HIPAA Compliant Accounts Payable Automation
In the quarter-century since HIPAA was first enacted, we’ve seen and heard the acronym so much it’s become burned into our personal lexicon, and rightly so. HIPAA (not HIPPA, as it’s sometimes mistakenly spelled) stands for Health Insurance Portability and Accountability Act. The law was enacted in 1996 by the federal government in response to complaints about access to sensitive health records, especially in the age of the Internet. HIPAA set forth new requirements for the secure access, storage and exchange of health information that extend beyond hospitals, such as HIPAA compliant accounts payable automation.
This, of course, is a simplified version of everything HIPAA does; the text of the law is quite long and involved. But for purposes of accounts payable departments, the most important part of the legislation has to do with securing health and medical information. Put succinctly, anyone – even those not directly involved in the healthcare industry – who comes in contact with private health records has certain affirmative obligations with regard to viewing, storing and sharing those records. Accounts Payable departments are no exception. That’s why leading accounts payable automation provider, iPayables, designed its E-invoicing InvoiceWorks® to be fully HIPAA compliant.
HIPAA’s security rules break down into three factors.
- Administrative, which requires that all personnel follow strict guidelines to assure that sensitive information is accurate and handled properly.
- Physical, which deals with the methods of data storage as well as how and by whom that data is accessed.
- Technical, which covers the means by which the first two are achieved.
Any payables automation solution meant to work in healthcare must ensure that these guidelines are met. In the iPayables solution, this is done by, first, taking paper – the weakest link in secure record-keeping – out of the equation. Second, providing a central storage place for all data coming and going between the AP department and outside suppliers and subcontractors. Third, offering its own secure methods of access so that only authorized personnel can see that data. And finally, our system tracks who has seen, or edited, what invoices and when they saw, or edited, them.
With InvoiceWorks®, all personal information concerning a patient can be retrieved and corrected electronically from one central location. Just as important, a full list of those who have seen that information is made available. This becomes even more important when audit time rolls around. However, with HIPAA compliant electronic invoicing, compliance is better assured because of the built-in security measures and centralized records.