We sell a drug by the dose and need to provide invoices to the hospital with the patient name for each dose so that they can get reimbursed. Does anyone know what steps to take to comply with HIPAA in terms of storing patient data? We are using NetSuite. Thanks.
How to ensure HIPAA compliance for invoicing
Answers
Use a secure email solution.
I'd suggest you ask your VAR/implementation team to advise you.
Is the patient data limited to first/last name or do you need to include other PII (personally identifiable information) like SSN or DOB?
I'd also examine internal policies and controls over who gets to see/edit patient data as it is more than just a system thing.
Something tells me you need an overall compliance audit....not just on the invoicing side.