Identity Management in Healthcare. Smart Card Alliance Webinar September 22, 2009

Similar documents
Patient Privacy Requirements Beyond HIPAA

Notice of Privacy Practices

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

U.S. Healthcare Problem

Proposed Regulations NEW YORK STATE DEPARTMENT OF HEALTH Return to Public Health Forum

Unique Health Safety Identifier. Across The Continuum of Care

Electronic Health Records and Meaningful Use

The American Recovery and Reinvestment Act: Incentivizing Investments in Healthcare

HIPAA THE PRIVACY RULE

What Do Legislators Want to Know About IT?

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

CHI Mercy Health. Definitions

HITECH Act. Overview and Estimated Timeline

1. What are the requirements for Stage 1 of the HITECH Act for CPOE to qualify for incentive payments?

Healthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation

NOTICE OF PRIVACY PRACTICES

POTENTIAL LIABILITY: PATIENT HEALTH INFORMATION PORTALS

Compliance Program, Code of Conduct, and HIPAA

NOTICE OF PRIVACY PRACTICES

A general review of HIPAA standards and privacy practices 2016

MCCP Online Orientation

Advanced HIPAA Communications and University Relations

HITECH Act, EHR Adoption, Meaningful Use Criteria, ARRA Grants, and Adoption Alternatives. The MARYLAND HEALTH CARE COMMISSION

Telemedicine Privacy and Security: Safeguarding Protected Health Information and Minimizing Risks of Disclosure

Multiple Value Propositions of Health Information Exchange

FOUR TIPS: THE INVISIBLE IMPACT OF CREDENTIALING

Overview of Health Information Exchange (HIE) Prepared by the HIMSS Health Information Exchange Steering Committee August 2009

Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

Re-Vita -Life. Sub-dermal Bio-identical Pellets

Matching Accuracy of Patient Tokens in De-Identified Health Data Sets

HIPAA Education Program

AUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director

NOTICE OF PRIVACY PRACTICES

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

PATIENT INFORMATION. In Case of Emergency Notification

HIMSS Security Survey

Notice of Privacy Practices

PATIENT INFORMATION Please Print

OREGON HEALTH AUTHORITY, DIVISION OF MEDICAL ASSISTANCE PROGRAMS

FCSRMC 2017 HIPAA PRESENTATION

2018 Employee HIPAA Orientation (EHO) Handbook

Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL

UNIVERSITY OF CALIFORNIA, SAN FRANCISCO AUDIT SERVICES. UCSF Medical Center Hospital Charge Capture - Emergency Services Project #

EDUCATIONAL REPORT SPONSORED BY Imprivata. The Value of Precise Patient Identification

Compliance Program Updated August 2017

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE

IMPROVING MEDICATION RECONCILIATION WITH STANDARDS

Understanding the Privacy and Security Regulations

DO ASK BUT DON T TELL HIPAA PRIVACY RULE

PATIENT AND STAFF IDENTIFICATION Understanding Biometric Options

ARRA Town Hall. Webinar. Practical Tools for Seminar Learning. June 25, 2009

JOINT NOTICE OF PRIVACY PRACTICES

HIPAA PRIVACY TRAINING

NOTICE OF PRIVACY PRACTICES

Regulatory Issues Facing Student Health Centers Presented by: Richard T. Yarmel and Edward H. Townsend

PSYCHOTHERAPIST-PATIENT SERVICES AGREEMENT COLORADO

HIPAA Privacy Regulations Governing Research

Tools for Providers. Clinical Care and Practice AdvancementElectronic Health Records (EHR)

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

Form B - For those enrolled in other insurance

A self-assessment for GxP and HIPAA concerns

Comparison of the Health Provisions in HR 1 American Recovery and Reinvestment Act

Nonprofit partnership. A grass roots organization where Board of Directors have vested interest in its success.

Information Privacy and Security

HH Health System-Shoals, LLC dba Helen Keller Hospital Notice of Privacy Practices

Rationale: While HIM is not licensed, professionals are registered (credentialed)

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

19/09/2017. Telehealth Legal and Regulatory Issues in Colorado and Beyond. Nathaniel Lacktman, October 2017

A Day in the Life of a Compliance Officer

NSF OIG Audit Update NORTHEAST CONFERENCE ON COLLEGE COST ACCOUNTING

NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM

Patient Registration Form Pediatrics

The Privacy & Security of Protected Health Information

HIPAA Privacy Training for Non-Clinical Workforce

Office of the Chief Privacy Officer. Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV

American Recovery and Reinvestment Act of 2009

Success with ICD-10: Streamlining Clinical Workflow. November 8, 2013

Telemedicine Credentialing and Privileging

Identify obstacles, and understand the aspects of the revenue cycle that you should be focusing on at your organization

Stark, False Claims and Anti- Kickback Laws: Easy Ways to Stay Compliant with the Big Three in Healthcare

John W. Steele, Ph.D., Licensed Psychologist 1285 Fairfield Drive, Boulder, CO 80305

Diane Meyer, CHC (650) Agenda

ARRA HITECH Act and Nevada

Deploying A Holistic Identity Management

PEDIATRIC HEALTH ASSOCIATES HIPAA NOTICE OF PRIVACY PRACTICES

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

The HITECH EHR "Meaningful Use" Requirements for Hospitals and Eligible Professionals

Chapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)

MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES This Notice is effective September 23, 2013

Birth Registrar Certification.

