Regulatory Commitment

Blue Cliff approaches regulatory requirements with a focus on the protection of patient privacy, data integrity and system security. In establishing procedures for data collection, storage and dissemination, Blue Cliff will work with each client to first identify the HIPAA-defined designated record set (DRS) and the legal health record which is a subset of the DRS. FOIA VistA and its derivatives provide secure, reliable, real-time access to patient health information, where and when it is needed to support care, that meets regulatory requirements. Blue Cliff is committed to provide solutions that meet the evolving healthcare regulations affecting use of EMR systems.

The two main rules of HIPAA are 1) the Privacy Rule regarding safeguards to protect health information (PHI) and the 2) the Security Rule that defines administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of electronic protected health information. VistA software provides confidentiality and security controls that support HIPAA standards, including unique user ID’s and passwords, an automatic log out feature, role-based access for security controls, and electronic signature required for approval of orders. In addition, VistA and its derivatives offer the ability to limit access to sensitive patient information and an audit trail capability for tracking access to patient data. To ensure that the system continues to meet changes, the VA issues patches. Blue Cliff will work closely with each client, providing training to meet and maintain HIPAA compliance with timely patch updates.