Just clicked an issue this morning to figure out the best way to handle. I talked to a client about their med issues that arose in a life app. No email or document to attach - just documenting the info from the phone call. I started to enter an Activity, like normal, but realized this info is HIPAA restricted. How are you documenting such a transaction and applying the proper security - email to self, then attached? I could do that or put it into a Word document - both with the proper attachment categories.
I believe the easiest way is to have those sorts of things in a separate branch or department that is limited by security to those needing to see. So Life for instance, would be in a different department or branch from personal or commercial.
Acitivities don't have a branch connection, at least not on the activity detail. I don't know if tying it to a policy that's in the L&H branch applies that department's security or not.
Couldn't you create an attachment category for HIPPA and secure it through Security Manager?
Quote from: brinkerdana on December 02, 2011, 01:52:51 PM
Couldn't you create an attachment category for HIPPA and secure it through Security Manager?
Yes, I have those, but what attachment might you use for a phone call? An activity isn't an attachment, so the categories don't apply. I decided to send myself and email, which I attached using a category and sub-category which are set for life business so that security can be applied. Just wondering if there are other ways that people have thought of.
I come from the old days when we created a document for phone call documention, so I went straight for attachments rather than activities.
I used to use memos, but they have the same problem as activities. Activities are long enough now that this could easily have fit in one, but doesn't seem to have the same level of security options.
Use a blank document - save in a HIPAA restricted folder and don't let it drilldown from an activity. I would add an activity referencing the document, but unless it was corrected in a later version of TAM you could drilldown from an actiivity to a restricted attachement - with or without security.
Or - you could convert Epic - you can secure activity notes and attachments at different security levels (HIPAA, Management, etc). ;D