Health Information Technology and Coordinating Care in Ohio

Responding to Today s Health Care Regulatory Environment

If you have any questions about this notice, please contact the SSHS Privacy Officer at:

Trends in Health Information Exchange (HIE) and Links to Medicaid Led Quality Improvement

HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology

Release of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA

Transcription:

Identity Management in Healthcare Smart Card Alliance Webinar September 22, 2009

Webinar Topics Importance of identity management in healthcare The enhanced liability that new regulations and legislation place on healthcare organizations Challenges with patient identity management and authentication within healthcare organizations and with healthcare data exchanges. Results achieved by the Mount Sinai Medical Center and Memorial Hospital smart patient health card programs

Speakers Randy Vanderhoof, Executive Director, Smart Card Alliance Richard Marks, Co-Founder & President, Patient Command, Inc. Lawrence Carbonaro, Director, Purchasing & Patient Access, The Memorial Hospital, North Conway, New Hampshire Paul Contino Vice President of Information Technology Mount Sinai Medical Center

Sponsors

Introduction: Identity Management in Healthcare Randy Vanderhoof Executive Director, Smart Card Alliance

Who We Are Smart Card Alliance mission To stimulate the understanding, adoption, use and widespread application of smart card technology through educational programs, market analysis, advocacy, and industry relations in the United States and Latin America. Over 150 members, including participants from financial, retail, government, corporate, and transit industries and technology providers to those users Major activities Conferences, symposia, web seminars Educational workshops and on-line training Web-based resources: white papers, reports, industry product and services Industry and Technology Councils Identity Council Contactless Payments Council Healthcare Council Physical Access Council Transportation Council

Identification Technologies and Applications Vary by Use Case Identity credentials come in a variety of shapes, card types and capabilities

Common Requirements for Identity Credentialing for Healthcare Secure identity credentialing process and data management Validation of source documents prior to issuance Managing data on card vs. data stored on systems Process for updating data and securing access Process for rapid revocation once card expires or is revoked Authentication of the individual and credential Common Machine Readable Technology (MRT) present MRT links to physical characteristics (biometrics) Security features to protect the physical credential and the data elements in the MRT Security and privacy must be baked in for cardholders to accept credential and use it

Randy Vanderhoof Executive Director Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 rvanderhoof@smartcardalliance.org www.smartcardalliance.org

Health Information Security under ARRA A New World of Enhanced Responsibility Richard D. Marks Co-Founder and President, Patient Command, Inc.

ARRA Security ARRA changes the rules for security of health information in the U.S. Modifies HIPAA security (more below) Imposes new security requirements for HIPAA covered entities and their business associates Imposes security requirements for Personal Health Record (PHR) systems and others not covered by HIPAA Enacts a new regime for breach notification Emphasizes enforcement at the federal and state levels, including required federal investigations and enforcement by state attorneys general and whistleblowers

ARRA Security Hierarchy of diligence and culpability Reasonable diligence and would not have known Reasonable cause and not willful neglect Willful neglect (and corrected or not corrected) Increased, tiered civil and criminal monetary penalties top is $50,000 per violation, with annual limit of $1,500,000 Civil and criminal liability for individuals (fines and prison terms) as well as for organizations Breach notification for unsecured information (in effect, requires NIST-described encryption)

ARRA Security Integrated health information security is inherent in ARRA Sections 13401, 13404 references in business associate contracts now, by law, apply mutually (both ways) to covered entities and business associates Requires reassessment of what business associate agreements mean for both CEs and BAs both as to responsibilities for, and liabilities related to, security This is not just a legal analysis it requires reassessing business processes and technology This is costly and no one wants to hear that People have yet to focus on Sections 13401 & 13404

ARRA Security What does this mean for Boards of directors? Senior (C-suite) executives? Issues for public companies Sarbanes-Oxley governance Public company disclosure and accounting Practical consequences of transitioning from an era of subdued (read non- ) enforcement to an era of enhanced enforcement Demands a different approach to security risk and response models diligence is the goal

