NexTech Inc.’s Statement On HIPAA Compliance

 

As the new HIPAA regulations come into effect, it can often be overwhelming to your staff to be able to change your business practices to become compliant. A common source of confusion is the role your practice management software plays in your efforts to adhere to these new standards. Please allow us to explain how NexTech Practice can aid your practice in its efforts to be HIPAA compliant.

 

How can NexTech Practice help my practice become HIPAA compliant?

 

A practice management software system alone cannot make your practice HIPAA compliant, but it can help assist you in maintaining compliance more easily. There are four main standards through which using NexTech Practice can help. (To better understand these standards and how they affect your practice, you should review them at the official HIPAA web site: http://cms.hhs.gov/hipaa/.)

 

A)    An Electronic Transaction standard (ANSI X12 4010).  This standard is the most important in terms of requiring software assistance. HIPAA guidelines require all electronically submitted insurance claims to adhere to a universal transmission format, ANSI X12 4010. The stated deadline for this requirement was October 16, 2002, however most insurance companies filed extensions through October 16, 2003. Insurance companies and clearinghouse vendors are currently beginning to support this standard during the summer of 2003. If you do not intend to file claims electronically, this standard does not apply to you.

 

NexTech Practice has passed ANSI X12 4010 testing and is fully compatible with this transaction format. In addition to certifying our software with many insurance companies and clearinghouses nationwide, we have registered with EDIFECS (http://www.edifecs.com), an independent HIPAA transaction validator, and received their certification of our claim submissions.

 

B)     A Privacy standard. This standard lays out the conditions under which a patient’s health information can be disclosed, and specifies internal procedures for medical offices. The deadline for compliance was April 14, 2003. While the privacy standard does not place any requirements on software, NexTech Practice can be used in a manner consistent with these regulations through our access control features such as user permissions.

 

C)    A standard of Universal Identifiers for doctors, employees and other healthcare personnel.  This rule is causing much controversy and there is currently legislation pending to possibly remove it from the HIPAA rule prior to its deadline of July 30th, 2004. However, NexTech Practice is compatible with this standard and will be updated appropriately as the rule changes.

 

D)    A Security standard. This standard specifies technical security measures, including areas such as auditing, encryption, access control, and more. These standards are the newest to be announced -published on February 13th, 2003 - and the last to be enforced, with a compliance date of April 21st, 2005. NexTech has already developed many of the requirements of this rule, such as auditing, access control, user identification, and data contingency planning. NexTech Practice will remain in full compliance with all security standards well before the 2005 deadline.

 

In summary, NexTech Practice is compatible with all currently enforced HIPAA standards, and can greatly assist your office as part of your HIPAA solution. If future standards necessitate modifications to our software, we will make updates available at no additional charge to all clients that have active maintenance agreements.