1 / 17

Helping Santa Cruz Providers with Meaningful Use & HIPAA Privacy & Security January 2013

Helping Santa Cruz Providers with Meaningful Use & HIPAA Privacy & Security January 2013. Mission. To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community.

mandar
Télécharger la présentation

Helping Santa Cruz Providers with Meaningful Use & HIPAA Privacy & Security January 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Helping Santa Cruz Providers with Meaningful Use & HIPAA Privacy & Security January 2013

  2. Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance, guidance and information on best practices to providers with the goal of creating a healthcare delivery system that offers a seamless, integrated experience for patients and providers.  Provide services and tools to participating healthcare providers to become meaningful users of EHRs connected to the Santa Cruz Health Information Exchange. Theseare foundational for Accountable Care, Clinical Integration, Medical Home Model and surviving payment reform as independent physicians

  3. What Is Privacy & Security and Why Does It Matter? Privacy refers to patients’ health information and their right to have that information kept confidential. Security refers to the storage, use and electronic exchange of patient health information in a secure environment. Protecting patients’ privacy and securing their health information is a core requirement for the Medicare and Medicaid Electronic Health Records (EHR) Incentive Program referred to as “Meaningful Use Program” (MU). All Providers must comply with HIPAA, not just those with EHR’s or seeking MU incentives

  4. 2013 HIPAA Final Rule On January 17, 2013, the Department of Health and Human Services (HHS) issued a final rule modifying the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Enforcement rules, including changes required by the Health Information Technology for Economic and Clinical Health Act (HITECH Act). The rule contains sweeping changes to privacy regulatory requirements which are intended to improve protection and control of personal health information. 4 main topics changed in this final rule: • Business associate obligations. – A BA is now defined as any person that Creates, Receives, Maintains or Transmits PHI. New template available March 2013 • Enhanced protections for PHI – Limitations on use of disclosure for marketing & fundraising • Expanded individual rights – Patients have the right to electronic copies f PHI, and the right to RESTRICT PHI to health plan where the patient has paid out of pocket. • Enhanced penalties and enforcement – Penalties are capped at max of $1.5 per violation • Modified breach notification protocol – Entities no longer have discretion in deciding whether an incident was a “breach”. You must report The Final Rule is effective on March 26, 2013, and compliance is required by September 23, 2013

  5. Who is responsible for Privacy and Security? Your practice is responsible for taking the steps needed to protect the confidentiality, integrity and availability of health information, to comply with HIPAA Policies that are already in place, and to comply with CMS Meaningful Use Requirements.

  6. Health Information Exchange To facilitate the electronic exchange of patient information a secure and professionally maintained internet connection is a necessity, not an option. To gain patients’ trust, it is important to ensure that all security measures and policies are up-to-date and enforced.

  7. Examples – Don’t become a headline – “small breaches” • Surgeons of Lake County – Server taken over • Billing service recycles paper PHI – Doctors fined $140K • Hospice of North Idaho – Laptop stolen $50K fine • Common Themes • “did not adequately implement sufficient protections to ensure security of electronic protected health information” • “failed to manage business associate relationships”

  8. Conclusion • Build and manage infrastructure. • Departmentalize staff & set security levels. • Manage vendor relationships; have BAA’s when required (new laws effective 2013), audit annually. • Develop security awareness programs and training, repeating regularly. Keep documentation for audit purposes. • Each Practice MUST have a Privacy AND a Security Officer – and they must fulfill their responsibilities • Anticipate and Address Patient Privacy Concerns.

  9. MU Core Measure 15 To fulfill requirements for Stage 1 Meaningful Use EP’s needed to attest they have met certain requirements regarding use of the EHR for patient care. The attestation for Core Measure 15 is a confirmation, on the part of the EP, that those requirements have been met. CMS is actively conducting audits on information systems (IS) to ensure those requirements have been successfully met and documented. You are required to conduct a security risk analysis, implement security updates and identify security deficiencies.

  10. Self-Assessment Security Audit Tool • CalOHII provides several unique tools to help California patients, providers, and health information organizations understand secure exchange of health information. • There is a very valuable FREE tool available to you to perform a self-security audit. • The HIPAA Security Toolkit is designed to assist medium to small providers with understanding HIPAA security standards requirements and for them to ascertain their organization’s HIPAA security needs. • Click on the link • Create a user account • Allow approximately. 1-2 hours to complete • Review report. You will be able to go back into the system and update your answers as you identified gaps and develop processes, policies and procedures.

  11. Resources It is highly recommended that you conduct a security self-audit. CalOHII has a free tool available to guide you through the process and provide you with reports which allows you to save and update as you correct areas of compliance concerns. https://www.ohii.ca.gov/securitytool/downloads/CalOHII_HSR_User_Guide.pdf http://www.ohii.ca.gov/calohi/PrivacySecurity/ToolstoHelpYou.aspx Other resources available: Health Information Privacy, Security, and Your EHR: http://www.healthit.gov/providers-professionals/ehr-privacy-security Communicating with your patients about health information privacy: http://www.healthit.gov/patients-families Healthcare Info Security: http://www.healthcareinfosecurity.com

  12. Local resources • Public Website with the entire series of webinars and documents in February • PMG “Blue Portal” • PMG Technology Support 465-7877

  13. What’s Next? CHEQ Interface Grant Announcement – Webinar Mon, Feb 4, 2013Choosing an EHR – Webinar Fri, Feb 15, 2013Direct Messaging – Webinar Tues, Feb 19, 20132013 PMG Electronic Citizenship – Webinar, Thurs, Feb 28, 2013

  14. Questions?

  15. Thank you for attending ! Please complete the survey that you will be receiving shortly We welcome your feedback and comments! Contact: info@pmgscc.com PMG IT Depart. 831-465-7877

More Related