Post on 07-Jul-2020
MU Security Objectives
Direct Messaging
Questions
Meaningful Use Webcast
October 3, 2013
Security’s Importance to Meaningful Use
The Security Objective
Satisfying the Objective
Security Mechanisms in the EHR Software
Meaningful Use Webcast
MU Security Objective
October 3, 2013
• Patient’s Privacy
• Trustworthiness
• Interoperability Goals
How Important is Security?
• EH / CAH -> 42 CFR §495.6(l)(15)
• EP -> 42 CFR §495.6(j)(16)
Core Objective
Meaningful Use Webcast
MU Security Objective
October 3, 2013
• Protect electronic health information created or maintained by the CEHRT through implementation of appropriate technical capabilities.
The Objective
• Not Percentage-based
• Satisfied through attestation
Items to Note
Meaningful Use Webcast
MU Security Objective
October 3, 2013
• Conduct or review a security Risk Analysis in accordance with the requirements under 45 CFR 164.308(a)(1) including addressing the encryption / security of data stored in the Certified EHR Technology in accordance with requirements under 45 CFR 164.132(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct any identified security deficiencies as part of the EH’s, CAH’s or EP’s Risk Management process
The Measure
Meaningful Use Webcast
MU Security Objective
October 3, 2013
• All EHs, EPs, and CAHs must conduct (or review a previous SRA) per HIPAA Security Administrative standard during the attestation period.
• Address the Security / Encryption of Data stored and in use in accordance with HIPPA Technical Standards.
• Implement security updates as necessary
• Correct any identified security deficiencies as a part of the risk management process.
What is being asked by CMS?
Meaningful Use Webcast
MU Security Objective
October 3, 2013
• When should the SRA be conducted?
• We already perform one yearly as a part of our hospital policy, do we have to do another or does that one count?
• Do all findings need to be mitigated by the end of the attestation perioed?
• How do you conduct a security risk analysis?
Questions Frequently Asked of CPSI
Meaningful Use Webcast
MU Security Objective
October 3, 2013
• National Institute of Standards and Technology (NIST)
• Assessing Risk – A Path to Action www.trubridge.net/webinars
How to conduct a Security Risk Analysis
Meaningful Use Webcast
MU Security Objective
October 3, 2013
Risk Management
Risk Analysis
Data Gathering
Control Assessment
Planning
Implementation
Monitoring
The Assessment Process
Risk
Identification
Source: Assessing Risk: A Path to Action
MU Security Objective
Implementation Monitoring
MU Security Objective
Meaningful Use Webcast
System Screen
Rule Based Security
Data Encryption
Employee Log
Patient Log
October 3, 2013
• CPSI Meaningful Use Security Roadmap
• http://www.healthit.gov/providers-professionals/ehr-privacy-security
• ONC’s Guide to Privacy Security and Security of Health Information
• Chapter 2 specifically addresses MU
Where can I find out more?
Meaningful Use Webcast
MU Security Objective
October 3, 2013
MU Security Objectives
Direct Messaging
Questions
Meaningful Use Webcast
October 3, 2013
What is Direct Messaging
Objectives that Incorporate the use of Direct Messaging
Meaningful Use Webcast
Direct Messaging
October 3, 2013
• Requires a HISP (Health Information Service Provider).
• Allows sharing of information in a secure way
Direct Messaging
Meaningful Use Webcast
Direct Messaging
October 3, 2013
•Simple
•Secure
•Scalable
•Standards-Based
Direct Messaging
Meaningful Use Webcast
Direct Messaging
October 3, 2013
Diagram of HISP (Health Information Service Provider)
What is a HISP?
Sender to Sender HISP
Sender’s HISP to Receiver’s HISP
Receiver's HISP to Receiver
Get the Message
Sender’s HISP Receiver’s HISP Push the Message
Routing Information
Directory
Locate the Servers
Push the Message
• Transition/Summary of Care
• View Download Transmit
Objectives Using Direct Messaging
Meaningful Use Webcast
Direct Messaging
October 3, 2013
• Measure A: The eligible hospital that transitions or refers their patient to another setting of care or referral provides a summary of care record for more than 50% of transitions/referrals.
Transfer/Summary of Care
Meaningful Use Webcast
Direct Messaging
October 3, 2013
• Measure B: The eligible hospital that transitions or refers their patient to another setting of care or referral provides a summary of care record for more than 10% of such transitions and referrals electronically (via Direct)
Transfer/Summary of Care
Meaningful Use Webcast
Direct Messaging
October 3, 2013
• Measure C: The eligible hospital must satisfy one of the following Criteria:
• Conducts a successful electronic exchange of measure B with a recipient who has EHR technology designed by a different vendor than the senders OR
• Conducts a successful electronic exchange of measure B with the CMS designated test EHR during the reporting period. (EHR-Randomizer)
Transfer/Summary of Care
Meaningful Use Webcast
Direct Messaging
October 3, 2013
• Contact facilities to obtain Direct Addresses.
• Determine how your facility will exchange information for Measure C:
• Exchange with a facility who was designed by a different EHR Vendor
• Exchange with the CMS designated EHR-Randomizer.
How can I Prepare?
Meaningful Use Webcast
Direct Messaging
October 3, 2013
• Measure A: More than 50% of all unique patients discharged during the reporting period have their information available online within 36 hours of discharge
View, Download, Transmit
Meaningful Use Webcast
Direct Messaging
October 3, 2013
• Measure B (Stage 2 Only): More than 5% of all patients (or authorized representatives) who are discharged view, download or transmit to a 3rd party their information during the reporting period.
View, Download, Transmit
Meaningful Use Webcast
Direct Messaging
October 3, 2013
• Set-Up and Registration of Direct Messaging
• Onboarding and Onboarding Process for an organization.
• Use of Direct Messaging with Non- Certified EHR’s
Future Webcast
Meaningful Use Webcast
Direct Messaging
October 3, 2013
MU Security Objectives
Direct Messaging
Questions
Meaningful Use Webcast
October 3, 2013