Last Chance to Review Your Security Risk Analysis
|
|
- Brandon Fox
- 6 years ago
- Views:
Transcription
1 Learning Forum Fridays Countdown to MIPS Data Submission Webinar Series Last Chance to Review Your Security Risk Analysis Emilie Sundie, MSCIS, PMP, CPHIMS Director, Health IT Services Kari Vanderslice, MBA Health Informatics Specialist November 17, 2017
2 To Submit Questions Via Chat Box: 1. Click the [Chat] option at the top right of the presentation. 2. The Chat panel will open. 3. Indicate that you want to send a question to All Panelists. 4. Type your question in the box at the bottom of the panel. 5. Click [Send]. 2
3 Learning Objectives At the completion of this training, the attendee will be able to: Identify required elements of a Security Risk Analysis (SRA). Describe the SRA process. Develop/maintain/provide documentation required to demonstrate compliance. Locate essential tools and resources. 3
4 Acronyms Used In Today s Presentation Acronym ACI ACO CEHRT CMS EHR ephi HIPAA MIPS ONC PHI QPP SRA Definition Advancing Care Information Accountable Care Organization Certified Electronic Health Record Technology Centers for Medicare & Medicaid Services Electronic Health Record Electronic Protected Health Information Health Insurance Portability and Accountability Act Merit-based Incentive Payment System The Office of the National Coordinator for Health Information Technology Protected Health Information Quality Payment Program Security Risk Analysis 4
5 Today s Presenters from Health Services Advisory Group (HSAG) Emilie Sundie, MSCIS, PMP, CPHIMS Director, Health IT Services Kari Vanderslice, MBA Health Informatics Specialist 5
6 SRA Defined An SRA is an ongoing process of discovering, correcting, and preventing security problems. Conducting an SRA is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule. HIPAA Required Ensures Compliance Helps Reveal Areas at Risk 6 Sources:
7 SRA Is a Process, Not a Document Assess Risk Correct deficiencies Implement updates 7
8 SRA: An ACI Base Score Requirement Conducting an SRA is a Base Score requirement under the Advancing Care Information (ACI) category of the Quality Payment Program (QPP). QPP ACI ACI Base Measures SRA 8
9 Attesting Yes to the SRA The SRA measure is a required ACI base measure. To meet the ACI measure, Merit-based Incentive Payment System (MIPS)-eligible clinicians must attest Yes to: Conducting or reviewing an SRA. Implementing security updates. Correcting identified deficiencies. If the measure is not met, the entire ACI score will be zero. 9
10 What is the Actual Requirement? Objective Protect Patient Health Information (PHI) 10
11 2017 SRA Transition Objective and Measure Objective Protect Patient Health Information (PHI) Measure 1. Conduct or review a security risk analysis (SRA) according to 45CFR (a)(1) a. Address security (to include encryption) of electronic PHI data created or maintained by certified EHR technology (CEHRT)* 11 *In accordance with 45CFR (a)(2)(iv) and 45CRF (d)(3)
12 2017 SRA Transition Objective and Measure (cont.) Objective Protect Patient Health Information (PHI) Measure 1. Conduct or review a security risk analysis (SRA) according to 45CFR (a)(1) a. Address security (to include encryption) of electronic PHI data created or maintained by certified EHR technology (CEHRT) 2. Implement security updates 12
13 2017 SRA Transition Objective and Measure (cont.) Objective Protect Patient Health Information (PHI) Measure 1. Conduct or review a security risk analysis (SRA) according to 45CFR (a)(1) a. Address security (to include encryption) of electronic PHI data created or maintained by certified EHR technology (CEHRT) 2. Implement security updates 3. Correct identified security deficiencies 13
14 SRA According to 45CFR (a)(1) Standard Implement policies and procedures to: Prevent Detect Contain Correct security violations. Implementation The implementation specifications require that a security management process be in place. Process is the operative word 14
15 Implementation Elements of a Security Management Process Risk Analysis: Conduct an assessment of electronic PHI (ephi) Risk Management: Implement security measures Sanction Policy: Apply appropriate sanctions against workforce members who fail to comply Information System Activity Review: Regularly review records of activity such as access reports and audit logs 15 SRA According to 45CFR (a)(1)
16 Risk Analysis Required
17 Risk Analysis: Who? Who does it? You or a qualified outside party 17
18 Risk Analysis: What? Who does it? You or a qualified outside party Analysis or review? Analysis upon installation or upgrade Review covering each performance period 18
19 Risk Analysis: Constraints Who does it? HIPAA You or a qualified outside party SRA Analysis or review? Analysis upon installation or upgrade Review covering each performance period Constraints? Unique for each performance period Includes the whole performance period Conducted within the calendar year of the performance period 19
20 Risk Analysis: Identifying Risk Where is ephi? What is the threat/ vulnerability? How likely is it to occur? What is the impact? Impact x Likelihood = Risk Low: Accept Risk/Minimal Action Medium: Respond/Look at Controls High: Take Action Now! 20
