The Patient Portal Ecosystem: Engaging Patients while Protecting Privacy and Security

Save this PDF as:
Size: px
Start display at page:

Download "The Patient Portal Ecosystem: Engaging Patients while Protecting Privacy and Security"

Transcription

1 The Patient Portal Ecosystem: Engaging Patients while Protecting Privacy and Security NCHICA 11th Academic Medical Center Security & Privacy Conference, June 22-24, 2015 Panel Leader: Panelists: Amy Leopard, JD (Bradley Arant Boult Cummings) Patricia Corn (Wake Forest Baptist Health) Becky Tate (MEDHOST) 1

2 Agenda Overview of uses of Portals and PHRs Review state and federal laws and regulations Consider practical issues providers must manage sharing among patients Allowing API for view, download, transmit Patient managed access Managing patient directed disclosures (third parties) Patients managing information from multiple vendors Authorization process Patients managing proxy access for others Amendment of PHI 2

3 Overview of Portals and PHRs 3

4 Consumer Driven Healthcare Movement Physicians Payer Consumer Hospitals HSA Rx 4

5 Patient empowerment and Consumerism Overblown Trend Real, we're gearing up issues we need to pay attn to 2009 HDM Poll of 137 5

6 Goals of a PHR Patient Perspective Easily manage access Organize health information from disparate providers in a single location Tools that support wellness and self-management Manage data sharing with health care providers Desire ease of use Automation - Manual entry of information is errorprone and time consuming 6

7 Goals of a PHR - Provider Perspective Tools to better manage health Analytics to monitor treatment Continuity of care and accessibility of data for paper-based system Tools promoting patient engagement 7

8 Uses for PHRs: Store health information Health risk assessment profile Targeted educational modules Clinical decision support for patient self-management of health risks Provider interaction for appointment and Rx refills Patient monitoring from medical device interface 8

9 PHR Data Set PHR DATA SET Name, demographics Family History Immunizations Recent encounters Hospitalizations, surgeries, procedures Medication List Lab, Pharmacy, Ancillary Health risk assessment Medical Power of Attorney Claims data and benefit coverage Medical and wellness device results Progress Notes 9

10 Different PHR Models Provider Patient Portal Most common form of personal health record Health Plan Consumer Portal United, Shared Health, AHIP and BCBSA Health Information Trust Custodian ehealth Trust Model Employer consortium for data repository on member employees Dossia Private label PHR for employers and health plans WebMD license 10

11 Patient Risks Risks of View Public computer, logoff Risks of Download Authentication, notice that patient has responsibility to protect Risks of transmitting health information Identity proofing and authentication of patients, personal representatives, other family, friends HIT Policy Committee Privacy and Security Workgroup 11

12 Regulatory Environment and PHRs 12

13 Which Federal Agency Should Enforce Privacy /Security Laws Against Vendors?... 13

14 HITECH and ARRA Drivers Meaningful Use HITECH e-copy Rights View online, download, transmit PHI Any provider or health plan digital format Forward to labor cost HIE Significantly expand access and PHI transmission to PHR Vendors Application Developers Competitors

15 Covered Entity under HIPAA? Providers filing claims electronically. Hospitals, physician groups, nursing homes, labs, pharmacies, doctors, nurses, dentists, psychotherapists Plans or Payors. MMO, Cigna, United Health Care, Anthem, Aetna Employer > 50 with self funding Clearinghouses standardizing PHI for others such as most billing services like WebMD Envoy. Business Associates Who create or receive PHI in order to perform function on behalf of Covered Entity now subject to certain HIPAA Privacy and Security provision under HITECH 15

16 HIPAA Business Associates Definition HITECH definition of BA includes: Vendors contracting with CE to allow CE to offer patients PHR as part of its ehr Organizations transmitting PHI data to a CE or its BA and requiring access to the PHI on routine basis HIE Organization, RHIO, Eprescribing Gateway PHR Vendors are not regulated directly by HIPAA unless BA above: But could be regulated by HITECH... 16

17 Data Flow is a Critical Regulatory Issue PHR = electronic record of individual health information drawn from multiple sources and managed, shared, and controlled by or for individual Tethered? PHR Business Associate: Vendors contracting with CE to allow CE to offer patients a portal or a PHR as part of its EHR PHR Vendor Entity, other than a CE, that offers or maintains a PHR directly with individual Source: {text} 17

18 Personal Health Data Check Data Flow and Covered Entity Status!! Data from Individuals to Covered entities = PHI Permissible uses and disclosures or HIPAA authorization Marketing Rules Sale of PHI PHI may also be regulated by FTC

