Bottom Line

HIPAA recommends that all Covered Entities (CE) possess a training manual for workflow processes.  As a Business Associate (BA), ScanSTAT takes on the full responsibility for HIPAA compliance as it relates to functions performed on behalf of our clients.  HIPAA governs nearly every workflow executed at ScanSTAT.  We are in constant communication with our legal counsel to guarantee that all training and documentation is current and compliant.

Release of Information and HIPAA Procedures are ever evolving

Documented policies and procedures are in place at ScanSTAT to prevent disclosure errors, including breaches and violations (see related FAQ).  The 2015 ScanSTAT Error Rate, defined as total breaches and/or violations handled by ScanSTAT that resulted in unauthorized disclosures was 0.0379% (less than four-hundredths of one percent).  In the event of a breach or violation, ScanSTAT staff is trained to follow processes to meet all documentation requirements as dictated by HIPAA.  A sampling of documented HIPAA sections from the ScanSTAT Manual are:

HIPAA Overview

Privacy Rule & Security Rule

Personnel Officers

Breaches and Violations

Policies, Training and Acknowledgements

This comprehensive material is made available to ScanSTAT staff.  Some of our processes are proprietary, but our team will strive to answer all of your questions and share best practices as best we can.  Below you will find a sample of topics covered in our best practices documentation.

Legalities of a Medical Record Set                            Subpoenas

Deceased/Signature Other than Patient                 Worker’s Compensation

Restricted/Limited Requests                                      Affidavits

Components of a Compliant Authorization           Depositions

ScanSTAT processes are designed to work toward providing efficient, high-quality and compliant service to our clients and their patients.  As a result of our 24-hour turnaround time, ScanSTAT clients experience a substantial decline in status inquiries and can remove the responsibility of managing third party requestors.

The 24-hour turnaround time has also led ScanSTAT to establish strong working relationships with third party requestors.  In many cases, a request is tasked to ScanSTAT and reaches the requestor on the same day.

ScanSTAT is able to guarantee the quality and accuracy of the records retrieval services performed on behalf of clients because of our audit process. The ScanSTAT Review of Request Checklist is constantly updated with the latest HIPAA compliance information. A high-level view of ScanSTAT audit procedures include:

  1. Patient name on the request matches the patient name on the first and last page plus 20% of pages in the copied file. Each request is audited at 2-3 different stages (dependent on the requested method of delivery including mail, electronic, etc.) throughout our audit process and the record is audited at 20% at each stage.  HIPAA states that compliant audit procedures must meet “reasonable” standards.  After years of auditing records, ScanSTAT has learned that an audit rate of 100% requires an “unreasonable” commitment of resources without the guarantee of increasing accuracy.  Industry experts also agree that 20% audit rate is a best practice.
  1. Date of birth on the request matches the date of birth provided on the first and last page of the copied file.
  1. The fax number matches the fax number on the request form. If staged for printing, mailing or email the indexed address is also audited.

ScanSTAT audit procedures are all focused toward the transfer of correct information to the correct location on time, every time.