|
The Colorado Hospital Association (CHA) wanted to modernize its data collection program by harnessing the power and connectivity of the Internet. In migrating to a Web-based program, CHA faced a critical decision: how to continue to protect the confidentiality of medical discharge records that would be transmitted over the Internet—a requirement now federally mandated by the 1996 U.S. Health Insurance Portability and Accountability Act (HIPAA).
- A nonprofit organization with 70 members, including private & government-operated, metropolitan & rural, large & small, investor-owned & not-for-profit hospitals
- The organization comprises more than 44,000 employees & a combined payroll of more than $1.8 billion
- Dedicated to promoting public understanding of the health care system & to providing services and leadership to its members through education, information, advocacy, &representation
- Streamlining a time- & labor-intensive manual process of patient discharge data collection
- Generating secure, digitally encrypted, signed reports
- Protecting confidential patient information in transit & in storage as mandated by HIPAA
- PGP technology is a well-accepted industry standard for encryption
- An email encryption solution suitable for nonprofit organizations
- An encryption solution that interoperates seamlessly with CHA members’ installed email applications
Since 1921, the Colorado Health & Hospital Association (CHA) has worked to enhance the quality of health care in Colorado and serve the needs of its 70 hospital members. Each year, the nonprofit organization’s staff researches and responds to a broad range of issues for members and the community—from medical records retention and patient satisfaction measurement to governmental regulations and health district law.
Providing accurate data on such topics as utilization, revenues, and expenses is critical as hospitals develop new strategies to accommodate changes in health care delivery as well as meet competitive pressures. To support its members’ needs, CHA has become a national leader in developing meaningful data systems and providing useful information to assist members with their public accountability responsibilities and competitive market position.
One such program is the Association’s quarterly and annual publication of patient discharge data. This information, a subset of medical records, tracks diagnoses, procedures performed, and related charges. The reports capture statistics of 800,000 medical records annually, covering all in-patient and hospital ambulatory surgeries provided by the CHA’s 70 members.
The CHA has been collecting and distributing these patient discharge data reports for nearly 20 years. In the past, each hospital would process medical records using a database application written in DOS. The data was forwarded to the Association via private, dial-up modems to protect the confidentiality of the records. CHA staff would review all the data submitted for accuracy and then send it back to the hospitals for code corrections. Hospital staff would edit their database entries accordingly and re-transmit the data to the Association for report compilation.
“As you can imagine, this was a labor- and time-intensive process,” explains Finn. “Besides all the manual data entry by hospital personnel and our staff having to review two sets of reports from each member, we’d get involved with individual hospitals to help them correct their specific database problems.”
In migrating to a Web-based program, however, the CHA faced a critical decision: how to continue to protect the confidentiality of medical discharge records that would be transmitted over the Internet. Further, this requirement was now federally mandated by the 1996 U.S. Health Insurance Portability and Accountability Act (HIPAA).
The CHA needed to modernize its data collection program, eliminate private dial-up lines, and harness the power and connectivity of the Internet so it could streamline the entire process. “We wanted our members to be able to generate secure, digitally encrypted, signed reports,” says Finn. “We needed 128-bit encryption and the strength and security of an application that would protect patient discharge data while in transit and in storage.”
According to Finn, CHA chose PGP Desktop Email for several reasons. “First, we knew that our members’ IS staffs would recognize and trust PGP technology because it’s a well-accepted standard,” he explains. “Second, it’s a low-cost solution. Other products are pretty expensive. As a nonprofit organization, cost is an important factor for us. And, third, the PGP solution will coexist with any email application our members may be using.”
“We’ve been working on this conversion process for nearly 2 years,” says Finn. “With the adoption of PGP Desktop Email, it’s complete. About 30 hospitals have already converted to the new program and the rest will be online in 2 to 3 months.”
After hospital personnel have submitted medical records to CHA, they open their email client and authenticate with PGP software to view medical reports. They then correct the medical records securely online and feed the data directly to CHA’s central server. Even when the discharge reports are sitting on a hospital’s PC, every edit can be digitally encrypted and signed using PGP encryption software to protect patient confidentiality.
The time and cost savings resulting from the new approach are significant. Previously, CHA staff would spend an entire day at each hospital site to install the old DOS application and train users. The documentation was extensive, and users had to memorize function keys. Now, it takes about 45 minutes for members to install the program, and Finn can walk users through training in a 15-minute phone call. CHA has reduced costs significantly by eliminating the on-site installation and training trips and dramatically cutting the Data Department’s member support costs.
The CHA is one of a number of similar associations across the country. “We’ll be sharing information about our program with a half dozen associations that are still using legacy systems with dial-up lines,” adds Finn. “Hopefully, this will give others the opportunity to learn from our experience and enjoy the benefits of streamlining their data collection efforts. It will also help others accelerate their compliance with HIPAA’s privacy and security standards in electronic data transmission and storage requirements for identification, authorization, integrity, and auditing.” |
 |
 | "We wanted our members to be able to generate secure, digitally encrypted, signed reports. We knew that our members' IS staffs would recognize and trust PGP® technology because it's a well-accepted standard." – Bob Finn, Network Engineer, Colorado Hospital Association (CHA) |  |
|
