Security and Privacy Practices for Electronic Health Records. Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT

Similar documents
Chapter 9 Legal Aspects of Health Information Management

Quality Improvement Project Abstract Web Submission / Update

Quality Standards and Practice Principles for Senior Care Pharmacists

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

UNIVERSITY OF ROCHESTER MEDICAL CENTER BILLING COMPLIANCE PLAN

2514 Stenson Dr Cedar Park TX Fax

Mandatory Public Reporting of Hospital Acquired Infections

2012 Medicare Compliance Plan

Using An APCD to Inform Healthcare Policy, Strategy, and Consumer Choice. Maine s Experience

At EmblemHealth, we believe in helping people stay healthy, get well and live better.

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

COURSE TITLE: Adult Medicine: Phar 9981

Job Description. Details Specific to the Post

Compliance & Privacy Post Test

Quality Improvement and Patient Safety (QPS) Ratchada Prakongsai Senior Manager

Hospital Readmissions

MorCare Infection Prevention prevent hospital-acquired infections proactively

Health Choice Compliance Program Subcontractor Reporting Guide

Making the Business Case

AUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director

VHA Privacy Policy Training FY VHA Privacy Office

HIPAA Training

Headline News: Anatomy of a VIP Records Breach

EP LAB BENCHMARKING WHITEPAPER

Keeping Your Compliance Program in Pace with Rapidly Expanding TeleHealth Services

Establishing and Implementing a Process to Investigate and Resolve Privacy Breaches and Complaints

COMPLIANCE MONITORING CHECKLIST

A Step-by-Step Guide to Tackling your Challenges

HITECH Act. Overview and Estimated Timeline

Intermountain Report to the Community. Marc Harrison, MD President & CEO. April 4, 2017

Clinical Compliance Program

Information Privacy and Security

2014 QAPI Plan for [Facility Name]

Improving Care and Managing Costs: Team-Based Care for the Chronically Ill

A Battelle White Paper. How Do You Turn Hospital Quality Data into Insight?

Section 13. Complaints, Grievance and Appeals Process

Peek-A-Boo: EHR Access and Compliance

Reforming Health Care with Savings to Pay for Better Health

Auditing and Monitoring Focusing Your Resources

Presented to Midwestern Legislative Conference The Council of State Governments Milwaukee, Wisconsin July 17, 2016

Introduction. Singapore. Singapore and its Quality and Patient Safety Position 11/9/2012. National Healthcare Group, SIN

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

Are Providers Using RWE in Rapid Fire Learning Healthcare Decisions

What is Social Networking?

What is Social Networking?

Enhanced Clinical Workflow Adherence Through Real-Time Alerts and Escalations for P4P

Aetna Better Health of Illinois

Compliance Program And Code of Conduct. United Regional Health Care System

TODAY S WEBINAR Ebola and the Law: What Hospitals Can Do Now to Prepare

Self-Assessment Questionnaire: Establishing a Health Information Technology Safety Program

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

GUIDELINES FOR CRITERIA AND CERTIFICATION RULES ANNEX - JAWDA Data Certification for Healthcare Providers - Methodology 2017.

A self-assessment for GxP and HIPAA concerns

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

Health Information Privacy Policies and Procedures

How to Overhaul your Internal Structure to be Prepared for the New Home Health CoPs. Program Objectives

317: Electronic Health Records Incentive Program.

UNIVERSITY OF PENNSYLVANIA HEALTH SYSTEM

MARTS & LUNDY SPECIAL REPORT. Essential Elements of a Grateful Patient Fundraising Program

TELECOMMUNICATION SERVICES CSHCN SERVICES PROGRAM PROVIDER MANUAL

COLLABORATING FOR VALUE. A Winning Strategy for Health Plans and Providers in a Shared Risk Environment

Privacy and Security Compliance: The. Date Presenter Name of Member Organization

Compliance Program Updated August 2017

Title: HIPAA PRIVACY ADMINISTRATIVE

Texas Medicaid. Provider Procedures Manual. Provider Handbooks. Telecommunication Services Handbook

Jumpstarting population health management

5D QAPI from an Operational Approach. Christine M. Osterberg RN BSN Senior Nursing Consultant Pathway Health Pathway Health 2013

Dual-eligible SNPs should complete and submit Attachment A and, if serving beneficiaries with end-stage renal disease (ESRD), Attachment D.

Quality Measures and Federal Policy: Increasingly Important and A Work in Progress. American Health Quality Association Policy Forum Washington, D.C.

HIPAA Education Program

HIPAA Health Insurance Portability and Accountability Act of 1996

Total Cost of Care in Action

Developing a Syllabus

Last Chance to Review Your Security Risk Analysis

Health Plan Tools Telemedicine, Expert Second Opinion, Urgent Care & Wellness Centers

Ageing, Chronic Disease and Long- Term Care

The Role of the Agency for Healthcare Research and Quality (AHRQ) in the US Drug Safety System

Pennsylvania Patient and Provider Network (P3N)

Advanced HIPAA Communications and University Relations

Quality Circles. Nursing as a Revenue Center NDNQI

Banner Health Friday, February 20, 2015

Summit ElderCare. Each participant will receive his or her primary medical care from a PACE medical provider.