21 Risk Analysis: Identifying Risk Where is ephi? What is the threat/ vulnerability? THREAT LIKELIHOOD How likely is it? What is the impact? Impact x Likelihood = Risk IMPACT Low (10) Medium (50) High (100) High (1.0) Low 10 x 1.00 = 10 High 100 x 1.0 = 100 Medium (0.5) Medium 50 x.05 = 25 Low (0.1) Low: Accept Risk/Minimal Action Medium: Respond/Look at Controls High: Take Action Now! 21
22 Use a Tool, Not a Checklist The Office of the National Coordinator for Health Information Technology s (ONC s) SRA tool, for example, will help you to: Identify Standards. Find detailed Implementation Specifications. Consider options. Recognize possible threats. Provides examples of safeguards Document activities and remediation plans. 22 Source:
23 Requirement to Address Encryption Address security (to include encryption) of electronic PHI data created or maintained by certified EHR technology.* Standards are identified as Required or Addressable. Encryption of data is Addressable. 23 *In accordance with 45CFR (a)(2)(iv) and 45CRF (d)(3)
24 Requirement to Address Encryption (cont.) Address security (to include encryption) of electronic PHI data created or maintained by certified EHR technology.* Standards are identified as Required or Addressable Encryption of data is Addressable Options for Addressable Specifications: Implement if reasonable and appropriate Implement an equivalent alternative if specification is unreasonable and inappropriate, and there is an alternative 24 *In accordance with 45CFR (a)(2)(iv) and 45CRF (d)(3)
25 Requirement to Address Encryption (cont.) Address security (to include encryption) of electronic PHI data created or maintained by certified EHR technology.* Standards are identified as Required or Addressable Encryption of data is Addressable Options for Addressable Specifications: Implement if reasonable and appropriate Implement an equivalent alternative if specification is unreasonable and inappropriate, and there is an alternative Document the decision in writing, including factors considered and basis for the decision 25 *In accordance with 45CFR (a)(2)(iv) and 45CRF (d)(3)
26 Risk Management Required
27 Implement Security Measures Establish and implement security measures by: Using SRA findings to identify/track risk remediation. Applying system and security updates as recommended. Risk ID 1 Description Status Responsible Party Risk Rating Mitigation Action Action Date No defined management process for user access re: terminations or change in responsibilities Closed HR - John Phillips Medium Policy for disabling user accounts developed and approved 09/15/2017 HR/IT Training on Policy 09/23/2017 Policy Implemented 10/01/ Media is compromised due to ineffective handling procedures In Progress CIO - Mark Waters High Media Handling Policy reviewed and updated 11/12/2017 Encryption Software for laptops procured 11/25/
28 Sanction Policy Required
29 Sanction Policy It is important to ensure that you have a Sanction Policy in place that: Defines the purpose of the policy. Defines the violations of the policy. Delineates possible disciplinary actions. Is freely available/known to all members of the organization. Sample policies are readily available from government and professional sources. 29
30 Sample Sanction Policy Acknowledgement 30
31 Information System Activity Review Required
32 Information System Activity Review You must implement procedures for regular activity review. Review who, what, when, and actions taken with: Audit logs Access reports Security Incidents Sample uses include: Detection of unauthorized access Tracking of PHI disclosures Demonstrating compliance 32
33 Data Validation Criteria
34 Data Validation for the SRA Measure The Centers for Medicare & Medicaid Services (CMS) conducts an annual data validation and audit process. If selected for data validation or audit, you will have 45 calendar days to complete data sharing, as requested. You must retain documentation related to your QPP participation for six years, including all documentation related to your SRA. Important Note: Failure to meet requirements for the SRA measure has been the most common cause of audit failure. 34
35 Data Validation Criteria Document The Data Validation Criteria document, available through the QPP Resource Library, is the current resource for accessing specific data validation criteria Library/Resource-library.html
36 Data Validation Criteria Document (cont.) The Data Validation Criteria states that documentation needs to be from CEHRT and be inclusive of: Dates during the selected continuous 90-day or year long performance reporting period. Clinician identification, e.g., National Provider Identifier (NPI). Documentation of, at minimum, one patient. Suggested documentation includes: A document assessing potential risks and vulnerabilities (SRA). Evidence that you have addressed encryption/security of data stored in CEHRT, including proof: That an SRA was performed for the clinician s system. Of implementation of security updates and correction of identified security deficiencies 36
37 Examples of Past SRA Criteria Evaluated Appropriate date for the Risk Analysis 37
38 Examples of Past SRA Criteria Evaluated (cont.) Appropriate date for the Risk Analysis Tangible SRA document 38
39 Examples of Past SRA Criteria Evaluated (cont.) Appropriate date for the Risk Analysis Tangible SRA document Tangible risk/remediation register 39
