In 2020, health care providers, health plans, health care clearinghouses, and business associates of those entities reported 642 total data breaches—25% more than in 2019 (which was also a record-breaking year). “More than twice the number of data breaches are now being reported than six years ago,” HIPAA Journal reports, “and three times the number of data breaches that occurred in 2010.”
This is a concern both for individual patients and the health care providers that they rely on for care. With many of these providers in the very early stages of adopting innovative technologies, most rely on basic systems. Such as QuickBooks combined with separate billing and patient management systems to run their operations.
“Companies that break from the cycle of continuing to layer more manual processes and point solutions on top of the problem, and that opt for a unified platform that complies with HIPAA rules, will come out the winners.”Matt Hayton, Client Engagement, Caravel Partners
This can create vulnerabilities and increase the risk of security breaches. With multiple different data storage locations to manage, for example, controlling that data and keeping it safe becomes increasingly difficult.
Ensuring compliance with the health information portability and accessibility act (HIPAA) is equally challenging. This is mainly because the information has to be transferred back and forth across billing, patient management, and other solutions. These entities face scrutiny when gathering, storing, and/or sharing information. Without the metrics and reports that allow them to track and monitor their business operations, health care organizations can’t effectively address problems or make good decisions.
A Three-Pronged Solution for Health Care
- Option #1: NetSuite’s unique identifiers manually keep protected health information outside of the ERP platform. It does this while also providing access to it within the system itself. “By linking patient data with an external ID or unique identifier, medical providers can manage the data while staying HIPAA compliant,” said Matt Hayton.
- Option #2: Embed a link within NetSuite that effectively “pushes” out the protected health information (PHI). This is stored in a different HIPAA-compliant system. “We can encrypt the data and then embed a secure link,” Hayton explained, “thus allowing the organization to access that information as needed.”
- Option #3: Used less often but applicable for some organizations, the third option involves Caravel Partners working with a third-party software provider. These providers may offer an extensive HIPAA-compliant platform. The PHI data is then housed on that platform and doesn’t interact with the ERP.
Using a methodology created specifically for health care companies, Caravel Partners takes four to six months to implement NetSuite. This methodology includes the best data compliance option (from the above list). Thus Caravel not only solves the companies’ HIPAA compliance challenges but also helps them consolidate their different software systems.
The disparate systems typically include—but aren’t limited to—laboratory information systems (LIS), patient management systems (PMS), electronic medical record systems (EMR), plus a proprietary data warehouse for storing all of the data that runs through these platforms.
Going Well Beyond the Basics
By merging HIPAA compliance capabilities with a leading ERP solution, Caravel gives health care companies one data repository to work from. As well as expansive reporting capabilities, and a holistic view of their operations. None of which was possible using separate patient management systems and QuickBooks or other accounting software packages. And because the ERP reduces the number of external systems needed to run their operations, organizations save money and time.
Other “wins” that companies see once they have NetSuite in place include automated transactions, data summarization, and improved financial
reporting. A medical practice, for example, will gain access to better financial reporting at both the clinic and doctor/procedural level. A distributor of medical test kits, on the other hand, can use the system to drive better analytics around testing and other kit-related metrics.
“We recently worked with a group of 20 medical clinics that lacked a data governance policy and, therefore, visibility into its operations,” Hayton explained. “We integrated one of their EMR systems with NetSuite, which ties together the financial revenue, cost, and inventory levels, providing better visibility into the location-based profitability.”
The same organization began using NetSuite for equipment and asset tracking. They can now more effectively evaluate and track the multimillion-dollar MRI machines (and other equipment) their clinics use.
Locking Down Patient Data
With health care data breaches increasing and point technology systems proliferating, organizations need to consolidate onto a single platform. These platforms should also support HIPAA compliance. NetSuite and Caravel work together to provide health care organizations the tools to keep patient data safe. This includes benefits such as:
- Automated transaction capabilities
- Better data governance and HIPAA compliance
- Data summarization
- Equipment and asset management tracking
- High levels of operational visibility
- Fully-automated business processes
- Improved financial reporting