The Changing Healthcare Workforce - Healthcare Issue Briefings from Modern Healthcare
Modern Healthcare Information Technology
-
Upload
jeffrey-paulette -
Category
Business
-
view
1.061 -
download
2
description
Transcript of Modern Healthcare Information Technology
![Page 1: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/1.jpg)
Opportunity Knocks:
Modern Healthcare
Information Technology
![Page 2: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/2.jpg)
Agenda
• HITECH/EHR Overview
• HITECH/EHR Services & Solutions
• Health Information Technology Risks
• ANSI PHI Project
![Page 3: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/3.jpg)
HITECH/EHR Overview
HITECH/EHR Overview
HIPAA & PHI Data Breaches
Enforcement Updates
![Page 4: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/4.jpg)
HITECH/EHR Overview
• HC IT Project Drivers: Incentives
ARRA HITECH – ―EHR … by 2014‖
Nationwide HIT infrastructure
Meaningful Use HIPAA security requirements
Changing EHR MU Stage 2 & 3 requirements
Upcoming ACO requirements
• HC IT Project Drivers: Sanctions
PHI breach notification
HIPAA enforcement
![Page 5: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/5.jpg)
5
HIPAA and PHI Data Breaches
• Ponemon Institute: Data breaches cost hospitals nearly $6
billion/year1
• Medical-related data breaches listed in Privacy Rights
Clearinghouse2
116 breaches listed in 2007-2008
229 breaches listed in 2009-2010
• 86% of large-hospital employees surveyed believe the number of
data breaches discovered will increase under HITECH3
• The Department of Justice secured ―$2.5 billion in health care
fraud recoveries—the largest in history,‖ for the fiscal year
ending 9-30-20104
1- Source: Benchmark Study on Patient Privacy and Data Security, November 9, 2010, Ponemon Institute LLC.
2- Source: http://www.privacyrights.org/
3- Source: 2009 HIMSS Analytics Report:―Taking a Pulse on HITECH, Are Hospitals and Business Associates Ready?‖ November 17, 2009.
4- Source: Department of Justice, November 22, 2010, http://www.justice.gov/opa/pr/2010/November/10-civ-1335.html
![Page 6: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/6.jpg)
Enforcement Updates
HIPAA Sanctions
• Periodic HHS CE & BA HIPAA Compliance Audits
• Violations range from $100 to $1.5 million (willful neglect)
• Extends criminal penalties to individual or employee of CE
• State attorneys general can file civil suit on behalf of residents
![Page 7: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/7.jpg)
Enforcement Updates
OCR Commitment to HIPAA Enforcement
Program Increases
• Regional Office Privacy Advisors (+$2.283 million)
• Enforcement of the HIPAA Security Rule (+$1 million)
• Investigation of the HITECH Breach Reports (+$1.335 million)
• Compliance Review Program (+$1 million)
![Page 8: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/8.jpg)
Enforcement Updates
HIPPA Enforcement Activities
• Cignet Health, 2011: $4.3 million – Denying access to medical records & refusing to cooperate with OCR investigation
http://www.hhs.gov/news/press/2011pres/02/20110222a.html
• Massachusetts General Hospital Settles HIPAA Violations, 2011: $1 million – Documents left on subway by employee
http://www.hhs.gov/news/press/2011pres/02/20110224b.html
• Health Net, 2011: $55,000 + mandatory data-security audit 2 years – Lost portable drive & misrepresentation of risk
http://www.healthdatamanagement.com/news/breach_hipaa_privacy_security_hitech_lawsuit-39645-1.html
• Rite Aid, 2010: $1 Million – Poor disposal practices http://www.hhs.gov/news/press/2010pres/07/20100727a.html
![Page 9: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/9.jpg)
HITECH/EHR Services &
Solutions
EHR Related Services BKD Provides
![Page 10: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/10.jpg)
10
HITECH/EHR Services & Solutions
Outsourced Project Management
• Assist management with development of project plan to manage all phases of EHR
implementation project
• Assist management with overseeing project milestones
• Periodic project status & project risk reports
EHR System Selection
• Assist management with identifying & evaluating an EHR-compliant system
• Demonstration scorecards—basis for purchase decisions
• Total cost of ownership—three-year estimates that include software, equipment &
implementation fees
EHR Readiness Assessment
• IT & infrastructure inventory
• EHR current capabilities assessment
• IT Governance & process maturity measurements
• Security compliance assessment
![Page 11: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/11.jpg)
11
HITECH/EHR Services & Solutions
ARRA Reimbursement Analysis
• Develop reimbursement projections
• Develop multi-year cash flow analysis mapping EHR project timeline with federal
funding timeline projections
EHR Meaningful Use Attestation Assistance
• Review meaningful use objectives management has decided to report against
• Develop audit procedures to determine if selected objectives are being met
• Provide findings & recommendations based on executed audit procedures
HIPAA Data Security & Privacy Assessment
• Data-flow analysis
• Risk & control identification
• IT Governance & process maturity measurements
• Control design & effectiveness testing
![Page 12: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/12.jpg)
Health Information
Technology Risks
Understanding HIT Data-flow
Risk Associated with Clinical Systems
Expanded Audit Procedures
![Page 13: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/13.jpg)
13
Health Information Technology
Risks
• Developing clinical system & sub-system
inventory
• Understanding flow of data in a healthcare
system
• Identifying risks & controls
![Page 14: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/14.jpg)
14
Health Information Technology
Risks
![Page 15: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/15.jpg)
15
Health Information Technology
Risks
![Page 16: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/16.jpg)
16
Health Information Technology
Risks
![Page 17: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/17.jpg)
17
Health Information Technology
Risks
Expanded HIT Audit Procedures
• Data-flow analysis
• Computer Assisted Audit Techniques (CAAT)
• Evaluating security at clinical system level
• Evaluating intermediary data repositories &
job scheduling/data integration systems
![Page 18: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/18.jpg)
ANSI/Shared Assessments
PHI Project
Report & tools valuing financial impact
of unauthorized disclosure of protected
health information (PHI)
![Page 19: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/19.jpg)
19
ANSI/Shared Assessments PHI
Project
http://www.ansi.org/standards_activities/standards_boards_panels/idsp/protected_health_information.aspx
![Page 20: Modern Healthcare Information Technology](https://reader033.fdocuments.us/reader033/viewer/2022052820/5479b71cb479599a098b4804/html5/thumbnails/20.jpg)
Thank You
Matt Lathrom, CISM, CISA, MCP
Managing Consultant
BKD IT Risk Services
816.221.6300