Guest Column | August 19, 2019

6 Ways Technology Enables Better Healthcare Compliance

By Kayla Matthews, Productivity Bytes


Technology can make a big impact when it’s brought to bear on the right problems and presented with worthwhile challenges. That makes technology a perfect ally in the fight for a more effective, efficient, inclusive, and cost-effective healthcare industry.

Technology has a role to play in helping healthcare providers achieve and stay in compliance, too. Here’s a look at six ways it’s doing so.

1. Providing Historical Data For Compliance, Liability And More

Compliance in the healthcare industry is vital for achieving the best possible patient outcomes. But it’s also important for keeping hospitals, doctors, nurses, and specialists safe in the event that something goes wrong or a patient experiences unintended harm.

It is an expected part of practicing medicine that doctors and nurses make decisions based on as much data as is presently available. And if the worst does happen, healthcare providers may need access to historical data to help iron out which parties knew what details, and when.

This rich historical data isn’t just a useful trail of breadcrumbs for keeping matters of compliance and liability clear within an organization. It’s also a way for healthcare organizations to lay the groundwork for more impressive analytical modeling and improve outcomes even further by drawing on anonymized historical patient databases.

2. Securing Patient Documents At Rest And In Transit

Technology is a double-edged sword in healthcare. The technology we rely on makes us vulnerable to cybercrime and other disruptive influences. But technology also provides protections from those same threats — an important consideration as security and privacy regulations in major healthcare markets become ever more stringent.

Among other things, remaining in full compliance with HIPAA requires that healthcare organizations apply Stage 1 Meaningful Use security practices to all shared electronic documents. Previously, this rule applied only to electronic health records.

To meet this compliance requirement, healthcare providers turn to document storage solutions with encryption built in. HIPAA requires that providers “implement a mechanism to encrypt PHI whenever deemed appropriate.” This covers every transmission mechanism – including email and instant message – although providers can choose whether to encrypt documents sent over email based on the degree of confidentiality.

Modern healthcare providers require investments in encrypted document storage and instant messaging – and they’re well-advised to choose their email provider carefully too. The use of mobile and even personal devices in healthcare workplaces is common and rising, but technology both raises the stakes for their use and provides the means to do so safely.

3. Making Document Retrieval Lightning Fast And More Accessible

One of the other compliance rules under the most recent revision of HIPAA concerns the speed with which healthcare organizations must provide patients with electronic copies of their medical records after being asked to do so.

There was no time limit under previous versions of HIPAA, which presented a barrier in some cases where patients need to transfer electronic records to a new provider or a specialist. Current HIPAA guidelines require healthcare entities to provide electronic medical records within 36 hours of the request.

What this means is that cloud-based healthcare infrastructure is a must-have for any healthcare providers with more than one location. This technology helps provide ultimate assurance that records are protected in the event of a data loss and can be retrieved at any time when patients make an information request.

4. Making Patient Progress Visible

In some regulatory environments, including where The Joint Commission’s Behavioral Healthcare Standards apply, care providers are required to come up with a way to reliably measure and report on patient progress over the course of treatment. Four Winds Hospital is one example of a healthcare organization tackling this compliance requirement with technology.

CEO Dr. Samuel Bastien says the hospital found success using the Behavior and Symptom Identification Scale (BASIS-32) alongside Dynamic Forms survey tools to evaluate and plot outcomes for those at inpatient facilities as well as partial hospitalization programs (PHP) and intensive outpatient programs (IOP).

The result is an organic evaluation of a patient’s progress over time, in secure digital form, based on self-reported symptoms. It’s not just critical for compliance — it’s essential for doctors and patients to be on the same page with one another.

5. Reducing Errors And Streamlining Core Functions

Automation isn’t just establishing a presence in factories — it’s vital in healthcare, too. Automation provides the means for healthcare organizations to reduce human error and streamline their major back office functions.

This is important for patient outcomes and it’s useful for keeping back office functions on track and accurate, including recording and organizing patient records, scheduling appointments, and reaching out to patients with appointment reminders.

But automation is also important for compliance and liability. Tort laws provide a framework for guidance on professional liability, but some scholarly voices are calling for more robust laws concerning the disclosure of medical errors to patients. These are called “disclosure laws” or, depending on the severity of the circumstances, “apology laws.”

Automation in healthcare greatly reduces the likelihood of mistakes in transcription, medication dosage, and surgical procedures, plus a host of other errors that might end in tragedy.

In one trial, automated data entry alone reduced the likelihood of medication administration errors by an odds ratio of .53. This means that the group under study demonstrated around a 50 percent lower likelihood than the control group to experience a medical error.

6. Making On-Premises Security More Robust

If there’s one aspect of compliance and cybersecurity that’s surprisingly easy to overlook, it’s physical access to sites that store or process high-value data. That includes electronic patient health information (“ePHI”).

HIPAA publishes guidelines on physical safeguards for healthcare organizations. There are several of note, some of which are “required” and some of which are “addressable.” Note that “addressable” does not mean “optional” – it means exemptions may apply to some types of organizations. Here are two examples:

  • Required: Organizations must draw up a policy for the secure placement of workstations used to access ePHI.
  • Addressable: Organizations must have a policy in place for granting and revoking facility access.

Implementing proper digital access controls in data centers carrying ePHI reduces the likelihood of data theft by disgruntled employees and thieves who single out a facility for physical robbery. Plus, biometrics help ensure there isn’t any access to sensitive areas – unintentional or otherwise – such as server closets and ePHI workstations.

In a thousand ways, technology is transforming healthcare and the patient experience. But it’s an ally for organizations that want to streamline and add peace of mind to their compliance efforts, too.

About The Author

Kayla Matthews is a MedTech writer whose work has appeared on HIT Consultant, Medical Economics and HITECH Answers, among other industry publications. To read more from Kayla, please connect with her on LinkedIn, or visit her personal tech blog at