40 Examples of Past SRA Criteria Evaluated (cont.) Appropriate date for the Risk Analysis Tangible SRA document Tangible Risk/Remediation Register Proof of security updates 40
41 Essential Tools and Resources
42 Questions for Your EHR Vendor Ask your vendor these questions: Where is my data stored? How do I access/generate audit logs? What security policies and procedures do you have in place? How can I confirm my software updates? Don t forget other vendors: faxes, copiers, scanning workstations 42
43 Government Resources HHS.gov Guidance on Risk Analysis National Institute of Standards and Technology (NIST) Toolkit NIST HIPAA Security Toolkit Application Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) Tool HIPAA Security Risk Assessment (SRA) Tool (downloadable & paper-based) ONC Health IT Playbook, Privacy & Security Section Other Resources: Professional Organizations, Security Vendors, ACOs 43
44 Revisiting the Value of YES The SRA measure is a required ACI base measure. If the measure is not met, your ACI score will be zero. To meet the ACI measure, Merit-based Incentive Payment System (MIPS)-eligible clinicians must attest YES to: Conducting or reviewing an SRA. Implementing security updates. Correcting identified deficiencies. 44
45 Key Takeaways The important points to remember about SRA are that you must: 1. Assess a. Identify/track threats and vulnerabilities b. Address encryption 2. Implement a. Develop policies and procedures b. Apply updates 3. Correct Deficiencies a. Enforce policies, procedures b. Remediate risks Correct Assess Implement 45
46 HSAG QPP Service Center Available 46
47 QPP Technical Assistance Resource Guide 47 Source: The Centers for Medicare & Medicaid Services
48 Next Learning Forum Friday Event: December 1, 2017 Strategize to Report Your Best Performance For additional event topics and registration information please visit: Topics and dates are subject to change, so please check the webpage for up-to-date information. 48
49 General Resources CMS Quality Payment Program Website Subscribe to the QPP ListServe Medicare Learning Network Learning Management System Booklet (LMS) FAQs Learning-Network-MLN/MLNProducts/Downloads/LMPOS-FAQs- Booklet-ICN pdf Associations Offering Credit for MLN Events and Training Learning-Network-MLN/MLNGenInfo/CE-Associations.html 49
50 CMS and HSAG Announcements Virtual Groups Public Webinar Date: Tuesday, November 21 st Time: 1 2 p.m. ET Registration Link: HSAG MIPS Readiness Professional Certificate Program coming soon! QPP Year Two Final Rule comment period ends January 2, 2018, 5 p.m. ET. For more information visit: 50
51 CE Approval This program has been pre-approved for 1.0 CE unit for the following professional boards: National o Board of Registered Nursing (Provider #16578) Florida o Board of Clinical Social Work, Marriage & Family Therapy and Mental Health Counseling o Board of Nursing Home Administrators o Board of Dietetics and Nutrition Practice Council o Board of Pharmacy Please Note: To verify CE approval for any other state, license, or certification, please check with your licensing or certification board. 51
52 CE Credit Process 1. Register in HSAG s Learning Management Center (LMC) at 2. Once you have registered in the LMC, you must complete the evaluation that will appear in WebEx at the conclusion of the webinar. a. Following the event, please do not close the WebEx evaluation window. You will not be able to access the evaluation and request CE if you close the window. b. CEs are only available to attendees that participate in the live event. c. If for some reason you completed the evaluation and do not have the link to the new user registration, please refer to Step #1 or contact Debra Price at dprice@hsag.com for CE certificate questions. 52
53 CE Credit Process: Existing User To login to your existing LMC account click 53
54 CE Credit Process (cont.) Following the conclusion of the webinar, you will also receive a Thank You for Attending using the address provided during registration. You will be requested to register in the HSAG Learning Management Center (LMC). This is a separate registration from WebEx. Please use your personal so you can receive your certificate. Your organization may have firewalls up that block our certificates. 54
55 CE Certificate Problems If you do not immediately receive a response to the that you signed up with in the Learning Management Center, you have a firewall up that is blocking the link that was sent. Please go back to the New User link and register your personal account. Personal s do not have firewalls. 55
56 HSAG QPP Technical Assistance Line Toll free: Monday Friday 8 a.m. to 8 p.m. ET HSAG QPP Support: HSAGQPPSupport@hsag.com 56
57 This material was prepared by Health Services Advisory Group, Inc., the Medicare Quality Improvement Organization for Arizona, under contract with the Centers for Medicare & Medicaid Services (CMS), an agency of the U.S. Department of Health and Human Services. The contents presented do not necessarily reflect CMS policy. Publication No. QN-11SOW-D
February 9, *Merit-based Incentive Payment System
Countdown to MIPS Data Submission Webinar Series Let the 50-Day Countdown Begin! Ken Hoang, MSIS Denise Hudson, NR-CMA Health Informatics Specialists Health Services Advisory Group (HSAG) *Merit-based
More information22 Days til MIPS Data Submission! Get Ready!
