We’re in the final planning stages of an OpenEMR feature upgrade that we plan to submit to the community once we’ve got it up and running properly. The upgrades will integrate text and voice messaging within OpenEMR (via Asterisk). One of the things our developers brought up in this mornings meeting (and something we’re definitely always mindful of) is HIPAA compliance. We asked our lawyer but he can sometimes take days to respond so I thought I’d come here and ask as well.
While we are comfortable with text messaging (we’re using phone validation, logging, etc) we have an issue with voice calling. Let’s say we have the software call a patient to remind them of an upcoming appointment and that’s all it does. It gives a date and time. Is it a violation of HIPAA if someone OTHER THAN the patient picks up the phone and receives this message?
yes, unless the prcedure was previously approved by the patient,
there’s a field for that under demographics,
so before seting the calling file, the script should check if that permission is in place,
another way to do it is set up the call so before continuing the patient needs to enter some digit,
like if you are such and such, enter "1"
or the last four of the ssn if you want it more complicated,
In our office we ave a separate calling program that takes a text file with the next days appointments. As the machine calls the numbers it records a date and time log of whether the call was 1) not answered, 2) answered by a voice messaging system, 3) picked up and answered by human voice.
This is a very nice feature for our office that has been very useful at increasing patient volume. Up to 1/3 - 1/2 of the scheduled patients forget the scheduled appointments. This happens the most on patients who are scheduled out 3-12 months. There just forget about the appointment. The telephone reminder dramatically helps our absenteeism rate.
Technically, our existing program does not check for valid HIPPA permission to leave a message. Adding a check for the HIPPA permission as suggested by Andres would be a big plus.
Another refinement that would be very useful is the ability to remind people some days in advance when they need to come in for advance blood work in anticipation for an upcoming visit. So there is a need for two such lists. The first is the call to come in 3 days early for blood work. The second list is for "come in tomorrow at "X PM" for your appointment.
I have been working on a feature list that our competitors have and what we do not. And of course the features that we have that they do not. By looking at "web page features" OpenEMR appears to have a more sophisticated and flexible access control mechanism as an example. If you are interested I could e-mail you this list privately. It is in an OpenOffice spread sheet format. What I mean by competition are the big proprietary systems: NextGen, Logician, A4 Health.
I am working on a "Road Map" for OpenEMR. I will be posting this on http://www.oemr.org/ as I make more progress.