Using custom business rules for HIPAA

In ConnectALL by Johnathan McGowan

Organizations, healthcare providers, researchers, companies providing billing and other services to healthcare providers, and others may require that confidential patient information is moved from one system to another. The Health Insurance Portability and Accountability Act (HIPAA), along with a more stringent set of requirements (Health Information Technology for Economic and Clinical Health Act, or HITECH Act) that followed the original HIPAA, describes the types of protections necessary to assure a patient’s privacy. Violations of HIPAA have resulted in fines that ran into six figures.

In one recent case, a group of researchers wanted to grab collected data from its clinics for research use. However, to meet HIPAA requirements and ensure research validity, the researchers were not allowed to know the name, age, or any other identifying information regarding individual patients. Patient data had to be anonymized. A script had to be developed that used rules to handle this.

Business rules define how data will be mapped. A simple script (written in Java, Javascript, Python, Ruby, or another scripting language) can define the rules applied to the source data, as well as define the data that will become the target data. Once the rules are written, they can become part of the workflow of Go2Group’s ConnectALL, and be automatically applied to the source data. If new fields are added, a simple change can be made in the script to accommodate any special rules applying to the data.

Using Go2Group’s ConnectALL with custom business rules can help an organization move data between or across systems. It can map fields or data within a system (e.g., from a patient management system that requires patient identification data) to another internal system (e.g., a patient billing system that does not require all the information the patient management system collects) within the organization.

Go2Group’s consultants can help organizations define and implement business rules to assure HIPAA compliance. To learn more about ConnectALL, or for information about Go2Group’s consulting services, please contact us.