19 Consumer Directly Supplies Health Information to Non-Covered Entities HIPAA does not apply to PHRs offered by employers or by PHR vendors directly to consumers FTC regulates PHR Vendors as well as compliance with privacy policies of entity offering PHR (See ONC Model PHR Notice)

20 Medicare and Medicaid EHR Meaningful Use To be eligible for Medicare/Medicaid incentives, providers must demonstrate Certified EHR provides for electronic exchange of health information to improve quality of care EHR Measures and Objectives for Meaningful Use enable patients to view, download and transmit their health information ONC being urged to consider connection to PHR NCVHS health plan testimony: QI, disease mgt, and care coordination support portability of data in PHRs to aid transition to meaningful use of EHRs.. 20

21 Meaningful Use Stage 3 NPRM Allowing API for view, download, transmit HIT Policy Committee Privacy and Security Workgroup studying Privacy and Security Issues Related to Increasing Patient Access to Data through either VDT Technologies or open APIs Increasing number of APIs connecting EHR 21

22 HITECH digital rights... Right to Access PHI in Electronic Format patients may request copy of ehr in electronic format maintained by CE instruct CE to forward EHR to any designated person at entity s labor cost only. Significantly expand patient access to electronic formats and increase PHI transmission to others PHR vendors, health record data banks and HIE/RHIOs. Who owns data? More importantly who has right to access and control data? 22

23 FTC Regulation and Exercise of Enforcement Authority Under FTC Act 5 Section 5 of the FTC Act: Unfair and Deceptive Acts or Practices Deceptive: Not implementing stated privacy policies Misrepresenting the extent to which privacy and security of information collected I used, maintained, and protected Unfair: Alleged failure to implement reasonable and appropriate security measures (or to ensure service providers did so) BUT HIPAA MAY NOT BE THE STANDARD!!!!

24 FTC PHR Breach Notice Rule -- for Non-HIPAA CEs and BAs PHR Vendors (200) entity, other than HIPAA-CE or BA of HIPAA-CE that offers or maintains a PHR PHR Related Entities (500) Non-covered entities or BAs that: offer products or services via website of PHR vendor CEs offering PHRs access PHR information or send info o PHR 3rd Party Service Providers to PHR Entities (200) Provides services to above PHR Entities and as a result, Access, maintain, retain, modify, record, store, destroy or otherwise hold, use or disclose unsecured PHR IHI 24

25 Other Legal Considerations Contractual Obligations Contracts Ownership general governed by contract, but legal ownership may be secondary to concerns over uses and disclosures of copies of the data Documentation Consent Enrollment and verification Patient EULA s Terms and Conditions Privacy and Security Ownership of data Uses and disclosures Warnings re: urgent and emergent care Disclaimers and Limits of Liabilities

26 Other Legal Considerations State Laws State Law Issues Personal Data Sensitive information Consumer Protection Laws Consent issues Proxies Minors Malpractice Constitutional Right to Privacy

27 Other Legal Considerations: Secondary Uses Threshold issue: Provide transparency to consumers via disclosure of secondary uses and safeguards De-identified data Authorization from Individual Limited Data Sets for Research, public health or QI Population-based activities to improve health or reduce healthcare costs 27

28 Risks with De-identified Data 28

29 PHRs Practical Considerations 29

30 Practical Considerations Educating patients about their role in protecting their health information Patient managed access Patient education (staff support) Patient identity validation Shared s Proxy access management Release of information Sensitive info Minors and state consent laws 30

31 Practical Considerations Documentation Are existing notices and forms sufficient? (NOPP, Authorization Form, Terms of Use of Patient Portal/PHR) Managing sensitive information Using and managing consumer driven data 31

32 Practical Considerations Addressing amendment requests Encouraging patient use in order to decrease printing of PHI 32

33 QUESTIONS? Amy Leopard Patricia Corn Becky Tate 33

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? The AMC Privacy & Security Conference Series Securely Connecting Communities for Improved Health

More information

Business Associate Considerations for the HIE Under the Omnibus Final Rule

Business Associate Considerations for the HIE Under the Omnibus Final Rule Business Associate Considerations for the HIE Under the Omnibus Final Rule Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. WEDI Privacy & Security Work Group Co-Chair Agenda Who is

More information

Planning for the Stimulus - Achieving Meaningful Use of Healthcare IT

Planning for the Stimulus - Achieving Meaningful Use of Healthcare IT Planning for the Stimulus - Achieving Meaningful Use of Healthcare IT John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center My Definition of Meaningful Use Processes and

More information

December 2014. Federal Employees Health Benefits (FEHB) Program Report on Health Information Technology (HIT) and Transparency

December 2014. Federal Employees Health Benefits (FEHB) Program Report on Health Information Technology (HIT) and Transparency December 2014 Federal Employees Health Benefits (FEHB) Program Report on Health Information Technology (HIT) and Transparency I. Background Federal Employees Health Benefits (FEHB) Program Report on Health

More information

Business Associates: HITECH Changes You Need to Know

Business Associates: HITECH Changes You Need to Know Business Associates: HITECH Changes You Need to Know Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 Who Is a Business Associate? A

More information

Covered Entities and Business Associates: An Evolving Relationship

Covered Entities and Business Associates: An Evolving Relationship Covered Entities and Business Associates: An Evolving Relationship Rebecca L. Williams, RN, JD Partner, Chair of HEALTH/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 No health care provider

More information

Preparing for Online Communication with Your Patients

Preparing for Online Communication with Your Patients Preparing for Online Communication with Your Patients A Guide for Providers This easy-to-use, time-saving guide is designed to help medical practices and community clinics prepare for communicating with

More information

Federal Employees Health Benefits Program Report on Health Information Technology (HIT) and Transparency. September 2007

Federal Employees Health Benefits Program Report on Health Information Technology (HIT) and Transparency. September 2007 Federal Employees Health Benefits Program Report on Health Information Technology (HIT) and Transparency Executive Summary September 2007 This report is based on information collected from health participating

More information

Joe Dylewski President, ATMP Solutions

Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare

More information

New HIPAA Rules and EHRs: ARRA & Breach Notification

New HIPAA Rules and EHRs: ARRA & Breach Notification New HIPAA Rules and EHRs: ARRA & Breach Notification Jim Sheldon-Dean Director of Compliance Services Lewis Creek Systems, LLC www.lewiscreeksystems.com and Raj Goel Chief Technology Officer Brainlink

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

Key HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences

Key HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences Key HIPAA HITECH Changes Gina Kastel, Partner, Health and Life Sciences Agenda Business Associates Restrictions on Disclosures Access to PHI Notice of Privacy Practices Fundraising 2 Business Associates

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

Meaningful Use Crosswalk to the Security Rule

Meaningful Use Crosswalk to the Security Rule Meaningful Use Crosswalk to the Security Rule Safeguarding Health Information: Building Assurance through HIPAA Security June 7, 2012 Adam H. Greene, J.D., M.P.H. Partner, Davis Wright Tremaine EHR Certification

More information

NATIONAL HEALTH POLICY FORUM. January 2010

NATIONAL HEALTH POLICY FORUM. January 2010 NATIONAL HEALTH POLICY FORUM January 2010 TAKE 1: OVERY ACT FUNDING FLOWS Funding Source Program Distribution Agency Funding Use Fund Recipients / Beneficiaries Entitlement Funds Appropriated Funds Medicare

More information

LOOKING FORWARD TO STAGE 2 MEANINGFUL USE. 2012 Louisiana HIPAA & EHR Conference Presenter: Kathleen Keeley

LOOKING FORWARD TO STAGE 2 MEANINGFUL USE. 2012 Louisiana HIPAA & EHR Conference Presenter: Kathleen Keeley LOOKING FORWARD TO STAGE 2 MEANINGFUL USE 2012 Louisiana HIPAA & EHR Conference Presenter: Kathleen Keeley Topics of Discussion Stage 2 Eligibility Stage 2 Meaningful Use Clinical Quality Measures Payment

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Adopting an EHR & Meaningful Use

Adopting an EHR & Meaningful Use Adopting an EHR & Meaningful Use Learn how to qualify for the EHR Incentive Program The materials in this presentation, or prepared as part of this presentation, are provided for informational purposes

More information

Issue House Bill (H.R.1) Senate Amendments to H.R.1 American Recovery and Reinvestment Act of 2009

Issue House Bill (H.R.1) Senate Amendments to H.R.1 American Recovery and Reinvestment Act of 2009 An Overview of Major Health Information Technology, Public Health, Medicaid, and COBRA Provisions of the American Recovery and Reinvestment Act of Health Information Technology, Health Care Quality, and

More information

1. Introduction - Nevada E-Health Survey

1. Introduction - Nevada E-Health Survey 1. Introduction - Nevada E-Health Survey Welcome to the Nevada E-Health Survey for health care professional providers and hospitals. The Office of Health Information Technology (OHIT) for the State of

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

Isaac Willett April 5, 2011

Isaac Willett April 5, 2011 Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act

More information

CMS-0033-P; Medicare & Medicaid Programs; Electronic Health Record Incentive Program Proposed Rule

CMS-0033-P; Medicare & Medicaid Programs; Electronic Health Record Incentive Program Proposed Rule Centers for Medicare & Medicaid Services Department of Health and Human Services Room 445-G, Hubert H. Humphrey Building 200 Independence Avenue, SW Washington, DC 20201 Re: CMS-0033-P; Medicare & Medicaid

More information

Health Information Technology in Healthcare: Frequently Asked Questions (FAQ) 1

Health Information Technology in Healthcare: Frequently Asked Questions (FAQ) 1 Health Information Technology in Healthcare: Frequently Asked Questions (FAQ) 1 1. What is an Electronic Health Record (EHR), an Electronic Medical Record (EMR), a Personal Health Record (PHR) and e-prescribing?

More information

The basics of Health Information Technology

The basics of Health Information Technology The basics of Health Information Technology 2012 1 What is Health Information Technology? Health IT, or e-health, is increasingly viewed as the most promising tool for improving the overall quality, safety

More information

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,

More information

Patient-Generated Health Data and its Impact on Health Information Management

Patient-Generated Health Data and its Impact on Health Information Management WHITE PAPER Patient-Generated Health Data and its Impact on Health Information Management HealthPort. 2015 All Rights Reserved. VN031015 FN3500 www.healthport.com 800.737.2585 Patient engagement is a growing

More information

HIPAA: AN OVERVIEW September 2013

HIPAA: AN OVERVIEW September 2013 HIPAA: AN OVERVIEW September 2013 Introduction The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was enacted on August 21, 1996. The overall goal was to simplify and streamline

More information

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA

More information

Meaningful Use Stage 2 & HIPAA: The Relationship between HIPAA and Meaningful Use Privacy & Security Regulations View the Replay on YouTube

Meaningful Use Stage 2 & HIPAA: The Relationship between HIPAA and Meaningful Use Privacy & Security Regulations View the Replay on YouTube 2012 FairWarning, Inc. Meaningful Use Stage 2 & HIPAA: The Relationship between HIPAA and Meaningful Use Privacy & Security Regulations View the Replay on YouTube April 12, 2012 2012 FairWarning, Inc.

More information

Turning Patient Portals into Major EHR Assets Edward Fotsch, M.D. Douglas Gentile, M.D.

Turning Patient Portals into Major EHR Assets Edward Fotsch, M.D. Douglas Gentile, M.D. Turning Patient Portals into Major EHR Assets Edward Fotsch, M.D. Douglas Gentile, M.D. DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily

More information

Entities Covered by the HIPAA Privacy Rule

Entities Covered by the HIPAA Privacy Rule Entities Covered by the HIPAA Privacy Rule Who Is A Covered Entity? HIPAA standards apply only to: Health care providers who transmit any health information electronically in connection with certain transactions

More information

Southern Nevada Medical Industry Coalition

Southern Nevada Medical Industry Coalition Southern Nevada Medical Industry Coalition EHR Workshop Definitions, Certifications, Mandates Presented by Bill Carns, CMPE, CHBME Who is Bill? President of PracticeMax Founder of ASPenLink Board Member

More information

HIPAA/HITECH and Texas Privacy Laws Comparison Tool Updated 2013

HIPAA/HITECH and Texas Privacy Laws Comparison Tool Updated 2013 HIPAA/HITECH and Texas Privacy Laws Comparison Tool Updated 2013 Federal and Texas Privacy & Security Requirements Minimizing Your Risk of Violations DISCLAIMER The information contained in this document

More information

Privacy and Security: Meaningful Use in Healthcare Organizations

Privacy and Security: Meaningful Use in Healthcare Organizations Privacy and Security: Meaningful Use in Healthcare Organizations Phyllis A. Patrick, MBA, FACHE, CHC July 20, 2011 Webinar Essentials 1. Session is currently being recorded, and will be available on our

More information

Security & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP

Security & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP Security & Privacy Strategies for Expanded Communities Deven McGraw Partner Manatt, Phelps & Phillips LLP 1 Key Challenges in Community Data Sharing Patient-mediated data sharing Sharing data with companies

More information

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com Answering to HIPAA Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM Brought to you by www.duxware.com The Event On February 20, 2014 at 8:00 PM an Internal Medicine specialist received a

More information

Health Information Technology: A Key Component of Health Reform

Health Information Technology: A Key Component of Health Reform Health Information Technology: A Key Component of Health Reform When Hurricanes Katrina and Rita ravaged the Gulf Coast in August 2005, most patients evacuated without any record of the treatments they

More information

HealthTECH Workforce Forum Presents: Electronic Health Records Adoption: Driving to 2015 and Beyond

HealthTECH Workforce Forum Presents: Electronic Health Records Adoption: Driving to 2015 and Beyond HealthTECH Workforce Forum Presents: Electronic Health Records Adoption: Driving to 2015 and Beyond May 19 th, 2011 EHR Implementation Panel Moderator: Paula J. Magnanti, MT(ASCP) Founder & Managing Principal

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Role of Health Plans It s Time to Get out of the Sandbox Health Record Enablement

Role of Health Plans It s Time to Get out of the Sandbox Health Record Enablement National Conference of State Legislatures Health IT Champions New Orleans February 2007 Role of Health Plans It s Time to Get out of the Sandbox Health Record Enablement Blue Cross and Blue Shield of Louisiana

More information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult

More information

Privacy and Security Challenges of Meaningful Use

Privacy and Security Challenges of Meaningful Use Privacy and Security Challenges of Meaningful Use Rich Cohan, MBA, FACHE, CHC, CCEP Adam H. Greene, JD, MPH DISCLAIMER: The views and opinions expressed in this presentation are those of the author and

More information

Understanding EHRs: Common Features and Strategic Approaches for Medicaid/SCHIP

Understanding EHRs: Common Features and Strategic Approaches for Medicaid/SCHIP Understanding EHRs: Common Features and Strategic Approaches for Medicaid/SCHIP Presented by: Karen M. Bell MD, MMS, Director, HIT Adoption W. David Patterson PhD, Deputy Chief, Health and Demographics

More information

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals HIPAA for HIT and EHRs Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals Donald Bechtel, CHP Siemens Health Services Patient Privacy Officer Fair Information Practices

More information

Business Associate and Other Agreements

Business Associate and Other Agreements Section 4.3 Implement Business Associate and Other Agreements This tool identifies the types of agreements that may be necessary for a community-based care coordination (CCC) program to have in place in

More information

HIPAA Compliance Issues and Mobile App Design

HIPAA Compliance Issues and Mobile App Design HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies

More information

Impact of the Healthcare IT Stimulus Package. Session 2 of 4. Presented by. Mark R. Anderson, FHIMSS, CPHIMS CEO, AC Group, Inc.

Impact of the Healthcare IT Stimulus Package. Session 2 of 4. Presented by. Mark R. Anderson, FHIMSS, CPHIMS CEO, AC Group, Inc. Welcomes you to Part II of a four part Webinar series on the healthcare IT marketplace, the reasons why EMR/EHR products have failed, how the Healthcare Stimulus package will effect you, and what you need

More information

Consumer Engagement with Health Information Technology Summary of NeHC Survey Results

Consumer Engagement with Health Information Technology Summary of NeHC Survey Results Consumer Engagement with Health Information Technology Summary of NeHC Survey Results Background In June 2012, National ehealth Collaborative (NeHC) distributed a survey on consumer engagement with health

More information

Data Sharing Issues in Accountable Care Organizations

Data Sharing Issues in Accountable Care Organizations Data Sharing Issues in Accountable Care Organizations Joel Garmon Chief Information Security Officer Wake Forest Baptist Health Brian Vick, JD Associate Counsel Blue Cross Blue Shield of North Carolina

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

MAKING HEALTH INFORMATION ACCESSIBLE & SECURE. w w w. i m e d i c o r. c o m

MAKING HEALTH INFORMATION ACCESSIBLE & SECURE. w w w. i m e d i c o r. c o m MAKING HEALTH INFORMATION ACCESSIBLE & SECURE w w w. i m e d i c o r. c o m SOFTWARE FEATURES ONC COMPLETE AMBULATORY EHR CERTIFIED MU- 2 Fully hosted and managed solution Intuitive interface Accessible

More information

Meaningful Use Rules Proposed for Electronic Health Record Incentives Under HITECH Act By: Cherilyn G. Murer, JD, CRA

Meaningful Use Rules Proposed for Electronic Health Record Incentives Under HITECH Act By: Cherilyn G. Murer, JD, CRA Meaningful Use Rules Proposed for Electronic Health Record Incentives Under HITECH Act By: Cherilyn G. Murer, JD, CRA Introduction On December 30, 2009, The Centers for Medicare & Medicaid Services (CMS)

