Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL

Similar documents
Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

Chapter 9 Legal Aspects of Health Information Management

Emergency Medical Services Division Policies Procedures Protocols

ecw Integration PIX, XACML, CCD with Basic Clinical Event Notifications Project Scope Definition

Iatric Systems Supports the Achievement of Meaningful Use

Data Sharing Consent/Privacy Practice Summary

NEW PATIENT PACKET. Address: City: State: Zip: Home Phone: Cell Phone: Primary Contact: Home Phone Cell Phone. Address: Driver s License #:

Information Privacy and Security

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

Meaningful Use Modified Stage 2 Roadmap Eligible Hospitals

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

Medical Records Chapter (1) The documentation of each patient encounter should include:

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

The Children's Clinic Patient Information Form

VCU Health System PatientKeeper Connect. Request Instructions

PATIENT INFORMATION. In Case of Emergency Notification

CLINICIAN S GUIDE TO HIPAA PRIVACY

Security Risk Analysis and 365 Days of Meaningful Use. Rodney Gauna & Val Tuerk, Object Health

A general review of HIPAA standards and privacy practices 2016

Accessing HEALTHeLINK

HIPAA PRIVACY TRAINING

HIPAA Education Program

during the EHR reporting period.

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

ecw and NextGen MEETING MU REQUIREMENTS

HIPAA Privacy & Security

Message from the Medical Staff Office

SUMMARY OF NOTICE OF PRIVACY PRACTICES

Payment: We are permitted to use and disclose your health information to receive payment for our services. For example, we may:

Notice of Privacy Practices

2514 Stenson Dr Cedar Park TX Fax

HIE Implications in Meaningful Use Stage 1 Requirements

Mobile Mammo Registration Instructions

Business Risk Planning

PATIENT INFORMATION Please Print

******************************************************************** Policy Expectation:

Staff Training. Understanding Healthix Patient Consent

1. What are the requirements for Stage 1 of the HITECH Act for CPOE to qualify for incentive payments?

HIPAA THE PRIVACY RULE

The results will also be used for public reporting for MN Community Measurement on mnhealthscores.org.

HIPAA for CNAs. This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020.

Understanding the Privacy and Security Regulations

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

Sevocity v Advancing Care Information User Reference Guide

INCOMPLETE APPLICATIONS WILL NOT BE PROCESSED

Care360 EHR Frequently Asked Questions

MCCP Online Orientation

Provider Rights and Responsibilities

ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY

DATA PROTECTION POLICY (in force since 21 May 2018)

New Mexico Department of Health Public Health Division Infectious Disease Bureau New Mexico Statewide Immunization Information System (NMSIIS)

STAGE 2 PROPOSED REQUIREMENTS FOR MEETING MEANINGFUL USE OF EHRs 1

Merit-Based Incentive Payment System (MIPS) Promoting Interoperability Performance Category Measure 2018 Performance Period

Meaningful Use Hello Health v7 Guide for Eligible Professionals. Stage 2

CHI Mercy Health. Definitions

What is your start date? (Date in which you plan to begin seeing patients in the hospital). Specialty SECTION I. IDENTIFICATION DATA

Minimum Business Requirements To Administer the CAHPS Hospice Survey

YOUR HEALTH INFORMATION EXCHANGE

CHIME Concordance Analysis of Stage 2 Meaningful Use Final Rule - Objectives & Measures

GDPR DATA PROCESSING ADDENDUM. (Revision March 2018)

Interoperability. eclinicalworks. Farah Saeed

The HIPAA privacy rule and long-term care : a quick guide for researchers

Quanum Electronic Health Record Frequently Asked Questions

HIPAA Privacy Regulations Governing Research

Patient Privacy Requirements Beyond HIPAA

If you have any questions about this notice, please contact the SSHS Privacy Officer at:

The Arizona HIO Statute

The Queen s Medical Center HIPAA Training Packet for Researchers

Privacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016

PRIVACY IMPACT ASSESSMENT (PIA) For the

PRIVACY POLICIES AND PROCEDURES

PFF Patient Registry Protocol Version 1.0 date 21 Jan 2016

APPENDIX 2 NCQA PCMH 2011 AND CMS STAGE 1 MEANINGFUL USE REQUIREMENTS

REQUIREMENTS GUIDE: How to Qualify for EHR Stimulus Funds under ARRA

St. Mary s Industrial Medicine 4017 Atlanta Hwy, Ste B Bogart, GA Phone: (706) Fax: (706)

I. PURPOSE DEFINITIONS. Page 1 of 5

2018 ABOS Part II Oral Examination

FCSRMC 2017 HIPAA PRESENTATION

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY

POTENTIAL LIABILITY: PATIENT HEALTH INFORMATION PORTALS

2018 Employee HIPAA Orientation (EHO) Handbook

MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES

***************************************************************************************

Stanford University Privacy Guidelines Fundraising

Calibrating your tablet allows you to ensure accuracy as you handwrite on the screen and/or select items on the screen. Prime Clinical Systems, Inc 1

HIPAA Privacy Training for Non-Clinical Workforce

Patient Matching within a Health Information Exchange

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

NOTICE OF PRIVACY PRACTICES

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

Stage 2 Meaningful Use Objectives and Measures

Compliance Program Updated August 2017

Care Management Policies

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

Direct Messaging is live! Enroll for your mailbox today! Are you attesting for Meaningful Use 2 for Transitions of Care?

OREGON ADMINISTRATIVE RULES DEPARTMENT OF HUMAN SERVICES, PUBLIC HEALTH DIVISION CHAPTER 333 DIVISION 270

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

Transcription:

Memorial Hermann Information Exchange MHiE POLICIES & PROCEDURES MANUAL

TABLE OF CONTENTS 1. Definitions 3 2. Hardware/Software Supported Platform Requirements 4 3. Anti-virus Software Requirement 4 4. Installing Third Party Devices/Programs on Exchange Member Network 4 a. Community Health Exchange b. Image Gateway c. Diagnostic Health Exchange 5. Data Integrity 5 6. MHiE Adoption of Industry Standards 5 7. Addition of New Exchange Members 5 8. New User Login and User Maintenance Process 5 9. Support and SLA Guidelines 5 10. MHiE Downtime Notification 6 11. Compliance with HIPAA 6 12. Termination of MHiE Services 6 13. Training 6 14. Patient Rights 6 15. Disclosure of PHI to Third Parties 6 16. Patient Consent 6 a. Community Health Exchange b. Image Gateway 17. Patient Reconciliation 7 a. Community Health Exchange 18. Audit Request Process 8 2

Memorial Hermann Information Exchange POLICIES AND PROCEDURES The below Policies and Procedures apply to the operation of the MHiE System, the provision of MHiE Services, and the relationships among MHiE and the Exchange Members with respect to the MHiE System. Exchange Member agrees to comply with all Policies and Procedures applicable to it. Definitions 1. Memorial Hermann Information Exchange (MHiE) is a health information exchange network that provides the capability to electronically share clinical information among disparate health care information systems in a useful manner. The goal of MHiE is to facilitate access to and retrieval of clinical data to provide safer, efficient, effective, patient-centered care. 2. Exchange Members are authorized participants of MHiE and include hospitals, physicians or physician groups, and other health care providers, physiological testing facilities, and others. Exchange Members may be a Data Provider, Data Recipient or both. 3. Exchange Member Agreement (EMA) is a contract signed by each Exchange Member prior to participation in MHiE. One of the core constructs of the EMA is the Exchange Member s commitment to a common patient consent form, to be signed by patients opting into MHiE. 4. MHiE Diagnostic Health Exchange (dhx) provides lab orders, real time lab and radiology results, radiology image links and transcription documents. MHiE dhx directly integrates with selected Electronic Medical Records systems, making Memorial Hermann diagnostic test results immediately available to authorized caregivers. 5. MHiE Community Health Exchange (chx) is a secure, encrypted electronic network that gives authorized users access to consented patients most up-to-date health information contributed by all Exchange Members. MHiE chx conforms to national standards for Continuity of Care (CCD) exchange and supports achievement of Meaningful Use. 6. MHiE Image Gateway provides secure access to view and share medical images. Relevant diagnostic images are available for Exchange Members as patients transition to different venues of care. The MHiE Image Gateway supports the regional trauma network as well as physician-to-physician and imaging center-to-physician image sharing. 7. MHiE eclinicalworks Health Exchange (ehx) facilitates interoperability between physicians within the eclinicalworks community. The tool supports a holistic view of a patient s ambulatory record within the connected ecw community. With patient consent, records can be shared between treating physicians to ensure greater accuracy and more complete patient information. 8. MHiE eclinicalworks Provider to Provider (ep2p) is an integrated network that connects physicians using eclinicalworks to electronically share patient records, referrals, messaging and appointments. It is a scalable and secure way to enhance patient care through improved provider-to-provider dialogue. 9. MHiE ScheduleNow provides a web-based platform for patient self-scheduling, and care provider referral scheduling by creating meaningful connections between various community physician scheduling systems. 10. Electronic Medical Record (EMR) is a computerized medical record created in an organization that delivers care, such as a hospital or physician s office. 11. Continuity of Care Document (CCD) is an electronic document exchange standard for sharing patient summary information. chx Exchange Members electronically transmit CCDs to MHiE. CCDs can include (but are not limited to) the following information: Allergies Problems Medications Immunizations Procedures Family History Social History Payors Advanced Directives Alerts Medical Equipment Vital Signs Functional Tests Test Results Encounter History Plan of Care 8. Data Provider means an Exchange Member that is registered and has contracted to provide information to the MHiE for use through the MHiE System. 3

9. Data Recipient means an Exchange Member that is registered and has contracted to use the MHiE System to obtain health information. 10. DICOM is a standard for handling, storing, printing and transmitting information in medical imaging. DICOM files can be exchanged between two entities that are capable of receiving image and patient data in DICOM format. 11. Protected Health Information (PHI) includes but is not limited to written or electronic information relating to the diagnosis, treatment, tests, prognosis, admission, discharge, transfer, prescription, claims, and/or other data or information implicitly or explicitly identifying a patient to whom items or services are provided by an Exchange Member, which information is provided, stored, or accessed by an Exchange Member in connection with the MHiE System. 12. Master Patient Index (MPI) an electronic records database used to identify, match, merge and reconcile patient records to create a master index that may be used to obtain a complete and single view of the patient. The MPI will create a unique identifier for each patient. 13. HIPAA is the Health Insurance Portability and Accountability Act of 1996 Hardware/Software Supported Platform Requirements for Exchange Members Exchange Member is responsible for procuring and maintaining all equipment and software (other than MHiE associated software) necessary for it to access the MHiE System, use the MHiE Services and provide to MHiE all information required by Exchange Members. Exchange Member Required Hardware and Software should conform to MHiE s thencurrent specifications. MHiE may propose changes to the specifications from time to time. If MHiE decides to implement the change, it will provide reasonable prior notice to those Exchange Members impacted by the change. Exchange Member is responsible for ensuring that all computers used to interface with the MHiE System are properly configured and maintained, including but not limited to the operating system, web browser(s) and internet connectivity. MHiE will supply further hardware/software requirements following an assessment of each Exchange Members capabilities in context of requested MHiE functionality. Anti-virus Software Requirement In providing any data to the MHiE System, Exchange Member should use reasonable efforts to ensure that the medium containing such data does not include and will not introduce any program, routine, subroutine, or data which will disrupt or damage the proper operation of the MHiE System or MHiE associated hardware/software. Exchange Member should further use reasonable efforts to prevent unauthorized access to its computers used to access the MHiE System, including the use of identification and security measures and the prompt installation of all software vendor-recommended security updates (subject to Exchange Member s standard acceptance testing). MHiE System and Services will adhere to the same anti-virus requirements requested of Exchange Members. Installing Third Party Devices/Programs on Exchange Member Network Exchange Member acknowledges that third party devices may need to be installed on their internal network in order to implement MHiE System and Services. Exchange Member reserves the right to access and scan devices to ensure hardware meets security standards. Community Health Exchange HealthDock is an edge server supplied by Certify Data Systems, a MHiE vendor partner. A HealthDock will be installed on Exchange Members internal network and is a required component for those Exchange Members contributing patient demographic data and CCDs to MHiE. The HealthDock acts as a conduit between the Exchange Member EMR and MHiE, creating a secure and encrypted connection for transmitting data. Image Gateway Gateway Appliance is an edge server supplied by DICOM Grid, a MHiE vendor partner. The Gateway Appliance will be installed on Exchange Members internal network and is a required component for those Exchange Members uploading or viewing studies via the Image Gateway. The Gateway Appliance s split-merge technology removes PHI from DICOM imaging data, encrypting and compressing prior to sharing. When the study is forwarded to the Exchange Member, the PHI is decrypted and merged back into the image data, recreating the original diagnostic quality image study. Diagnostic Health Exchange dhx Auto Print Agent is a program supplied by Lifepoint, a MHiE vendor partner. The dhx Auto Print Agent will be installed on Exchange Members local device and is a required component for those Exchange Members utilizing auto-print functionality. 4

