HIPAA > HIPAA

logging on as administrator

(1/2) > >>

ste:
In the August/September issue of BC Advantage magazine there is an article titled "They Say They Are HIPAA Compliant, But..."
The article discusses software programs that require users to log on as administrator as not being in compliance. Both DAQbilling and Practicemate require users to log on as administrators. Does this mean that these PMS programs are not HIPAA compliant?
Steve

PMRNC:
Have not read the article, however the software should allow for administrator and user login, all PM softwares need that for the audit trail in addition to being HIPAA compliant. Not sure why having an admin login would make it NOT compliant unless others are USING that one admin login! Each person should be assigned their own login.
DAQ is most certainly HIPAA compliant. Without seeing the article I can't really see if you were mis-reading anything.

ste:
When a person turns on their computer they have the option of logging on as a standard user or an administrative user. The former is safer while being on-line, because viruses are less likely to infect the computer, and also standard users cannot alter many settings on their computers. Administrative users, like viruses, can adjust settings on a computer, consequently it is not too terribly safe to surf the internet while being logged on to your own computer as an administrator.

Most PMS programs, like DAQbilling and Practicemate, require users to log on to their own computers as administrators not as standard users, otherwise the program doesn't work or you just can't log on.

The author clearly states, "This is only my opinion", and makes a disclaimer about not being a lawyer. Furthermore the article relates more toward larger organizations and doctor office settings rather than some cottage billing operation, such as myself. Summerlin's arguments restrict themselves to those individuals working on a computer with administrative rights which gives them full access to everything on the program when perhaps all they really need access to might be scheduling.

However, let us assume for the moment that I have Antek's program downloaded onto my computer. Then one morning I wake up, log on to my computer with administrative rights, click on the DAQbilling icon, type in my user name and password, hit enter and watch the paw prints develop across the screen. At that point, because I am logged on to my computer as an administrator, DAQbilling has complete access to everything on my computer. Since both Antek and my billing operation are covered entities under HIPAA and therefore subjected to the Minimum Necessity clause has Antek made a reasonable effort to determine how much information, from my computer in this case, is needed to serve the purpose for which it is being used?

Michele:
Haven't had time to read my copy yet.  I'm planning on reading it this week and now I'm looking forward to that article.  I'll let you know what I think!

Michele

PMRNC:
Ok, I found the article at this link http://www.prodatamgmt.com/submittedarticle.pdf.
I'm not sure if the person who has it on their site has permission to do so but there it is.

Anyway, the writer DOES makes a point..however in MOST offices the staff's jobs are all intertwined/connected so their need to know access is there, it's NOT likely the person who does the scheduling should only be a standard user because she could be on the phone with the patient and the patient will ask "Oh by the way, what's my copay?, What's my balance" It's not very efficient for the scheduling person to say, "Oh I don't have access to that, let me find the biller." 
The author of the article appears to be a third party billing company but making assumptions about the as needed feature of the administrator operator of the PC. What I think is unfair is that PC Owners have a different level of responsibility. If I am the physician I want my staff to have access all the information they need to do their jobs, but it's MY responsibility to be sure we are running proper firewalls, anti-virus, etc. The software vendor is responsible for meeting the minimum standards to which most (if not all do).

Not for nothing but I was a bit offended by the "cottage" biller remark, it's not too difficult to know where that came from.  ???  Maybe I just needed to have that second cup of coffee.

Navigation

[0] Message Index

[#] Next page