Richard D. Marks Patient Command, Inc. McLean, Virginia richardmarks@earthlink.net www.patientcommand.com Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org

Smart Card Solution Lawrence Carbonaro Director, Purchasing & Patient Access The Memorial Hospital, North Conway, New Hampshire

The Memorial Hospital North Conway, NH Smart Health Card Initiative Property of the Smart Card Alliance 2009

Identity Management in Healthcare The Memorial s Smart Health Card patient service initiative Critical Importance of Patient Intake Motivations for Deploying the Card Results Future Intentions

Connectivity Model

Patient Identity Validation Registration: the critical system entry point why we ask what we ask: legalities and life changes Clinical Identity Establishes Care Regimen Patient Account Number Medical Record Number EMR Demographic Identity Initiates Revenue Cycle Patient, Spouse, Relations Guarantor Verification Insurance Carrier Verification Type of Claim Incident Motor Vehicle Accident Work Related Accident Medicare/Medicaid Incident

Quality Control Environment Healthcare has a 5% clerical error rate in gathering patient data Pressure to register quickly at the expense of accuracy Inadequate tools do not match the required tasks Extremely complex system yet zero tolerance for errors

Memorial Identity Ecosystem IT Hierarchy: 4 Hospital Registration Systems

IT Hierarchy With LifeMed

The Memorial Hospital Community 25 bed critical access hospital 45 bed long term care facility Women s clinic Orthopedic clinic 59,412 annual visits hospital 49,553 annual visits clinics Average daily census: 16.5

Identity Management: Real & Perceived Metrics Errant patient information: 6.8% average frequency Incorrect and missing corrected by Billing Dupes and overlays corrected by Medical Records Press Ganey Report Card Helpfulness: Average 91.1 Memorial 89.1 12% rate Memorial fair to poor Ease: Average 91.1 Memorial 81.3 17% rate Memorial fair to poor Wait Time: Average 87.5 Memorial 81.1 22% rate Memorial fair to poor Privacy: Average 85.1 Memorial 92.1 6% rate Memorial fair to poor

Value Proposition & ROI Motivation for Smart Card Initiative Patient satisfaction: redundant process system wide Administrative: overlaid records at facilities missing corrected by Billing Economic: labor and cash flow fix-its Results Press Caney results after 1 st full quarter Ease of Registration Improved by 10 percentage points Wait time in Registration Improved by 10 percentage points Errors: reduced from 6.8% to less than 1% Duplicate medical records: reduced to less than 1% Patient waiting & desk time: reduced from 18 minutes to less than 3 minutes Branded Smart Card extended reach to Patient Community: 95% coverage Patient access staff reduced from 21 FTEs to 16 FTEs Payback period of 18 months accelerated to 8 months

Future Intentions Incorporate Continuity of Care Information on Card Data Set Link Physician Practices Link Emergency Services Providers Extend Information Exchange with Payers for Improved Eligibility and Insurance Verification

Future Clinic Data Flow

LifeMed Architecture Implementation

Lawrence Carbonaro Director, Purchasing & Patient Access Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org

Identity Management in Healthcare Personal Health Cards: A Model for Identity Management and Security Controls for Healthcare Information Networks Paul Brian Contino Vice President of Information Technology Mount Sinai Medical Center

Identity Management in Healthcare Personal Health Cards: A Model for Identity Management and Security Controls for Healthcare Information Networks Importance of Patient Identity Personal Health Cards Benefits and Business Case Regional and National Agenda

Mount Sinai Medical Center, NYC Founded in 1852 1,171-bed tertiary-care teaching hospital Mount Sinai Hospital of Queens (235 bed) Medical School and Graduate School 1,000,000 patient visits per year 100,000 emergency room visits Database of over 3.7 million patients

Importance of Patient Identity Is the patient in front of us who they say? Patient Safety - appropriate medical care Avoid potential medical errors Link patient to existing medical records Continuity of Care Provide clinical data to healthcare providers Medical billing and claims processing Medical Identity Theft Fraud and Abuse

Personal Health Card Identity Management Photograph Patient Name Medical Record Number Demographics (chip) Registration Efficiency Positive ID Barcoded MRN Linkage to Patient Records Emergency Medical Access Health Information Exchange

Personal Health Card what s on the chip? Patient Identification & Demographics Name: Smith, John Sex: Male DOB: 11-18-1942 Address: 23 East 92 nd Street New York, NY 10029 Home Tel: (212) 245-3455 Work Tel: (212) 826-1212 Ext 2332 Insurance: Oxford [Policy No. 2134323] Emergency Contacts: Ellen Smith, Wife (212)-226-1232 Current Medications & Allergies Compressed EKG Image Medications: Coreg (12.5mg) 2xDaily Accupril (40mg) 1xDaily Glucovance (500/5) 2xDaily Humulin 70/30 25-30 units as needed Allergies: Type: Penicillin Drug Peanut (severe) Food Latex Environ Recent Laboratory Results Glucose 190 (70 110) mg/dl 4-2-2006 Glucose 150 (70 110) mg/dl 4-16-2006 Glucose 130 (70 110) mg/dl 4-20-2006 PSA 5 (0 4) ng/ml 1-23-2005 Medical Summary & Problem List Recent Healthcare Encounters Pointers to Remote / Off-Card Data

