In 1996, HIPAA, the Health Insurance Portability and Accountability Act was enacted to help streamline healthcare transactions while also upholding patients' rights to privacy. In order to achieve HIPAA compliance your practice must implement both organizational and technological changes that provided for these requirements.

Therefore, it is important to provide a system that is not only customizable, accessible and easy to use, but also one which is secure. The Surgery Works^TM system accommodates all of these needs through the ability to limit its access to the local network or through encrypted channels such as SSL.

Additionally, the system also limits access through user based authentication where each user needs to be granted access and where each user name requires the end-user to setup their own password rather than one which is assigned and then written down on a piece of paper.

The Surgery Works^TM system allows for four distinct levels of access:

System Administrator: This user has full control of the Surgery Works^TM programs. They can create users and assign them any of the levels listed here and they have full control of the system administration screen.

Surgery Supervisor: This user can add new patients, schedule new surgeries and do everything except have control to the system administration menu.

Surgery Editor: This user cannot add new patients but can make changes to patient profiles and surgery items (scheduler, pre-op testing, and post-op testing) and can run any of the report options.

Surgery Reader: This user can print out reports from the system or review any surgery checklist or patient profile. The Surgery reader cannot make any changes.

HIPAA
The Health Insurance Portability and Accountability Act of 1996, also known as HIPAA, is considered the most significant healthcare legislation passed in years. Designed to both streamline healthcare transactions and uphold patients' rights to privacy, the law contains several major sections. These sections include rules, each with different compliance dates, on electronic transactions, national identifiers, patient privacy and data security. All healthcare organizations that maintain or transmit electronic health information must comply, and there are severe civil and criminal penalties for those that do not. For more information on HIPPA, see the following website: http://aspe.hhs.gov/admnsimp/