Preparing for the upcoming 2016 HIPAA audits: Lessons and examples from past breaches and fines

Re: Rewarding Provider Performance: Aligning Incentives in Medicare

Practice Manual 2009 A S TAT E W I D E P R I M A R Y C A R E P A R T N E R S H I P S I N I T I AT I V E. Service coordination publications

2 nd Annual PPS Quality and Patient Safety Conference

3/27/2017. Historical Perspective. Innovative Model of Healthcare Delivery Using Telemedicine

MIPS; Improving Your Score with ecqi. Patty Kosednar, PMP, CPEHR, CPHIMS HIT Project Manager

Medicare Shared Savings ACOs: One Organization s Lessons Learned. Gregory A. Spencer MD FACP Chief Medical Officer Crystal Run Healthcare LLP

Getting Started with OIG Compliance

Accountable Care A path toward accountability for health and health care

The 5 W s of the CMS Core Quality Process and Outcome Measures

The New World of Value Driven Cardiac Care

Colorado Choice Health Plans

Minnesota Perspective: Fairview Health Services. National Accountable Care Organization Congress October 25, 2010

Emerging Issues in Post Acute Care Trends

OREGON HIPAA NOTICE FORM

Mike Barber. Association i of American Medical Colleges. November 2011

Ambulatory Care Advanced Pharmacy Practice Experience Course Title: PHAR 9981

Compliance Policy C-FMS Clinical Research Project Approval Application

Transcription:

Security and Privacy Practices for Electronic Health Records Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT

Intermountain Healthcare Formed 1975 Not-for-profit Integrated system 20 Hospitals > 100 clinics 6M patient encounters/yr (2007) $3.6B revenue (2007) Clinical Programs

Information Systems Internally-developed systems Enterprise-wide, longitudinal record Nationally recognized leader Clinical decision-support Chronic disease management Hospital-acquired infection detection Adverse drug event detection Resistant strain infection monitoring

Outcomes at Intermountain Dartmouth Atlas of Healthcare The Mayo Clinic and Intermountain Healthcare have reputations for excellence and are noted for their leading research efforts in rationalizing the clinical pathways for managing chronic illness. Because they provide higher quality care at lower cost, the utilization rates in Salt Lake City, Rochester, Minnesota, and Portland, Oregon are useful benchmarks for estimating the potential savings from a successful national effort to improve efficiency in managing chronic illness The Salt Lake City benchmark results in the greatest estimated reduction in acute care hospital spending. If, over the four years of our study, hospital utilization rates had been at the level of Salt Lake City, Medicare spending for inpatient care would have been reduced by 32.4%, with physician visit savings of 34%.

Outcomes at Intermountain Dennis A. Cortese, MD President and CEO, Mayo Clinic If I were ever diagnosed with diabetes, I would want to be treated by Intermountain Healthcare in Salt Lake City. They have the best outcomes in the country and the lowest costs. KARE-NBC, Channel 11 (Minneapolis) Utah Gets it Right, February 8, 2008

Outcomes at Intermountain

Intermountain Information Systems Intermountain Healthcare is able to deliver Consistent, high quality medical care At the lowest possible cost in part because of enterprise-wide information systems that permit users to Share data across time and space between providers Analyze data across populations to eliminate inappropriate variation

Technical Safeguards Harmonization of HIPAA, SOX, PCI, GLB Physical network security Encryption Mobile devices Backup media User security Single master directory Provisioned according to role using templates Log user activity

Proactive Auditing and Monitoring Scan 16+ million access events per month Triggers for further investigation employees looking at records of family members Employees looking at records of co-workers Review ALL access to records of high profile patients (VIPs, individuals in the news, etc) 2008 47 patients audited, 0 inappropriate accesses 2007 50 patients audited, 4 inappropriate accesses Demonstrated reduction in inappropriate access violations over last 5 years through consistently auditing access and disciplining employees

Policy and Education

Policy and Education Policies and procedures on intranet Ongoing employee education New employee orientation Annual mandatory compliance training Job-specific privacy training Employee newsletter articles Annual risk assessment of privacy and security concerns

Holding Employees Accountable Matrix of recommended sanctions Unintentional, intentional or malicious Access or Disclosure Number of records involved First offense or repeat offense Employees have been terminated for privacy/security violations (incl. MDs) Ensures consistent application of sanctions for similar actions

Summary We use information systems in order to achieve consistent, high quality outcomes at lower cost for every patient We protect patient privacy through Best practices in technical security Establishing a culture of individual accountability

HIT Legislation Intermountain supports legislation that encourages adoption of HIT Intermountain is concerned about unrealistic expectations about HIT capacity We currently do not have the capacity to fully comply with the proposed accounting for disclosures requirement contained in the Ways & Means and Energy & Commerce HIT bills

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback