carepaths^TM

Transaction Sets

As of October 16, 2003, all electronic claims and related transactions were required to comply with HIPAA-designated standard ANSI formats. The CarePaths system currently handles all of its supported electronic transactions in compliance with HIPAA.

Professional Claims (ANSI X12 837P): CarePaths eClaims service uses HIPAA-certified clearinghouses to submit compliant 837P claim transactions to all supported payers. CarePaths also takes responsibility for transmitting the data using HIPAA-compliant secure file transfer mechanisms. In addition, CarePaths allows a Claredi-certified 837P file to be downloaded for our clients to submit on their own through a third party gateway. (Note that this downloaded file is certified to national standards; specific payer requirements may vary.)

Electronic Remittance Advice (ANSI X12 835): CarePaths Remittance service processes HIPAA-compliant 835 remittance files (electronic EOBs) from payers through our partner clearinghouses. The automatic posting of payment data improves accuracy, reduces data entry costs and results in more rapid sending of patient statements.

Security

Effective April 2005, HIPAA mandated security measures to (1) physically and electronically secure electronic protected health information (PHI) against unauthorized retrieval, (2) reliably store the electronic data, and (3) provide for emergency access to the data. CarePaths eRecord meets each of these security requitements.

CarePaths eRecord is a full-service, secure data management solution that stores all of your electronic data in a secure datacenter facility that features multiple levels of security measures, including biometric access, 24-hour monitoring and patrolling, locked server cages, state-of-the-art firewall protection, and NSA-approved procedures and policies. In addition, CarePath salso provides a robust 3-level backup and disaster-recovery planning. Your data is backed up securely approximately every hour, with off-site backup every week. Every backup is also verified to restore correctly.

Other tools CarePaths provides to assist you in your Security Rule compliance:

• Secure transfer: CarePaths uses SSL 128-bit encryption to safeguard the electronic transfer of all data – the same level of security as bank and Federal transactions.
• Automatic logout: The Security Rule includes requirements that users be automatically logged out after a period of time, to prevent unauthorized access of patient records.
• User logging: CarePaths automatically tracks all users logging into and out of the system for reference by a system administrator.
• Audit trail: The system permanently tracks any changes made to PHI, so those changes can be reviewed at any time by a system administrator.

Privacy

Privacy regulations protect the confidentiality of the patient’s individual medical information with respect to others. These privacy regulations apply to all PHI – paper, verbal and electronic. Once any information that may reveal a patient’s identity is added to a document and that document is stored or electronically transmitted, the privacy provisions are in force.

CarePaths offers some key privacy tools for our clients:

• User roles: The system restricts access to PHI based on administrative rights and user roles, so that the electronic information is revealed only to those whom you authorize.
• Consent: CarePaths provides a set of helpful patient consent management tools, including electronic form storage and automated reminders.

As a Business Associate of our clients, CarePaths is permitted access and use of PHI only as necessitated to deliver our contracted services to our clients. This includes secure storage of patient data, and access to that data as needed to perform support and consulting services requested by our clients. Our in-house support teams have strict guidelines and policies on confidentiality of and immediate destruction of PHI, once the specific support or consulting service is complete.

Our HIPAA Relationships

Medical providers are designated as “Covered Entities” under the regulations. Those covered entities are responsible to ensure that their agents and business partners meet certain obligations with respect to privacy and security. Such parties are designated as “Business Associates”, and the

provider generally will have a “Business Associate Agreement” with those parties to ensure those obligations are met. CarePaths includes a Business Associate agreement as part of its standard Terms of Service for all clients.

As the HIPAA regulations continue to change and various deadlines arrive, CarePaths will continue to lead the way in providing the best tools to help you meet your HIPAA obligations.