Local Benefits and Business Case Administrative Positive identification of patients Reduce registration time for patients Improved data accuracy (registration billing) Reduce medical records maintenance costs (duplicate/ overlaid) Regulatory Compliance JCAHO, HIPAA, HITECH Clinical Accelerate information availability during emergency care Continuity of Care between healthcare providers Patient Safety- Reduce medical errors & adverse events

Value Proposition & Cost Savings Medical Records Management On average, 5 15% of a hospital s medical records are duplicated or overlaid. In the last 6 years, Mount Sinai has done two large scale medical record cleanups Last one costing the institution $1.8 million dollars and involved over 250,000 duplicate records. Smart cards are as a way to significantly stem these duplicates

Value Proposition & Cost Savings Claims Denials and Revenue Capture Studies estimate that 50% to 90% of claim denials could be prevented by securing accurate patient information at the front desk. Mount Sinai estimates that about $1 million dollars a week is lost or delayed due to claims denials. A recent audit revealed that upwards of 70% of these denials involved missing or inaccurate data that is typically collected as part of the registration process Smart cards improve data integrity

Value Proposition & Cost Savings Patient Satisfaction Reduce registration wait times Reduce administrative paperwork (Clipboardectomy) Positive healthcare experience Smart Cards empower & engage patients in their healthcare

Healthcare at a National Level American Recovery and Reinvestment Act of 2009 (ARRA) $728 Billion Stimulus Package Health Information Technology for Economic and Clinical Health Act (HITECH) $19.4 Billion for EHR Adoption

Healthcare: Where Are We Going? Na#onal Health Infrastructure Network Regional Health Informa#on Organiza#on Health Informa#on Exchange Electronic Health Record Personal Health Record Electronic Medical Record

Healthcare: Where Are We Going? Na#onal Health Infrastructure Network Regional Health Informa#on Organiza#on Health Informa#on Exchange Electronic Health Record Personal Health Record Electronic Medical Record Identity Management

Healthcare: Where Are We Going? NHIN RHIO HIE EHR EMR PHR

Healthcare: Where Are We Going? NHIN RHIO HIE EHR EMR PHR Identity Management

Islands of Information $2.5 Trillion Dollars 2009 U.S Healthcare Expenditure EMR 2 EMR 4 EMR 3 EMR 1

Health Information Exchange RHIO / HIE Data Exchange Hospital A RHIO RLS Hospitals Patient X Smart Card Clinical Systems Edge Server Record Locator Service (RLS) Statistical (Probabilistic) Matching

Health Information Exchange RHIO / HIE Data Exchange Hospital A RHIO RLS Hospitals Patient X Smart Card Clinical Systems Edge Server Record Locator Service (RLS) Statistical (Probabilistic) Matching Smart Card Data Exchange Patient X Smart Card Hospital B Positive Identification Deterministic match Patient Consent MRN 1234567 2223434 5556666 Patient X Provider ID MSH0000001 ELM0000002 NGH0000003 View Information on Smart Card Federated Patient Identity

Conclusion As Electronic Medical Records become more prevalent there will be the conflicting needs to both protect and share this information. In order to have Electronic Health Records, you need identity management. Smart Card Technology provides a compelling solution to the challenges of identity management in healthcare. Smart Cards address the enhanced security and privacy demands of HITECH.

Paul Brian Contino Vice President of Information Technology Mount Sinai Medical Center Mount Sinai School of Medicine (212) 659-1429 paul.contino@mountsinai.org Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org

Conclusions Randy Vanderhoof Executive Director, Smart Card Alliance

Conclusions Secure, portable, ID card technology is the cornerstone of effective identity management Regulatory compliance measures demand the attention of all healthcare stakeholders Sound business models exist for using smart card technology to address the challenges of identity management in healthcare. Smart Cards protect patient data, and enable the sharing of data across multiple electronic health information boundaries responsibly

Questions and Answers

Randy Vanderhoof, rvanderhoof@smartcardalliance.org Richard Marks, richardmarks@earthlink.net Lawrence Carbonaro, lcarbonaro@tmhf.org Paul Contino, paul.contino@mountsinai.org Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 rvanderhoof@smartcardalliance.org www.smartcardalliance.org

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback