HIPAA Compliance Tools
NNM offers a number of tools to assist the organization in complying with the HIPAA Privacy and Security Standards. In addition to the features noted below, NNM provides a unique information event tracking feature. This tool allows the organization to store a record of all events related to the release of protected data for a particular patient. Events such as notification of privacy rights, authorized disclosure of information, and requests for changes to the patient record can all be tracked. The other HIPAA-related features are listed below.
Each user has a unique User ID and password. The password is encrypted and cannot be viewed even by the system administrator. Users can modify their passwords as needed.
Each attempted access to the system is tracked. For authorized users, their time of login and logout is tracked. Unsuccessful attempts to login are also tracked noting the time of the attempt and the reason for the failure. Reports can be generated to show all system access activity.
Each user has an assigned security level which defines the allowed activities within NNM. Users can be limited to view-only, clinical data edit only, or a master level of full administration of codes and users.
Each user has an assigned job category (e.g.: administrative assistant, medical student, nurse, resident, attending, etc). Signing authorities can be established between these job categories that define which job type can sign a note created by another job type. In all cases, a history of who created the note and who signed the note is kept.
Update logging and Audit Trails
Every record that is entered into NNM is tagged with the User ID of the person who added the data along with the time it was entered. If data is changed, an audit trail record is saved which records the original data and the changed data and also notes the User ID and the time of the change.
After a user-defined time period of inactivity, NNM will lockout entry of data and display a screen that blocks a view of the data displayed on the screen. In order to return to their work, the active user needs to re-enter their ID and password. In key locations, the user also has the option of pressing a button to display the lockout screen in order to block view of patient data if they need to leave their workstation temporarily.