Privacy and Confidentiality
requires all covered entities (providers, payors, clearing
houses) and their business associates who have access
to protected health information (PHI) to protect patient
privacy and confidentiality. This is how Apollo helps
a physician enforce HIPAA privacy requirements:
- Patient is served a Notice of Privacy Practices at
the time he is making an appointment online. The same
notice is available to be printed and signed by the
patient by just a click at the ‘Apollo Check
in/Check out screen’.
Notice of Authorization for release of patient information
which allows providers to release PHI to payors and
other entities is also available to be printed by
just one click.
Patient has access to all his medical information
online. He also has the authority to release his information
and can amend his personal information online.
The designated officer at Apollo enforce HIPAA policies
All business associates of Apollo are either HIPAA
certified or they have to sign and enforce privacy
and security agreements according to HIPAA guidelines
are several guidelines (currently in draft form) that
will form the HIPAA security regulations and they will
likely become compliance requirements for providers
in 2004. We at Apollo are closely monitoring these guidelines
in order to be able to help our physicians implement
them effectively and efficiently. Apollo has taken the
following measures to enforce administrative, technical,
and physical security of the patient information.
In Apollo, audits trails keep an audit of all accesses
and edits to patient records
Unique and confidential user identification number
and passwords to access any patient information is
Auto-logoff of user accounts after a specified period
of time to help prevent unauthorized access
All Apollo staff and business associates are required
to sign and follow strict security contracts to ensure
security of patient information
Apollo is hosted at an extremely secure facility which
is HIPAA certified. The patient information is secured
both physically and technically.
128-bit encryption, Secure Socket Layers (SSLs) and
firewalls protect all system data.
Application and Database servers are accessible only
by extremely secure connections by limited and authorized
mandates that all electronic exchanges of health information
should be conducted according to specific standards.
Under this requirement, as of October 16, 2003, all
current electronic transaction formats for claims, eligibility,
remittance and other functions must be replaced by a
nationally standardized set of transaction formats.
This is the ANSI X12 format. At Apollo we have built
our Electronic Data Interface (EDI) based on all such
ANSI X12 formats.
Apollo EDI produces HIPAA compliant files for all such
functions (837 for claims, 270 for eligibility verification
etc). Apollo EDI also receives and parses all HIPAA
compliant files received (835 for remittance advice
etc.). In future EDI enhancements will also be based
on HIPAA compliancy. At Apollo we are systematically
testing ANSI claims on a payor by payor basis to address
payor specific companion guidelines. We are willing
to clear and provide any 3rd party certification if
requested by any of our physician even if it is not
required by HIPAA.