Insurance billing involves quite a bit of documentation. It's hard to overstate how quickly patient documents begin to pile up. Without a plan to efficiently track patient documents, a clinic can quickly become disorganized and overwhelmed with administrative work.

Physical vs. Digital Documentation

For a healthcare clinic, there's no way around a little physical document storage. For example, you may need to keep printed copies of tax-related documents, licenses, or certifications. This can be done with minimal paper use (or waste).

Storing patient data is another matter entirely. Patient documentation might include intakes, authorizations, medical documentation (SOAP notes), EOBs, insurance card scans, HIPAA waivers, etc. Most patient documents will never need to be printed, and already-printed documents can be digitized.

Here are some advantages to digital documentation (i.e. scanning documents and storing them digitally):

• Ease of documentation. It's pretty easy to scan, rename, and email documents. Recordkeeping errors can be easily fixed, too.
• Indexing. Make documents searchable by including patient names, document types, and date info in your email subject lines and file names. This a critical recordkeeping practice; we teach our clients to implement it.
• Accessibility. Searching your email system for patient records is faster than looking for physical documents.
• Doesn't take up physical space. Would you get rid of a bulky filing cabinet, if you could?

Do HIPAA guidelines allow digital storage of patient documents in G Suite / G Drive?

Yes, HIPAA does allow it! But you're responsible for compliance, so you'll have to jump through some hoops.

Most importantly, you'll need to sign a Business Associate Agreement (BAA) with any service provider (like Google) you use to store and access patient data.

A full accounting of HIPAA configuration requirements for G Suite / G Drive is available here.

What are some good, basic guidelines for following HIPAA regulatory standards?

• Have your patient sign a HIPAA waiver. A signed HIPAA release grants you permission to transmit PHI (patient health information). You do not have permission to transmit PHI until the waiver is signed. It should specify that you are sending claims, benefit checks, questions about claims, etc. via email.
• When emailing PHI, use an encrypted connection. Never send PHI over a public network.
• Don't use a crappy email service. AOL, Hotmail, and Yahoo are terrible choices. We recommend Gmail / G Suite.
• Use secure passwords. Easy-to-remember passwords are easy to hack. In the event of data theft, an easily hackable password increases your legal and financial liability: you may be fined for using a weak password. Use a password generator to create secure passwords. Check your password strength here.
• Use current data security protocols. When possible, implement 2-factor authentication (2FA). Consider using a password manager like Lastpass or 1password. Acubiller is Lastpass-compatible.
• When you have to send PHI, send as little as necessary. This is called the Minimum Necessary Rule.
• Don't use a phone or tablet to photo and transmit PHI. It's not safe; and if printing is required, the quality will suck. Scan (preferred) or fax. Either will produce high-contrast documents with clear text.