Countdown to MIPS* Data Submission Webinar Series 22 Days til MIPS Data Submission! Get Ready! Christine Lalios Kuykendall, BS, RHIA, CPHQ, IM Health Informatics Specialist Health Services Advisory Group
More informationDenise Hudson, NR-CMA Health Informatics Specialist Health Services Advisory Group (HSAG) August 10, 2018
Countdown to MIPS* Data Submission Webinar Series Preparing for Fall Without Falling Behind Denise Hudson, NR-CMA Health Informatics Specialist Health Services Advisory Group (HSAG) August 10, 2018 *Merit-based
More informationDenise Hudson, NR-CMA Health Informatics Specialist Health Services Advisory Group (HSAG) April 13, 2018
Learning Forum Fridays Countdown to MIPS* Data Submission Webinar Series Spring Into Action Using Your First Quarter Data Denise Hudson, NR-CMA Health Informatics Specialist Health Services Advisory Group
More informationTips in Selecting Quality Measures
Learning Forum Fridays Countdown to Merit-based Incentive Payment System (MIPS) Data Submission Webinar Series Tips in Selecting Quality Measures Ohio Physician Office Team Health Services Advisory Group
More informationImprovement Activities: What You Have To Do
Learning Forum Fridays Countdown to MIPS Data Submission Webinar Series Improvement Activities: What You Have To Do Merit-based Incentive Payment System = MIPS Liem Tran Health Informatics Specialist Health
More information2017 Transition Year Flexibility Advancing Care Information (ACI) Category Options
The Physicians Advocacy Institute s Medicare Quality Payment Program (QPP) Physician Education Initiative 2017 Transition Year Flexibility Advancing Care Information (ACI) Category Options Ad 1 P a g e
More informationMACRA and MIPS. How Medicare Meaningful Use and PQRS are Changing
MACRA and MIPS How Medicare Meaningful Use and PQRS are Changing Link to recorded session: https://attendee.gotowebinar.com/recording/1305549490878052097 Presenting Today: Molly Goodhart Joined Quatris
More informationMeaningful Use 2016 and beyond
Meaningful Use 2016 and beyond Main Street Medical Consulting May 12, 2016 Meaningful use, MACRA, MIPS? Whaaaaat? 1 Reporting Period and Timeline In 2016 all providers are required to use CEHRT versions
More informationIMPLICATIONS OF THE 2018 FINAL RULE FOR SOLO PRACTITIONERS AND SMALL GROUP PRACTICES
1 QUALITY PAYMENT PROGRAM SMALL UNDERSERVED RURAL SUPPORT (QPP SURS) WEBINAR FEBRUARY 20, 7:00 PM ET AND FEBRUARY 22, 11:00 AM ET IMPLICATIONS OF THE 2018 FINAL RULE FOR SOLO PRACTITIONERS AND SMALL GROUP
More informationSevocity v Advancing Care Information User Reference Guide
Sevocity v.12 User Reference Guide 1 877 877-2298 support@sevocity.com Table of Contents About Advancing Care Information... 3 Setup Requirements... 3 Product Support Services... 3 About Sevocity v.12...
More informationMeaningful Use: Today and in the Future VMGMA Spring Conference Richmond, VA March 21, 2016
Meaningful Use: Today and in the Future VMGMA Spring Conference Richmond, VA March 21, 2016 Agenda-Three Timeframes 2015 Meaningful Use: hardship exception process 2016-2017 Challenging Requirements Made
More informationThank you, and enjoy the webinar.
Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some laws. This should not be used as legal advice. Itentive recognizes that
More informationQualityNet Security Administrator Roles and Responsibilities and ecqm Validation Pilot Project
QualityNet Security Administrator Roles and Responsibilities and ecqm Validation Pilot Project Candace Jackson, IQR Lead Hospital Inpatient VIQR Outreach and Education Support Contractor HSAG January 26,
More informationOverview of Quality Payment Program
Overview of Quality Payment Program Policies for 2017 & 2018 Performance Years The Medicare program has transformed how it reimburses psychiatrists and other clinicians for providing services, under the
More informationPBSI-EHR Off the Charts Meaningful Use in 2016 The Patient Engagement Stage
PBSI-EHR Off the Charts Meaningful Use in 2016 The Patient Engagement Stage Please note that this document is intended to supplement the information available on the CMS website for Meaningful Use for
More informationPromoting Interoperability Performance Category Fact Sheet
Promoting Interoperability Fact Sheet Health Services Advisory Group (HSAG) provides this eight-page fact sheet to help providers with understanding Activities that are eligible for the Promoting Interoperability
More informationMeaningful Use Reporting period for 2017: Change: Any consecutive 90 days in 2017 for Medicaid customers only.
Meaningful Use 2017 Reporting period for 2017: Change: Any consecutive 90 days in 2017 for Medicaid customers only. Who needs to report on Meaningful Use for 2017? Medicaid customers who have 30 % Medicaid
More informationMIPS Advancing Care Information: Tips, Tools and Support Q&A from Live Webinar March 29, 2017
MIPS Advancing Care Information: Tips, Tools and Support Q&A from Live Webinar March 29, 2017 Below are questions that were submitted during the Quality Insights Advancing Care Information webinar on March
More informationMeaningful Use What You Need to Know for December 6, 2016
Meaningful Use What You Need to Know for 2016-2017 December 6, 2016 Agenda Overview of Programs Eligibility Requirements Timeframes & Reporting Periods When you need to Upgrade Measures to Meet 2016 &
More informationQuality Innovation Network-Quality Improvement Organization (QIN-QIO) April Update
Quality Innovation Network-Quality Improvement Organization (QIN-QIO) April Update Tara T. McAdoo, MSM Associate Director, Physician Office Quality April 27, 2016 2 Tara T. McAdoo, MSM Associate Director,
