Ademero can support HIPAA compliance when a healthcare organization uses Content Central in alignment with the HIPAA Security Rule and executes a Business Associate Agreement with Ademero when the service involves the creation, receipt, maintenance, or transmission of Protected Health Information on the organization’s behalf.
Content Central by Ademero is a cloud-based document management system used to manage document-intensive processes and workflows when documents contain Protected Health Information. The platform captures documents and files from scanners, network folders, and email accounts, converts them into searchable PDF files, and groups files using administrator-defined values. The PDF files are stored on a secure cloud server and can be retrieved remotely by authorized users.
Content Central supports sharing of documents among authorized users through the platform without external file-sharing services. Content Central can integrate with collaboration and productivity suites such as Microsoft Office 365 and Google Workspace. When integrations are used, the connected services must be configured to support HIPAA compliance, and a Business Associate Agreement must be in place with the third-party service provider when required.
Content Central includes technical safeguards mapped to the HIPAA Security Rule Technical Safeguards at 45 CFR 164.312, including unique user identification, automatic logoff, and emergency administrator access. Documents are encrypted in transit and at rest. Audit controls allow administrators to track logon and logoff activity, file access, and document history events such as edits, copies, and downloads.
Administrators configure user IDs or integrate Content Central with an existing single sign-on solution, apply user permissions, and enable or disable system fields. Ademero has stated that it is willing to enter into a Business Associate Agreement with HIPAA Covered Entities and Business Associates, and the company has indicated flexibility regarding optional clauses and availability to address operational concerns raised by compliance officers or system administrators.
Adopting a document management system also requires operational controls outside the software. When paper records are scanned and converted into digital records, workforce members may perceive reduced access and attempt to bypass safeguards, so workforce training should explain the purpose of the controls and prohibit workarounds. Paper records that have been converted to digital form also require disposal processes that meet HIPAA requirements after scanning is complete.