This post is all about IVF patient satisfaction and HIPAA Compliance! We provide you with a month’s schedule of specific quality assurance activities to keep your IVF lab compliant with FDA Title 21 Code of Federal Regulations (CFR) Part 1271 and College of American Pathologist inspections. In the month of November, we will tackle CAP Checklist items GEN.20335- Customer Satisfaction and GEN.41303- Patient Confidentiality, and provide background on HIPAA and CAP requirements.
Remember to start each month’s quality audit off by opening the ART Compass mobile app or web platform and navigating to Surveys -> IVF Lab Quality Playbook and then marking each activity as “in progress” before assigning the monthly survey to your staff. When taking your quality systems from good to great, this is a GREAT way to perform a staff- training activity, and document and ensure quality audits are performed continuously throughout the year and not just before an inspection!
To satisfy CAP requirements, your IVF laboratory must measure the satisfaction of clients (e.g., healthcare providers, patients, referring laboratories, nurses) for IVF laboratory services every two years (minimally). The laboratory must also ensure that internal and external storage and transfer of data maintains patient confidentiality and security. Written procedures must address patient confidentially during transfer of data to external referral laboratories or other service providers. This must include cloud based computing (eg, for storage of confidential data). Lastly, the IVF laboratory must audit compliance with the procedures at least annually.
The College of American Pathologists says “Satisfaction metrics are important for understanding the needs of clients to improve laboratory services. Experience has shown that surveys are more informative if they are conducted anonymously and allow for open ended comments. The sample size should be adequate. A numeric satisfaction scale allows for calculation of statistics.”
Is your IVF lab following these recommendations for IVF patient satisfaction?
Is your IVF patient experience data actionable?
Staying on top of patient service issues is challenging, even with a well-equipped patient experience team. Most healthcare organizations use traditional paper surveys to track and monitor patient satisfaction metrics, but cutting-edge IVF Practices, healthcare administrators, and chief experience officers need real-time insights that are tied to patient experience goals. IVF clinics often operate on the narrowest of margins, which means losing even one patient over poor customer service is one too many! Complicating matters, most IVF clinics still use traditional paper surveys to track and monitor patient satisfaction metrics, putting them at a huge disadvantage in terms of identifying service recovery opportunities. Some IVF clinics may even intentionally make it difficult or unappealing for the customer to provide feedback with inaccessible surveys that are difficult to access or time consuming to fill out.
The ART Compass platform makes it easy for patients to provide real-time feedback — and even easier for fertility doctors (reproductive endocrinologists and infertility specialists or REIs) to improve service and IVF patient satisfaction based on this feedback. The ART Compass patient app includes intake forms, satisfaction surveys, and other types of surveys for patient education and shared decision making with physicians. Critically, this shifts the focus onto the patient and promotes a culture of service excellence.
The goals of patient satisfaction are;
Higher patient satisfaction and loyalty
Staff see how better experience impacts their role
More informed patient decision-making
Enable continuous improvement
Leverage evidence-based frameworks
Showcase your comprehensive commitment to healthcare data security with the ART Compass platform!
What is HIPAA and what is its purpose? HIPAA, the Healthcare Insurance Portability and Accountability Act, was signed into law on August 21, 1996. HIPAA’s overarching goal is to keep patients’ protected health information (PHI) safe and secure, whether it exists in a physical or electronic form. HIPAA was created to improve the portability and accountability of health insurance coverage for employees moving between jobs. HIPAA was also created to deal with waste, fraud, and abuse in health insurance and delivery of healthcare, as well as to promote the use of medical savings accounts, provide coverage for employees with pre-existing medical conditions, and simplify the administration of health insurance.
HIPAA’s goal is to keep patients’ protected health information (PHI) safe and secure, whether it exists in a physical or electronic form. If your company stores or processes any sort of PHI, you must be HIPAA-compliant. To become HIPAA-compliant, your company must establish clear policies and procedures for how you manage PHI. The HIPAA Privacy Rule requires all Covered Entities to have a signed Business Associate Agreement (BAA) with any Business Associate they engage with that may come in contact with PHI. Every IVF Lab has risks. Take some time to identify the unique risks for your IVF Lab and the patients whose PHI you process, describe their cause, and outline steps you’ve taken to lessen their potential impact.
