How Automation Can Help with Data Compliance in Health Care

by Donna Horton, in Tech Talk, posted 5/13/13
image for article

A large amount of customers in the health care industry have already turned to automation to help process the immeasurable amount of data surrounding physicians, patients, insurance and medical information.  Nevertheless, with a surge in HIPAA compliance issues plaguing the past two years and “the most sweeping changes going into effect” last month, automation will be even more important to companies and organizations looking to meet HIPAA standards.

Health care organizations are already automating:

  • Validating insurance information
  • Patient scheduling and notifications
  • Integration with legacy data systems (Star McKesson, Paragon, etc.)
  • Medical billing
  • Management of medical records 

And that is just to name a few. With so much data in the medical industry requiring automation, the list above barely touches the surface of automation projects.  On top of that, they now need to add security measures to ensure patient confidentiality.

Background

HIPAA, or the Health Insurance Portability and Accountability Act, was passed in 1996 to require national standards for electronic health care transactions and security.  With technology improving so rapidly, the United States Congress realized that the progression in electronic technology might erode the privacy of health care information. 

The privacy portion of HIPAA’s Administrative Simplification Statue and Rules was later amended with additional protection standards for individually identifiable health information regarding health plans, health care clearinghouses, and health care providers.  In a nutshell, the HIPAA Administrative Simplification rules protect confidentiality, integrity, and the availability of electronically transmitted health information.

With the new rules and standards in place, one physician put it: “We are in dire need of a secure, fast, and convenient way to discuss and coordinate patient care.” But for the companies that already use automation in many of their processes, it will be useful to add these necassary security features into their current automated jobs.

How Automation Helps

Since HIPAA standards are nationwide, Network Automation has taken precautions to ensure the sensitivity of private data is being protected.  With all of the processes stated earlier, health care organizations can add security features to jobs they are currently running based on a specific task or a user’s security clearance.

AutoMate provides two different levels of security depending on the company’s needs.  In AutoMate, security can be placed on each task, whereas the BPA Server’s Enterprise edition contains exclusive security rights and permissions on every object associated with electronic data.

In fact, AutoMate's Security Actions used to protect data and maintain confidentially are:

  • Secure FTP File Transfers with Passwords, Keys, Certificates, SSL/TLS Explicit/Implicit
  • File Encryption and Decryption with Open PGP, PGP Certificates, Passphrases and Keys
  • AS2 (Applicability Statement 2) Secure Data Transmissions
  • Security Logon Authentication

Below, you will find different ways you can assign security to comply with HIPAA standards and rules.

Task Password Protection

In our AutoMate application, every Task project contains properties, including ‘Security’ (Figure 1):

AutoMate Task Properties

Figure 1: AutoMate Task Properties 

The type of security available for AutoMate Tasks is through “Password Protection” for Manually Running, Property Modifications, and Property Viewing.  Additionally, each AutoMate Task has a file associated with it that can be encrypted and “password protected” to stop users without proper permissions from opening the Task file and reviewing the contents. 

See the Task Password Protection Options in “Figure 2” that can be applied for HIPAA compliance.    

 Password Protection Options

Figure 2: AutoMate Task Password Protection Options

With BPA Server, there are multiple levels of security for data protection and HIPAA compliance.  User accounts, user groups, and permissions enable tight control over automation projects throughout the automation life cycle—from initial development to testing and full-scale production.  The Users and User Groups provide security to objects and components encompassed in the BPA Server.  When adding users, Active Directory login, and password authentication is manageable when necessary; this is shown in the ‘Add a User’ “Figure 3” screen below:

 Add User 

Figure 3: Add a User Window

User Level Protection

Once a user is added, permissions can be assigned to objects at the User Level or at the User Group Level (if the user is assigned to a group).  A designated BPA Server Administrator typically assigns roles and permissions based on the Objects, which can be a task, event or condition, or process.  In BPA’s Server Management Console, as shown in “Figure 4”, each folder and Workflow Object contain security properties.  

 Server Management Console 

Figure 4: BPA Server Management Console 

All BPA Workflows contain properties similar to AutoMate Tasks.  Security is one of the properties included for protecting automation workflow projects (Figure 5).  

 Workflow Properties

Figure 5: Workflow Properties 

Assignment Protection

BPA Server provides a full list of permissions for assignments with options to allow or deny access.  Upon clicking on Security, you can choose the permissions for Workflows, Folders and Repository, Tasks and Condition Objects. These include further options, such as Full Control, Read, Edit, Delete, Move, Toggle Enable, Manual Run, Import, Export, Staging, Assign in Workflow, and Change Security (see “Figure 6”). 

Security Settings

 Permissions

  Permissions

Figure 6: Workflow, Repository Task and Folder Security Permissions 

NOTE: The list of Security Permissions above is accessible by highlighting and right clicking on the Folders, Repository Task Object, Repository Condition Object, or Process items, as shown below.

The Folder Properties 

 Folder Properties

The Repository Task Objects Properties

 Repository Task Objects

The Repository Condition Object Properties 

 Repository Condition Object

The Agent Object Properties

These are available for protecting the Agents.  This is relevant for when the automation projects that run pertain specifically to managing Agents.  For this setting, the permissions are Full Control, Read, Edit, Delete, Move, Toggle Enable, Staging, Assign in Workflow, and Change Security.

Agent Object Properties

Permissions

 Permissions

System Security Protection

The System Security Objects control the protection of all of the other components on the BPA Server.  The administrator can allow or deny security based on Full Control of the systems permissions, Deploy Agent, View Reports, View or Edit Preferences, View or Edit Server Settings, View or Edit Default Properties, View or Edit Licenses. (See below.)

System Permissions

Permissions

Permissions

All automaton projects— whether application management and integration (proprietary and mainstream), database querying, FTP/SFTP file transfers, AS2 data transmission, file encryption, sending and/or receiving emails, web-based interaction, SharePoint communication, OCR dissection and any other type of automation—can be configurable as HIPAA secure.  AutoMate’s real-time security defenses ensures HIPAA standards and rules are adhered to by preventing the use and disclosure of individuals’ health information.  Whatever security feature you need to implement, AutoMate’s and AutoMate BPA Server’s architecture protects patient information, and allows for any health care organization to be HIPAA compliant. 

 

 

Health Care Case Studies