More informationMACRA and the Quality Payment Program. Frequently Asked Questions Edition
MACRA and the Quality Payment Program Frequently Asked Questions 2018 Edition What is MACRA?...3 What is the Quality Payment Program?...3 How do payments work under the QPP?...3 What is at risk under
More informationTroubleshooting Audio
Welcome! Audio for this event is available via ReadyTalk Internet Streaming. No telephone line is required. Computer speakers or headphones are necessary to listen to streaming audio. Limited dial-in lines
More informationMEANINGFUL USE 2015 PROPOSED 2015 MEANINGFUL USE FLEXIBILITY RULE
MEANINGFUL USE 2015 PROPOSED 2015 MEANINGFUL USE FLEXIBILITY RULE *Please note, the below guidelines are currently proposed. ASCRS will let you know if and when they are finalized through regulatory alerts
More information2016 MEANINGFUL USE AND 2017 CHANGES to the Medicare EHR Incentive Program for EPs. September 27, 2016 Kathy Wild, Lisa Sagwitz, and Joe Pinto
2016 MEANINGFUL USE AND 2017 CHANGES to the Medicare EHR Incentive Program for EPs September 27, 2016 Kathy Wild, Lisa Sagwitz, and Joe Pinto Agenda Meaningful Use (MU) in 2016 MACRA and MIPS (high level
More informationTHE ECONOMICS OF MEDICAL PRACTICE UNDER HIPAA/HITECH
THE ECONOMICS OF MEDICAL PRACTICE UNDER HIPAA/HITECH Gerald Jud E. DeLoss Serene K. Zeni (312) 985-5925 (248) 988-5894 gdeloss@ szeni@ AGENDA 1. Meaningful Use Incentives 2. HIPAA Enforcement and Compliance
More informationAdvancing Care Information Measures Data Validation Criteria. Reporting Requirement: Yes/No or Numerator/Denominator
Advancing Care Information (ACI) Measure ID ACI Measure Description ACI Measures - Required/Not Required for Base Score ACI_PPHI_1 Security Risk Analysis Conduct or review a security risk analysis in accordance
More informationStatus Check On Health IT
Status Check On Health IT CTHIMA Annual Conference September 17, 2017 Slides Prepared by Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, Connecticut 1 The Future Of Healthcare And Health IT Are Not
More informationMichelle Brunsen & Sandy Swallow May 25, , Telligen, Inc.
MIPS Survive and Thrive: Advancing Care Information Michelle Brunsen & Sandy Swallow May 25, 2017 2016, Telligen, Inc. Objectives Quality Payment Program Updates Advancing Care Information (ACI) Category
More information2017 Transition Year Flexibility Improvement Activities Category Options
The Physicians Advocacy Institute s Medicare Quality Payment Program (QPP) Physician Education Initiative 2017 Transition Year Flexibility Improvement Activities Category Options 1 P a g e Ad MEDICARE
More informationMeaningful Use Virtual Office Hours Webinar for Eligible Providers and Hospitals
Meaningful Use Virtual Office Hours Webinar for Eligible Providers and Hospitals Patti Kritzberger, RHIT, CHPS Tracey Regimbal, RHIT HIT-Quality Improvement Specialists Jane Stotts, BSN Quality Improvement
More informationWelcome to the Reducing Readmissions Preparation Program: Understanding Changes in Readmission Measures for Nursing Homes
Welcome to the Reducing Readmissions Preparation Program: Understanding Changes in Readmission Measures for Nursing Homes Lindsay Holland, MHA Director, Care Transitions, HSAG California Jennette Silao,
More informationHIPAA Privacy & Security
POWERCHART ACCESS REQUEST FORM Instructions: Complete this form for users who are not employed by St. Dominic-Jackson Memorial Hospital that will access St. Dominic Hospital s electronic health record.
More informationSecurity Risk Analysis and 365 Days of Meaningful Use. Rodney Gauna & Val Tuerk, Object Health
Security Risk Analysis and 365 Days of Meaningful Use Rodney Gauna & Val Tuerk, Object Health 2 3 Agenda Guidelines for Conducting a Security Risk Analysis Scope of Analysis Risk of a Breach Security Risks
More informationStage 3 and ACI s Relationship to Medicaid MU Massachusetts Medicaid EHR Incentive Program
Stage 3 and ACI s Relationship to Medicaid MU Massachusetts Medicaid EHR Incentive Program September 19 & 20, 2017 Today s presenters: Brendan Gallagher Thomas Bennett Agenda Stage 3 Meaningful Use (MU)
More informationFCSRMC 2017 HIPAA PRESENTATION
FCSRMC 2017 HIPAA PRESENTATION BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international
More informationMACRA, QPP, MIPS... more alphabet soup anyone?
A Partner for Lifelong Health Cathy Cordova, MPS, BSN, RN, CPHIMS Director, Clinical Excellence and Value Donna McCarthy, MT (ASCP), MBA Meaningful Use Manager MACRA, QPP, MIPS... more alphabet soup anyone?
More informationHITECH Act. Overview and Estimated Timeline
HITECH Act Overview and Estimated Timeline Key Program, Distribution, Use and Recipients for the HITECH Act* Focused Funds ($2 billion) PROGRAM DISTRIBUTION AGENCY USE OF FUNDS RECIPIENTS HIE Planning
More information2018 Employee HIPAA Orientation (EHO) Handbook
2018 Employee HIPAA Orientation (EHO) Handbook Using EHO The material in this booklet is designed to provide newly hired employees with an understanding of HIPAA s regulations and their impact on the employee
More informationOffice of the Chief Privacy Officer. Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV
Office of the Chief Privacy Officer Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV Table of Contents Introduction Why Apps? What ONC is doing to advance use of Apps
More informationEHR Incentive Programs for Eligible Professionals: What You Need to Know for 2016 Tipsheet
EHR Incentive Programs for Eligible Professionals: What You Need to Know for 2016 Tipsheet CMS published a final rule that specifies criteria that eligible professionals (EPs), eligible hospitals, and
More informationCopyright Scottsdale Institute All Rights Reserved.
Copyright Scottsdale Institute 2017. All Rights Reserved. No part of this document may be reproduced or shared with anyone outside of your organization without prior written consent from the author(s).
More informationMACRA Open Call December 5 th, 2016
MACRA Open Call December 5 th, 2016 Leila Volinsky, MHA, MSN, RN Quality Reporting Program Administrator This material was prepared by the New England QIN-QIO, the Medicare Quality Innovation Network-Quality
More informationTroubleshooting Audio
Welcome! Audio for this event is available via ReadyTalk Internet Streaming. No telephone line is required. Computer speakers or headphones are necessary to listen to streaming audio. Limited dial-in lines
More informationMoving MACRA-MIPS Forward: Role by Role
Moving MACRA-MIPS Forward: Role by Role Todd Searls, President & Founder 10/24/2017 Wanda Kelley, VP Clinical Informatics Rhonda Luetkenhaus, Manager Quality Programs 888.848.9876 info@phc.guru www.praesidioconsulting.com
More informationHealth Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living
Health Information Exchange 101 Your Introduction to HIE and It s Relevance to Senior Living Objectives for Today Provide an introduction to Health Information Exchange Define a Health Information Exchange
More informationTake Action Now to Avoid Medicare Penalties
Take Action Now to Avoid Medicare Penalties The Centers for Medicare and Medicaid Services (CMS) says over 33,600 psychiatrists provide services reimbursed under Medicare Part B. The Merit-based Incentive
More informationUpdated FY15 Dignity Health General Compliance Education for Staff Module 2
Updated FY15 Dignity Health General Compliance Education for Staff Module 2 This course will provide you with important information about the laws and regulations that affect the healthcare industry, our
More informationUnder the MACRAscope:
Under the MACRAscope: G08: Under the MACRAscope: MIPS and EHRs Robert Tennant, MA Director, HIT Policy, MGMA Government Affairs rtennant@mgma.org Learning Objectives This session will provide you with
More informationHealth Partners Plans Medicare FDR Requirements Frequently Asked Questions (FAQs)
Health Partners Plans Medicare FDR Requirements Frequently Asked Questions (FAQs) 1. Why do I need to be trained? The Centers for Medicare & Medicaid Services (CMS) requires Medicare Advantage Organizations
More informationOutpatient Antibiotic Stewardship Initiative Open Office Hours
Outpatient Antibiotic Stewardship Initiative Open Office Hours Matt Lincoln, MBA, Director, Administrative Operations, Health Services Advisory Group (HSAG) Mary Fermazin, MD, MPA, Chief Medical Officer,
More informationFrequently Asked Questions
Frequently Asked Questions Florida Medicaid Electronic Health Record Incentive Program For additional assistance, please contact the Florida EHR Incentive Program Call Center at (855) 231-5472 or email
More informationMACRA Quality Payment Program
The American College of Surgeons Resources for the New Medicare Physician System Table of Contents Simple Steps to Determine If MIPS Applies to Your Practice Situation... 3 5 Understanding the... 6 7 Big
More informationFEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA
FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA LEGAL CITATION California Civil Code Section 1798.82 California Health and Safety (H&S) Code Section 1280.15 42 U.S.C. Section 17932; 45 C.F.R.
More informationAdvanced HIPAA Communications and University Relations
Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability
More informationHCCA Institute Privacy Officer Round Table Discussion
HCCA Institute Privacy Officer Round Table Discussion Marti Arvin Deann Baker Why We re Here X A facilitated discussion of current issues that Privacy Professionals are dealing with in their day-to-day
More informationWHITE PAPER. Taking Meaningful Use to the Next Level: What You Need to Know about the MACRA Advancing Care Information Component
Taking Meaningful Use to the Next Level: What You Need to Know Table of Contents Introduction 1 1. ACI Versus Meaningful Use 2 EHR Certification 2 Reporting Periods 2 Reporting Methods 3 Group Reporting
More informationMIPS Program: 2018 Advancing Care Information Category
MIPS Program: 2018 Advancing Care Category The 2018 Quality Payment Program (QPP) Year Two final rule continues to implement the programs authorized under the Medicare and CHIP Reauthorization Act of 2015
More informationMedicaid EHR Incentive Program What You Need to Know about Program Year 2016
Medicaid EHR Incentive Program What You Need to Know about Program Year 2016 February 2017 Carrie Ortega, Health IT Project Manager Imeincentives@dhs.state.ia.us 1 Attestation Reminders 2016 Dates to Remember
More informationTroubleshooting Audio
Welcome! Audio for this event is available via ReadyTalk Internet streaming. No telephone line is required. Computer speakers or headphones are necessary to listen to streaming audio. Limited dial-in lines
More informationWashington Update. Agenda
Washington Update Agenda Trending topics Quality Payment Program: Mid-Year Status Report Proposed 2018 Medicare regulations Healthcare Reform Update Q&A 1 Non Discrimination Standards Where did it come
More informationMedicare Compliance and HIPAA Updates With Mario Fucinari DC, CCSP, CPCO, MCS-P, MCS-I Sponsored by NCMIC
Medicare Compliance and HIPAA Updates With Mario Fucinari DC, CCSP, CPCO, MCS-P, MCS-I Sponsored by NCMIC The information contained in these notes is for educational purposes and is not intended to be
More informationConnecticut Medicaid EHR Incentive Program Flexibility Checklist for Eligible Professionals for Meaningful Use Last Revision: May 27, 2015
Connecticut Medicaid EHR Incentive Program Flexibility Checklist for Eligible Professionals for Meaningful Use Last Revision: May 27, 2015 The Medicaid EHR Incentive Program provides incentive payments
More informationMeaningful Use Achieving Core Objective #14 Montana HIMMS 2012 Spring Convention
Meaningful Use Achieving Core Objective #14 Montana HIMMS 2012 Spring Convention Presented by John Whalen CISSP, CISA, CRISC Contents Objectives Risk exercise Breaches Meaningful Use What is an assessment?
More informationPromoting Interoperability Measures
Promoting Interoperability Measures Previously known as Advancing Care Information for 2017 and Meaningful Use from 2011-2016 Participants: In 2018, promoting interoperability measure reporting (PI) is
More informationMeaningful Use Update: Stage 3 and Beyond. Carla McCorkle, Midas+ Solutions CQM Product Lead
Meaningful Use Update: Stage 3 and Beyond Carla McCorkle, Midas+ Solutions CQM Product Lead Objectives Discuss major changes to Meaningful Use program for Stage 3 and impact on hospitals Identify steps
More informationMeaningful Use Audits for Medicare and Medicaid. Shay Surowiak, RN, BSN, CHTS-CP HIT Practice Advisor
Meaningful Use Audits for Medicare and Medicaid Shay Surowiak, RN, BSN, CHTS-CP HIT Practice Advisor An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123. Step 2: Enter
More informationTitle: HIPAA PRIVACY ADMINISTRATIVE
Administrative-HIPAA Privacy Title: HIPAA PRIVACY ADMINISTRATIVE Scope: All MultiCare Health System (MHS) workforce members, which includes but not limited to, employees, residents, students, volunteers
More informationCMS Priorities, MACRA and The Quality Payment Program
CMS Priorities, MACRA and The Quality Payment Program Ashby Wolfe, MD, MPP, MPH Chief Medical Officer, Region IX Centers for Medicare and Medicaid Services Presentation on behalf of HSAG November 16, 2016
More informationHIPAA Training
2011-2012 HIPAA Training New Hire Orientation and General Training 1 This training is to ensure all Health Management workforce members (associates, contracted individuals, volunteers and students) understand
More informationReview of the 2016 Annual Quality and Resource Use Reports. October 19, 2017
Review of the 2016 Annual Quality and Resource Use Reports October 19, 2017 Acronyms in this presentation ACO: AF: AMA: CCN: CNS: CRNA: CPC: CPT: DOB: EIDM: EP: ESRD: FFS: GPRO: HCC: Accountable Care Organization
More informationSteps toward Sustainability with the second year of the Quality Payment Program
Steps toward Sustainability with the second year of the Quality Payment Program Deanna Graham, QI Consultant, Qualis Health March 27, 2018 Speaker Deanna Graham QI Principal Qualis Health 2 Qualis Health
More informationMeaningful Use - Modified Stage 2. Brett Paepke, OD David Wolfson Marni Anderson
Meaningful Use - Modified Stage 2 Brett Paepke, OD David Wolfson Marni Anderson Wait! Where did Stage 1 and Stage 2 go? Traditional stages eliminated in late 2015 in order to: 1. reduce reporting requirements
More information2514 Stenson Dr Cedar Park TX Fax
HIPAA QUESTIONS LESSON 2 1. Civil monetary penalties can be as high as: a. $100 b. $1,000 c. $10,000 d. $50,000 2. Civil penalties for HIPAA violations apply to: a. Covered entities b. Business associates
More informationThe Quality Payment Program: Overview & Roles and Responsibilities
The Quality Payment Program: Overview & Roles and Responsibilities National Tribal Health Conference Susy Postal DNP, RN-BC Chief Health Informatics Officer September 27, 2017 INDIAN HEALTH SERVICE / OFFICE
More informationFrequently Asked Questions
Frequently Asked Questions Florida Medicaid Electronic Health Record Incentive Program For additional assistance, please contact the Florida EHR Incentive Program Call Center at (855) 231-5472 or email
More informationUpdated 2017 Medicaid EHR Incentive Program Requirements For Eligible Providers (EP)
Updated 2017 Medicaid EHR Incentive Program Requirements For Eligible Providers (EP) 1 Illinois Health Information Technology Regional Extension Center (ILHITREC) SUPPORT PROVIDED BY ILHITREC: The Illinois
More informationDoes HIPAA Satisfy Meaningful Use? Two regulations with one stone
Does HIPAA Satisfy Meaningful Use? Two regulations with one stone Tod Ferran, CISSP, QSA Hi There! Tod Ferran 25 years working with IT and physical security 3 years PCI and HIPAA security consulting, performing
More informationMeaningful Use Audits Strategy for Success!
Meaningful Use Audits Strategy for Success! Presented by: Susan Clarke, HCISPP, HTS Department Manager December 9, 2015 1-2 PM MST HTS, a department of Mountain-Pacific Quality Health Foundation 1 Thank
More informationInformation Privacy and Security
Information Privacy and Security 2015 Purpose of HIPAA HIPAA stands for the Health Insurance Portability and Accountability Act. Its purpose is to establish nationwide protection of patient confidentiality,
More informationAn Overview of Eligibility, Registration, and Attestation for the Medicare & Medicaid EHR Incentive Programs Eligible Professionals
An Overview of Eligibility, Registration, and Attestation for the Medicare & Medicaid EHR Incentive Programs Eligible Professionals Jon Langmead 10/31/2011 Centers for Medicare & Medicaid Services 1 Eligible
More informationWhat is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationPreparing for the 2018 EHR Medicaid Incentive Payment Program
Preparing for the 2018 EHR Medicaid Incentive Payment Program 1 Illinois Health Information Technology Regional Extension Center (ILHITREC) SUPPORT PROVIDED BY ILHITREC: The Illinois Health Information
More informationStudy Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
PP-501.00 SOP For Safeguarding Protected Health Information Effective date of version: 01 April 2012 Study Management PP 501.00 STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
More informationPeek-A-Boo: EHR Access and Compliance
Peek-A-Boo: EHR Access and Compliance HCCA Compliance Institute Orlando, FL April 10, 2011 Miriam Murray, Sava Senior Care Andrea McElroy, Aurora Health Care This is a medical record, can I show it to
More informationAdvancing Care Information- The New Meaningful Use September 2017
Advancing Care Information- The New Meaningful Use September 2017 ACO Announcements Reminders: ACO Notifications PECOS-Maintain active enrollment 2017 Patient Prospective Lists Upcoming provider/office
More informationMACRA Frequently Asked Questions
Following the release of the Quality Payment Program Interim Final Rule, the American Medical Association (AMA) conducted numerous informational and training sessions for physicians and medical societies.
More informationFrom Surviving to Thriving in the QPP World
From Surviving to Thriving in the QPP World Today s Objectives Brief MACRA Overview Where are we going?: Advanced Alternative Payment Models (APMs) Where are we now? Merit Incentive-Based Payment System
More informationTroubleshooting Audio
Welcome! Audio for this event is available via ReadyTalk Internet Streaming. No telephone line is required. Computer speakers or headphones are necessary to listen to streaming audio. Limited dial-in lines
More informationUnderstanding MU 3 Requirements
Understanding MU 3 Requirements Title of Presentation Title of Presentation Session presenters - Presenter-Michele Janowski; RT (R), BSRS, CMUP Senior Manager, Evident target audience: Target audience:
More informationMaking Sense of Clinical Quality Reporting
Making Sense of Clinical Quality Reporting June 21, 2016 8-9 AM (Hawaii Time) 10-11 AM (Alaska Time) Noon - 1 PM (Mountain Time) Presented by: Mary Erickson, RN, HIT/QI Consultant HTS, a department of
More informationMeaningful Use CHCANYS Webinar #1
Meaningful Use 2016 CHCANYS Webinar #1 Ekem Merchant -Bleiberg, Director of Implementation Services Alliance of Chicago Wednesday February 24, 2016 Agenda 2016 Meaningful Use Guidelines Timelines & Deadlines
More informationMeaningful Use and How it Relates to the Quality Payment Program. Erin Dormaier, CHTS-IM, PCMH CCE Transformation Support Services Manager
Meaningful Use and How it Relates to the Quality Payment Program Erin Dormaier, CHTS-IM, PCMH CCE Transformation Support Services Manager 1 Timeline EPs EPs can attest for a total of six years Check at
More informationUsing Updox to Succeed with MIPS
Using Updox to Succeed with MIPS Who is Updox? A Communications Platform built by physicians, for physicians 56,000+ providers and more than 300,000 users--and growing 100+ EMR integrations 72 million
More informationMeaningful Use Modified Stage 2 Roadmap Eligible Hospitals
Evident is dedicated to making your transition to Meaningful Use as seamless as possible. In an effort to assist our customers with implementation of the software conducive to meeting Meaningful Use requirements,
More informationMACRA Implementation: A Review of the Quality Payment Program
MACRA Implementation: A Review of the Quality Payment Program Neal Logue, Kirk Sadur Centers for Medicare and Medicaid Services, Region IX, September 15, 2017 Disclaimer This presentation was prepared
More informationOSHA & HIPAA Seminar. Northern Texas Facial & Oral Surgery
OSHA & HIPAA Seminar Sponsored By Northern Texas Facial & Oral Surgery April 11, 2014 Power Point Slides For The Course Power Point handout slides are provided for your use during the lecture. Bring these
More informationThe Merit-Based Incentive Payment System (MIPS) Survival Guide. August 11, 2016
The Merit-Based Incentive Payment System (MIPS) Survival Guide August 11, 2016 Speakers Nina Marshall, MSW, Senior Director, Policy and Practice Improvement, National Council for Behavioral Health Elizabeth
More informationMeaningful Use Audit Webinar Series
Meaningful Use Audit Webinar Series March 25, 2015: An Overview of the Meaningful Use Audit Process 1 in 10 providers will receive a MU audit letter April 1, 2015: Preparing for EHR Incentive Program Audit
More informationCIO Legislative Brief
CIO Legislative Brief Comparison of Health IT Provisions in the Committee Print of the 21 st Century Cures Act (dated November 25, 2016), H.R. 6 (21 st Century Cures Act) and S. 2511 (Improving Health
More information