus. We suggest creating menus by job role and assigning only the menu options needed for a particular role to those menus.

(4of 6)

What type of disclosure accounting is available?

(4 of 6)

We are currently designing tools to assist providers in managing outside requests for medical record information. This will be a standard part of our Electronic Ambulatory Record. These enhancements will be completed and delivered to all customers using our Electronic Ambulatory Record well ahead of the April 2003 compliance date for privacy regulations.

(5 of 6)

Can I exchange claim and remittance data directly with payors or do I have to go through a specific intermediary?

(5 of 6)

LSS Data Systems will provide the HIPAA-mandated transaction sets for claims (ANSI 837, Version 4010) and remittance (ANSI 835, Version 4010). You can exchange these formats with any payor or clearinghouse you wish. If you have already licensed Electronic Claims and Electronic Remittance and the payor or payors with whom you exchange them are upgrading to the HIPAA formats, there will be no additional license fees. If you are currently utilizing a print-image method for claim submission to a clearing house vendor or are not currently using EDI transactions and wish to start using the HIPAA-mandated ANSI transaction sets, additional license fees may apply.

(6 of 6)

Does the application have the functionality to accommodate Provider Identifier and National Payer Identifier?

(6 of 6)

Once these regulations are finalized, we will evaluate our software based on the regulations. Existing standard fields will be used if possible. Fields will be added to the system, if needed, to support these ID codes.