dhx Routing Agent is a program supplied by Lifepoint, a MHiE vendor partner. The dhx Routing Agent will be installed on Exchange Members local device and is an alternative solution for those Exchange Members looking for a more cost-effective method of processing orders and results. Data Integrity Exchange Members are responsible for ensuring the quality and integrity of data contributed to MHiE. In the event data quality and/or integrity are seriously compromised, Exchange Member is responsible for taking whatever means necessary to resolve related issues and to report incident promptly to MHiE. MHiE Adoption of Industry Standards Standardization of technology enables and supports widespread adoption and interoperability, thereby creating a culture of collaboration amongst healthcare entities. MHiE System and MHiE Services adhere to industry accepted standards to the greatest degree possible. Addition of New Exchange Members Exchange Member acknowledges that other Exchange Members may be granted access to the MHiE System and MHiE Services by entering into an agreement with MHiE on substantially identical terms and conditions as those in the Exchange Member Agreement. Exchange Members become authorized users of MHiE after they have signed the Exchange Member Agreement that defines the terms and conditions and governs the use of MHiE. This creates the official Exchange Member list. Memorial Hermann and all of its owned facilities are treated as a single entity while all other Exchange Members are listed as individual entities. Community Health Exchange MHiE chx aggregates data contributed by Exchange Members into a single Community View. Exchange Members are denoted as the Source of data they contribute to MHiE. MHiE maintains a list of current chx Exchange Members, which can be accessed at any time by visiting memorialhermann.org/mhie. Image Gateway Image Gateway facilitates a bi-directional connection between Memorial Hermann Health System and an Exchange Member. Unless two Exchange Members jointly enter into a separate agreement with DICOM Grid, MHiE s vendor partner, an Exchange Member is limited to sending image studies to and receiving image studies from Memorial Hermann Health System. eclinicalworks Health Exchange MHiE ehx aggregates data contributed by Exchange Members using eclinicalworks into a single Community View. Exchange Members are denoted as the Source of data they contribute to MHiE. MHiE maintains a list of current ehx Exchange Members, which can be accessed at any time by visiting memorialhermann.org/mhie. New User Login and User Maintenance Process Exchange Member should provide MHiE with a list, in the medium and format approved by MHiE, identifying all of the Exchange Member s Authorized Users. This list will enable MHiE to establish a unique identifier for each Authorized User. Exchange Member should immediately notify MHiE of termination of employment or affiliation of an Authorized User and take such other actions as are required by the Policies and Procedures with respect to such former Authorized User and take steps within its systems and control to ensure that the former Authorized User is informed of the change when and if his or her access is terminated. MHiE requires that strong passwords are implemented and operational on all applicable information systems and resources. Support & SLA Guidelines MHiE will provide, by telephone, e-mail, and/or other means, support and assistance in resolving difficulties in accessing and using the MHiE System and MHiE Services. Exchange Members should report any MHIE System and/or Service related issues or concerns to 713.704.DOCS(3627). MHIE will respond to reported issues as soon as possible but at least within two (2) business days of the issue being reported. 5

MHiE Downtime Notification MHiE will make every reasonable attempt to alert all Exchange Members prior to any change or event that will cause some interruption to service or impact responsiveness to data made accessible by MHiE System and Services. Notifications will include the following information: 1. Type of event? (e.g. planned or unplanned downtime) 2. Who is impacted? 3. How are MHiE Systems and Services impacted? 4. MHiE Contact information for questions/concerns (713.704.DOCS(3627)) Compliance with HIPAA MHiE and Exchange Member should comply with all applicable standards for the confidentiality, security and use of PHI under HIPAA, any related requirements under applicable federal, state and local law or under Exchange Member s own rules and regulations. Exchange Member agrees to report promptly to MHiE any serious breach of the confidentiality of PHI. Termination of MHiE System and Services Exchange Member may terminate the Exchange Member Agreement, at any time without cause, by giving thirty (30) days advance written notice of that termination to MHiE. MHiE may immediately terminate the Exchange Member Agreement without reason or cause, upon forty-five (45) days advance written notice to Exchange Member. Upon any termination of Exchange Member s Agreement, Exchange Member will cease to be a Data Provider and/or Data Recipient and will immediately lose any and all rights to use the MHiE System and/or MHiE Services. Training Exchange Member should provide appropriate and adequate introductory training to all of the Authorized Users to familiarize them with their obligations pursuant to their use of the MHiE System and MHiE Services. In addition, Exchange Member represents that it has trained its workforce in the requirements of applicable laws and regulations governing the confidentiality, privacy, and security of health information, including without limitation requirements imposed under HIPAA. MHiE will provide initial training to Authorized Users identified by the Exchange Member to serve as internal trainers for the Exchange Member and thereafter as MHiE determines appropriate. Training will include instruction on access and use of the MHiE System and MHiE Services. MHiE will also provide such user manuals and other resources MHiE determines appropriate to support the MHiE System and MHiE Services. Patient Rights A patient who has his or her confidential health information or diagnostic images transferred through the MHiE should have the following rights: 1. Patient can obtain a copy of his/her confidential health information from the MHiE 2. Patient can access a current list of Exchange Members authorized to access his/her health care information by visiting www.memorialhermann/mhie. 3. Patients should be notified of any breach of PHI impacting the quality of data in MHiE. 4. Exchange Members who violate the laws and regulations governing the confidentiality, privacy, and security of health information are subject to civil and criminal penalties. 5. Patients can terminate participation in the MHIE at any time. 6. Upon a patient s termination from the MHiE, his/her data should not be accessed by a provider participant for any purpose, including clinical care. Disclosure of PHI to Third Parties MHiE may disclose PHI to any third party persons or entities as necessary to perform its obligations under the Exchange Member Agreement and as permitted or required by applicable federal or state law. Patient Consent Each Exchange Member agrees to document Patient Consent for all PHI uploaded to MHiE by Exchange Member on behalf of patients under Exchange Member s care. 6

Community Health Exchange chx consent is captured and maintained at the point of care and, therefore, Exchange Members must obtain patient consent prior to contributing patient demographic data or CCDs to chx. Consent is generally captured during the patient visit and must be recorded in the EMR. All Exchange Members must use the common MHiE Consent form and maintain a copy of the patient signature on file. In addition, Exchange Members must provide patients with a means by which to discontinue participation in chx. Patient consent authorizes the following: 1. An Exchange Member to contribute CCDs to MHiE. 2. All MHiE Exchange Members to access (view, consume, etc.) CCD data contributed to MHiE. Patients have a right to terminate their enrollment in MHiE and may revoke authorization to participate at any time. To revoke authorization and terminate participation in MHiE, a patient must call 713.456.MHiE(6443) and request withdrawal from the MHiE System. The operator will do three things: 1. Opt the patient out of Memorial Hermann Health System 2. Submit a request to MHiE technical support staff to opt patient out of MHiE, disabling the patient record from being searchable. MHiE will opt the patient out of MHiE as soon as possible but at least within two (2) business days of receipt of request that an individual has revoked his/her authorization. 3. Instruct the patient to contact each Exchange Member where they would like to withdraw consent and request to be opted out of MHiE. This will restrict CCDs from being transmitted to MHiE. Any PHI submitted prior to withdrawal from MHiE System will remain in the database, although it will not be accessible by Exchange Members. Image Gateway Patient consent to participate in Image Gateway is covered under payment, treatment and operations (PTO), as a direct provider-to-provider referral. eclinicalworks Health Exchange Reference Community Health Exchange consent policy above. Patient Reconciliation Patient demographic data is contributed by multiple Exchange Members. In the event of a potential duplicate or duplicate transaction, the records will be either manually or automatically reconciled within a Master Patient Index tool. Community Health Exchange MHiE will review chx patient demographic transactions daily to ensure duplicate records are properly reconciled. Patient accounts will be manually combined using the following criteria: 1. Always combine to the most recent Last Update date 2. Can combine exact name and date of birth (DOB). If common name look for other matching criteria (address, phone number) before combining. If no other matching criteria on a common name, do not combine. 3. DOB & SSN match exactly with slight variation in the name, (transposed letters, middle initial or name, misspelled name that sounds the same, married names, maiden names or nicknames.) 4. Babies with matching last name, DOB and address; SINGLE BIRTHS ONLY. Multiple births must be verified by the facility before combining. 5. Can combine when DOB is slightly off with matching name, SSN and address. 6. Never combine persons where one has a DOB of 01-01-1901. 7. If there is any doubt that records do not belong to same patient do not combine records. Auto-combines occur when the following criteria match exactly: 1. Last name 2. First name 3. DOB 4. Gender 5. SSN 7

Audit Request Process Upon written request, MHiE should provide to Exchange Member statistical summaries indicating the number of times the Exchange Member accessed MHiE, including a list of all queries to the MHiE System by patient names and date of birth. The foregoing summaries should be provided at no cost. Additional detail about an Exchange Member's own PHI may be obtained by an Exchange Member as made available by MHiE under the Policies and Procedures. Other usage and audit trail reports will be delivered as defined in the Policies and Procedures. 8

Document Revision History Revision Number: Revision Date: Revised By: Description: 001 May 2, 2012 Meredith Demeropolis Initial document published 9

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback