CONNECTING YOU TO BETTER CARE!

Similar documents
Rochester RHIO User Guide

Accessing HEALTHeLINK

Staff Training. Understanding Healthix Patient Consent

New York State Data Exchange Incentive Program (DEIP)

NOTICE OF PRIVACY PRACTICES

Proposed Regulations NEW YORK STATE DEPARTMENT OF HEALTH Return to Public Health Forum

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

JOINT NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

Drew McNichol Director of Technology. HIMSS NY Chapter June 17, 2015

Privacy Issues and the Children s Hospital EMR

Chapter 9 Legal Aspects of Health Information Management

Catholic Charities Disabilities Services. In-Home Behavioral Support Services (2017)

NOTICE OF PRIVACY PRACTICES

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL

Notice of. Privacy Practices. Dartmouth-Hitchcock Affiliated Covered Entity

HIPAA-HITECH HELPBOOK NJ Physician Practices

WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES

Catholic Charities Disabilities Services 2017 Family Reimbursement Grant For Respite Funds 1 Park Place, Suite 200 Albany, NY (518)

Notice of Privacy Practices

The Children's Clinic Patient Information Form

NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM

Computer Provider Order Entry (CPOE)

ERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES. Effective Date : April 14, 2003 Revised: August 22, 2016

Notice of privacy practices

Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

HIPAA Training

Notice of Privacy Practices

CAPITAL SURGEONS GROUP, PLLC

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES Full Length Version Effective Date: 4/19/2016

2015 Meaningful Use and emipp Updates (for Eligible Professionals)

Medicaid EHR Incentive Program Health Information Exchange Objective Stage 3 Updated: February 2017

CHI Mercy Health. Definitions

NOTICE OF PRIVACY PRACTICES

CHIME Concordance Analysis of Stage 2 Meaningful Use Final Rule - Objectives & Measures

HIPAA Privacy Rule. Best PHI Privacy Practices

NOTICE OF PRIVACY PRACTICES

WV MEDICAID PROVIDER WORKSHOPS & TRAINING SESSIONS. Amber Nary Business Development Manager

JOINT NOTICE OF PRIVACY PRACTICES

SUMMARY OF NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

THE ECONOMICS OF MEDICAL PRACTICE UNDER HIPAA/HITECH

NOTICE OF PRIVACY PRACTICES

Missouri Health Connection. One Connection For A Healthier Missouri

Central New York Care Collaborative (CNYCC) Oneida County Health Coalition Meeting June 30, 2016

Welcome to Rochester RHIO s GET DIRECTed! Denise DiNoto Director of Community Services March 2014

THE CHILDREN S INSTITUTE OF PITTSBURGH NOTICE OF PRIVACY PRACTICES

Parental Consent For Minors to Receive Services

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

HH Health System-Shoals, LLC dba Helen Keller Hospital Notice of Privacy Practices

Sharing health information electronically eliminates the need for faxing, copying and handcarrying your health record from provider to provider.

Iatric Systems Supports the Achievement of Meaningful Use

Agenda. NE CAH Region Discussion

Request for Information NJ Health Information Network. State of New Jersey. New Jersey HIT Coordinators Office. Request for Information

HIPAA & HEALTH INFORMATION EXCHANGE

Notice of HIPAA Privacy Practices Updates

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

OSHA & HIPAA Seminar. Northern Texas Facial & Oral Surgery

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

HIE/HIO Organizations Supporting Meaningful Use (MU) Stage 2 Goals Q Update from 2013 HIE Survey Participants

NOTICE OF PRIVACY PRACTICES MedQuest Effective April 2003 Revised January 2014

NOTICE OF PRIVACY PRACTICES

What Do Legislators Want to Know About IT?

NOTICE OF PRIVACY PRACTICES

during the EHR reporting period.

LIFEPlan CCO NY, LLC Participation Agreement. Provider:

HIE & Interoperability: Roadmap to Continuum of Care Michael McPherson MU Coordinator KDHE

HIPAA Notice of Privacy Practices

Medicare and Medicaid EHR Incentive Program. Stage 3 and Modifications to Meaningful Use in 2015 through 2017 Final Rule with Comment

Meaningful Use Overview for Program Year 2017 Massachusetts Medicaid EHR Incentive Program

Privacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016

$100 Hospital Ambulatory Surgical Center (ASC) Specialist: $30/visit Chiropractic (Medicare-covered) Podiatry (Medicare-covered)

Acknowledgement of Notice of Privacy Practices

University of Wisconsin-Madison Policy and Procedure

ONC Cooperative Agreement HIE Program Update. Arizona Rural & Public Health Policy Forum January 19, 2012

If you have any questions about this notice, please contact our privacy officer Dr. Jev Sikes at

Building Blocks for HIE in California

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE

Webinar #5 Meaningful Use: Looking Ahead to Stage 2 and CPS 12

Meaningful Use Modified Stage 2 Roadmap Eligible Hospitals

Harnessing the Power of MHS Information Systems to Achieve Meaningful Use of Health Information

MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA Privacy & Security

Southwest Idaho Ear, Nose and Throat, P.A. Notice of Privacy Practices

Data Exchange Incentive Program (DEIP)

Information Privacy and Security

Stage 1 Meaningful Use Objectives and Measures

Massachusetts Department of Public Health. Privacy of Health Data

Notice of Privacy Practices

Meaningful Use Measures: Quick Reference Guide Stage 2 (2014 and Beyond)

Office of the Chief Privacy Officer. Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV

The University of Chicago Medicine Privacy Program Accounting of Disclosures Definition Table

A general review of HIPAA standards and privacy practices 2016

STAGE 2 PROPOSED REQUIREMENTS FOR MEETING MEANINGFUL USE OF EHRs 1

PFF Patient Registry Protocol Version 1.0 date 21 Jan 2016

NOTICE OF PRIVACY PRACTICES

Health Information Exchange: Substance Abuse Patient Records March 3, 2016

Transcription:

CONNECTING YOU TO BETTER CARE!

Agenda HealtheConnections Overview HIPAA NYS RHIO Policies and Procedures 2

Health e Connections RHIO Formed as the highest priority of Health Advancement Collaborative of Central New York (HAC-CNY) What is a RHIO? Non-governmental, multi-stakeholder organization that enables and oversees the business and legal issues involved in the exchange and use of health information, in a secure manner, for the purpose of promoting the improvement of health quality, safety and efficiency. What is a Health Information Exchange (HIE)? The transmission and sharing of medical records among healthcare entities in accordance with national and state technology and security standards. HIEs are an integral component of the health information technology infrastructure under development in the United States through HealtheWay (formerly Nationwide Health Information Network). 3

Guiding Principles Deliver Value Services / Functionality / Cost Drive Usage Increase Participation and Use Develop and Maintain Regional Provider and Patient Trust Provide Valued Services to all Regional Participants, With or Without an EMR 4

Regional Participants Hospitals Practices Public Health FQHCs Labs and Radiology Centers Other Healthcare Providers Cayuga, Cortland, Herkimer, Jefferson, Lewis, Onondaga, Oneida, Oswego, Madison, Tompkins, St. Lawrence 5

HIE Services Patient Lookup Consolidated View of Patient Health Records Image Exchange Diagnostic Quality Image Viewer Image Enabled Results Delivery myalerts Patient ED Admit Patient Inpatient Admit Patient Discharge Direct Mail Exchange Clinical Data through Secure Mail Results Access & Delivery Automated Delivery of Patient Records where Provider is Named To Connected EHRs Summary View of Clinical Results where Provider is Named Query Based Exchange EHR-to-HIE Patient Query SHIN-NY Statewide Patient Lookup NYS Public Health Immunization Syndromic Surveillance National Network VA, DoD emolst (Advanced Directives) 6

HIPAA First and foremost, HIPAA privacy and security rules must be followed for using the Health Information Exchange (HIE) including, but not limited to, rules such as: Minimum Necessary Do not share your login credentials with anyone Do not look up yourself, family members, or friends For more information on HIPAA, visit: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html 7

Consent HealtheConnections requires an informed consent, with a signed form by the patient or their representative for each Participating Organization where s/he is a patient The form can be either paper or electronic The patient can change their selection at any time by completing a new form at the Participating Organization Consent is required to access and view a patient s PHI in the HIE Consent is not required for: Data sources to upload patient medical records to the HIE One to One Exchanges Emergency Situations De-identified Data Public Health Reporting Break-the-Glass access is for emergency situations only! 8

Audits All Participants are subject to periodic auditing including, but not limited to: Patient Consent Forms o Retained by Participant for 6 years o HeC provides sample size file of patient consents to Participant for validation o Participant to submit proof of signed consent forms, as requested o Participants complete attestation form to validate consents and return to HeC within one (1) week Patient Accesses o HeC provides a report of a patients whose Protected Health Information (PHI) was accessed, type of PHI accessed, user who accessed PHI, date and time of access o Participants complete attestation form to validate accesses and return to HeC within one (1) week Break-the-Glass (BTG) Reports o HeC provides daily BTG reports to Participants o Participants complete attestation form to confirm proper use of BTG and return to HeC within one (1) week Authorized User Application Forms o Retained by Participant for 6 years o Participant to submit proof of signed forms, as requested Annual Refresher Training Forms o Retained by Participant for 6 years o Participant to submit proof of signed forms, as requested 9

Participant Audit Requests A participating organization may request an audit in the event of a suspected breach The request may be made by the RHIO Administrator or the Audit Recipient The Audit includes: Authorized user who accessed the patient s Protected Health Information (PHI) in the last 6 years The Participant through which the Authorized User accessed the PHI Date and Time of the access Type of PHI accessed A patient s affirmative consent must be on file The Audit Report will be provided within 10 days of receipt of the request 10

Patient Audit Requests A patient may request an audit of their records accessed in the HIE by: Visiting the HealtheConnections office, with proof of identity Having their provider, an HeC Participant, make the request on their behalf The Audit includes: Authorized user who accessed the patient s Protected Health Information (PHI) in the last 6 years The Participant through which the Authorized User accessed the PHI Date and Time of the access Type of PHI accessed The Audit Report will be provided to the patient within 10 days of receipt of the request 11

Breaches HeC and its Participants must notify each other of any actual or suspected breaches HeC (and the Participant) will investigate the incident If a breach has occurred, HeC will: Notify any Participants whose PHI was subject of the breach Notify (or require Participant) to notify the patient(s) whose PHI was breached Notify any applicable regulatory agencies, as appropriate Determine disciplinary and/or other sanctions, as appropriate 12

Sensitive Data Consent allows access to sensitive health conditions, including but not limited to: Alcohol or drug use problems/treatment Birth control and abortion (family planning) Genetic (inherited) diseases or tests Any mention of HIV/AIDS Mental health conditions Sexually transmitted diseases 13

Access at Multiple Facilities Many users have access to the HIE for treating patients at different facilities The user will only need one* login and password; however, when logging in, the user must select the facility for which patient records are being accessed Remember that a patient s consent only applies to that facility * Public Health users may require 2 logins if they use the HIE as a clinical user (consent is required) and as a Public Health user (consent is not required) 14

Other Accesses Public Health Organizations May access Protected Health Information without consent to: o Investigate cases of communicable diseases o Ascertain sources of infection o Conduct investigations to assist in reducing morbidity and mortality o Investigate suspected or confirmed cases of lead poisoning Organ Procurement May access Protected Health Information without consent for the purposes of facilitating organ, eye or tissue donation and transplant These organizations, while not required to consent, are still subject to Auditing 15

Sending PHI PHI should be handled in one of the following ways: Via Direct Mail Via FAX Via email only if the PHI file is encrypted and/or password-protected 16

Your RHIO Administrator Participant RHIO Administrators are an important asset and assist HealtheConnections in the following ways: Approve and request HIE accounts for authenticated Authorized Users and notify HeC to terminate accesses Key contact point for updates and notifications, especially for HeC Policy and Procedure changes Ensure compliance of policies Report breaches and coordinate investigation May be the designated Audit Report recipient for their organization 17

Reminders HealtheConnections Support: Email: support@healtheconnections.org Phone: 315.671.2241 x5 Fax: 315.407.0053 Forms are available at: http://www.healtheconnections.org/what-wedo/hie-services/training-materials/ Use Forgot Password on the myconnections login page for quick and easy password resets 18

Congratulations! Visit us www.healtheconnections.org

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback