Blog

How Nym Health is Able to Provide a HIPAA Compliant Solution Using AWS

By Adam Rimon

A copy of this post originally featured on the Amazon AWS Blog

The COVID-19 pandemic has sent many industries into disarray, including the industry at the forefront, healthcare. Hospitals had to scramble in order to meet new standards set by the government during the pandemic, which created new limitations on the number of people allowed in indoor spaces at one time.

This restriction alone sent dangerous ripples through the revenue cycles of hospitals. In order for a hospital to get reimbursed for its services, each patient’s visit and their resulting chart must be translated into a series of medical codes which describe the specific diagnoses and procedures administered. This is no easy feat given that there are about 70,000 codes in the ICD-10 manual. In order to accomplish this, the charts from each visit are handed off to one of tens of thousands of medical coders, many of whom live and work outside of the United States.

All medical coding must be compliant with the Health Insurance Portability and Accountability Act (HIPAA) which has strict digital privacy rules in order to protect patient health information (PHI). For such services based outside of the US to be HIPAA compliant, employees must work in a secure and supervised office environment, on monitored computers that ensure no leak of PHI is possible. These offshore offices shut down once lockdowns were set in place.

So, what are hospitals to do if they want to get reimbursed? In early February of 2020, hospitals were already hemorrhaging money when patients delayed their non-emergency medical procedures, and they needed to act fast.

The Most Painful Pain Point

“In the middle of making this investment, we were hearing pretty consistently from health systems that coding is, if not their top pain point, a top pain point,” said Ben Robbins, who is both a doctor of psychiatry and partner at GV (formerly Google Ventures) in a recent meeting. Medical coding is time-intensive and hyper-specific, so accuracy is difficult and expensive to achieve manually even more expensive when mistakes are made.

The offshore method for coding medical charts left some health systems hanging, and disintegrated once the pandemic struck because it was a service with HIPAA compliance tacked on as an afterthought. The result was hospitals not getting reimbursed for days. At Nym, HIPAA compliance is built into the DNA of our autonomous medical coding solution, and designed to tackle every angle of this specific pain point by ensuring trust and security at all levels.

What is Nym, and How Does it Engineer Trust?

Nym autonomously codes medical charts in a few seconds with 98% accuracy, delivering results with an efficiency never achieved before. In contrast, outsourcing the medical coding task means it can take weeks after a physician’s appointment for a human coder to get to it in their queue and code the chart manually (with varying degrees of reliability). Previous solutions used black-box Machine Learning models to suggest coding solutions which were highly data-dependent and were unable to justify to auditors the choices made and why. Nym’s accuracy is ensured thanks to our method of Clinical Language Understanding (CLU), combining curated linguistic and clinical knowledge to produce understanding of medical records. This is demonstrated by complete audit trails so physicians and insurers can see exactly how and why we coded charts a specific way.

When doctors entrust charts to Nym to be coded autonomously, they can feel at ease knowing their patient’s information is safe, never having to be seen by other people for coding purposes. Without human eyes on patient health information (PHI), Nym’s service is also more HIPAA compliant and less likely to lead to a security breach.

Nym_Health_Data_Flow_Chart

Nym chose AWS as its cloud platform and HIPAA compliance partner for many reasons. For example, medical coding is seasonal. Hospital visits jump around the holidays and school breaks, and AWS provides the scalability to accommodate the seasonal highs/lows as well as unforeseen events, like pandemics. As a fault-tolerant cloud computing platform with an emphasis on site selection and redundancy, hospital technologists know they can rely on AWS even in the event of a failure, for it would not be catastrophic.

Providers feel more secure with our technology in their hands because all PHI is encrypted with the strongest government-approved algorithm in the industry, Advanced Encryption Standard (AES) with 256-bit keys (AES-256), which would take “at least a trillion years to break using current computing technology” according to AWS General Manager Ken Beer. Just because PHI is so well encrypted does not mean it should be stored forever though. All types of digital health information must adhere to strict retention policies which dictate their mandatory length of time in storage, and date of disposal. The purge mechanisms provided by AWS, such as S3’s object expiration and Amazon Glacier’s archiving capabilities, ensure proper records management.

Furthermore, and this is key: because Nym’s technology runs on AWS, which is based in the US, and all our providers are also US-based, patient health information never leaves the borders of the United States, exponentially reducing risks and ensuring Nym’s compliance with HIPAA data-storage regulations.

Moving Forward

HIPAA set a groundbreaking precedent for patient privacy and security in the United States, and technologies must be engineered with trust from the beginning in order to stay relevant and adaptable in an ever-changing medical landscape. Insurance company guidelines are being updated all the time to protect patients and strengthen outcomes, as well as protect themselves from fraud, so providing audit trails is a great way to both keep and strengthen trust.

AWS proved to be the best infrastructure for Nym because it provides capabilities and services that allow us to address compliance with ease and confidence. With privacy and security built into the foundation of Nym’s products, Nym is able to mitigate major compliance concerns by eliminating the need to expose patient health information to people. Finally, with the speed and accuracy provided by Nym’s autonomous medical coding, hospitals can lower costs, ensure payment in a punctual manner, and increase financial security at a time when little financial security is to be found.


About Adam:

Formerly a researcher, developer and tech leader in unit 8200 of the Israeli Intelligence Corps, Adam went on to lead an R&D team in CyActive and then head of product in PayPal. Adam is an accomplished computational linguist with dedication to solving natural language understanding problems and developing innovative healthcare technologies that help healthcare providers improve their service.

Be the first to know!

Subscribe to our exclusive mailing list and get the freshest stories from the Lemonade team

See it in action