Your IVF Lab will want to develop and implement a system for tracking policies, processes, procedures, documents, and related compliance materials. Your goal is to maintain compliance with HIPAA’s various component elements, to track any changes in ongoing HIPAA regulations, and to establish and maintain organizational processes for gathering compliance metrics.
Achieving HIPAA compliance isn’t a matter of proving the IVF lab’s adherence to a single static standard. HIPAA’s rules and requirements are intentionally broad and flexible to accommodate the range of types and sizes of covered entities and business associates that create, access, process, or store protected health information (PHI), and that must thus comply with HIPAA.
The ART Compass HIPAA Promise
Cloud environments are widely used across the United States to store PHI. At ART Compass, we only use Amazon Web Servers and products that are HIPAA compliant, Amazon provides extensive documentation for their HIPAA Compliant products.
There are many features built into ARTC for security- for example the “admin” account type provides Human Resources functions to immediately cut off staff access in the event of untimely separation. We also require that laboratory staff accounts to be accepted by the IVF lab director, and all email accounts must be verified. Our mobile apps leverage smartphone biometric technology- either thumbprint or Face ID, couples with “automatic timeouts” to further ensure privacy.
On the patient app side, patients will invite their own partner to join the medical record. A “One Time Password” (OTP) is sent to the partner via email, which must be authenticated by adding the email of the patient. Additionally, we provide a “separate records” feature in the event a couple must separate their medical records.
ART Compass sends data to the database using the REST API. The REST API was developed with the laravel framework. Protecting patient data at this point of transmission has been identified as a critical factor, so for this we use the “Passport authentication” method in laravel to authenticate the information, while avoiding security threats during data transfer. Statistical reports will also be visible in the administrative panel, access to which is controlled by login and authentication that has also been developed in the laravel framework.
The ART Compass Database is also protected with encryption techniques so that the raw values of the database cannot be decoded, including passwords. A MySQL database provides security by default, and data is transferred using “Passport” as an authentication technique allowed by HIPAA.
We provide a standard Business Associate Agreement for compliance with HIPAA Rules and Regulations (in your app under Settings -> Legal Agreements).
One Month Schedule of Patient Satisfaction and HIPAA related IVF Lab QA Activities
Start each month by answering “In Progress” to each question, then assign this survey to junior staff using the “assign” button. This will document both continuing education and quality assurance activities.
|Proctor patient satisfaction surveys||Easily collect data with the ART Compass Patient App!|
|Compile results of surveys and distribute to relevant departments||Review positive and negative feedback. Define actionable goals,|
|Review incident or occurrence reports relating to HIPAA compliance||Ensure that staff know what constitutes a HIPAA breach, and how to document and report a breach. Quality systems should track security incidents, document, and report all breaches.|
|Referral Providers Satisfaction Surveys||Survey the Physicians who refer patients to the IVF practice. Do they have any valuable feedback to ensure high levels of patient care?|
|Review the U.S.Dept of Health and Human Services Office for Civil Rights Audit Protocol||Perform a readiness assessment and evaluate your IVF lab’s security processes. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html|
|Schedule annual HIPAA training for all employees.||Distribute HIPAA Policies and ensure staff read and attest to their review. (you can use ART Compass to document yearly policy sign off activities.|
|Assess HIPAA Knowledge with the ARTC HIPAA Survey.||Assign staff the HIPAA Compliance survey (continuing education) to document employee processes, training, and attestations|
|Build a year-round risk management program to continuously assess risk.||Understanding the ins and outs of HIPAA compliance means understanding the costs or non-compliance and integrates continuous monitoring to manage the risks of non compliance.|
|Occasionally, contractors (ATime or Puah) will have access to patient data.||Ensure that any contractors have signed a BAA or NDA.|
|Institute an annual review process, with the ARTC IVF Lab Digital Playbook!||Annually assess compliance activities against HIPAA rules, and updates to HIPAA.|