More information

HIPAA Privacy and Information Security Management Briefing

HIPAA Privacy and Information Security Management Briefing HIPAA Privacy and Information Security Management Briefing Karen Pagliaro-Meyer Privacy Officer kpagliaro@columbia.edu (212) 305-7315 Soumitra Sengupta Information Security Officer sen@columbia.edu (212)

More information

Medicaid and Medicare Meaningful Use of Electronic Health Records Program. May 15, 2013

Medicaid and Medicare Meaningful Use of Electronic Health Records Program. May 15, 2013 Medicaid and Medicare Meaningful Use of Electronic Health Records Program May 15, 2013 Presenters Andie Patterson, Deputy Director of Regulatory Affairs California Primary Care Association apatterson@cpca.org

More information

Signed into law on February 17, 2009, the Stimulus Package known

Signed into law on February 17, 2009, the Stimulus Package known Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package

More information

Are you ready? Meaningful Use Stage 2 HIT Summit July 26, 2014

Are you ready? Meaningful Use Stage 2 HIT Summit July 26, 2014 Are you ready? Meaningful Use Stage 2 HIT Summit July 26, 2014 Meaningful Use Stage 2 Are you Ready? Speakers: Robyn Polinar, BA, MBA, AMB & Community EMR Supervisor Hawai i Pacific Health Nadine Owen,

More information

Empowering Nurses & Building Trust Through Health IT

Empowering Nurses & Building Trust Through Health IT Empowering Nurses & Building Trust Through Health IT Helen Caton-Peters, MSN, RN Health Information Privacy & Security Specialist Office of the National Coordinator for Health Information Technology 2

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations

More information

Opportunities for Medicaid to Invest in HIT. Shannah Koss, Principal Koss on Care LLC

Opportunities for Medicaid to Invest in HIT. Shannah Koss, Principal Koss on Care LLC Opportunities for Medicaid to Invest in HIT Shannah Koss, Principal Koss on Care LLC Topics Key HIT components in the ARRA What is happening in state Medicaid programs today? Challenges and opportunities

More information

Am I a Business Associate?

Am I a Business Associate? Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014 OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2 Linda Sanches, MPH Senior Advisor, Health Information Privacy HCCA Compliance Institute March 31, 2014 Agenda Background Audit Phase

More information

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Business Associate Agreement (BAA) Guidance

Business Associate Agreement (BAA) Guidance Business Associate Agreement (BAA) Guidance Introduction The purpose of this document is to provide guidance for creating or updating business associate agreements between your Practice ( Covered Entity

More information

Gerry Hinkley Co-Chair, Health Care Industry Team Pillsbury Winthrop Shaw Pittman LLP

Gerry Hinkley Co-Chair, Health Care Industry Team Pillsbury Winthrop Shaw Pittman LLP How Regional Extension Centers (RECs), Beacon Programs, Community College Consortia and Health Insurance Exchanges Work and Why Privacy and Security are Important Gerry Hinkley Co-Chair, Health Care Industry

More information

Stage 2 Meaningful Use What the Future Holds. Lindsey Wiley, MHA HIT Manager Oklahoma Foundation for Medical Quality

Stage 2 Meaningful Use What the Future Holds. Lindsey Wiley, MHA HIT Manager Oklahoma Foundation for Medical Quality Stage 2 Meaningful Use What the Future Holds Lindsey Wiley, MHA HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.

More information

Overview of HITECH ACT Changes to HIPAA Privacy Rules

Overview of HITECH ACT Changes to HIPAA Privacy Rules Overview of HITECH ACT Changes to HIPAA Privacy Rules January 4, 2010 Presentation by Jennifer L. Cox, Esq. Timeline and Sources of Law HIPAA was passed by Congress in 1996, and regulations were required

More information

AHAdatainfo@healthforum.com 866-375-3633. 2012 AHA Annual Survey Information Technology Supplement. Healthcare IT Database Download and Data Licensing

AHAdatainfo@healthforum.com 866-375-3633. 2012 AHA Annual Survey Information Technology Supplement. Healthcare IT Database Download and Data Licensing 2012 AHA Annual Survey Information Technology Supplement Survey Questionnaire This survey instrument can be used to facilitate sales, planning and marketing activities. For example, consider current and

More information

Agenda. Government s Role in Promoting EMR Technology. EMR Trends in Health Care. What We Hear as Reasons to Not Implement and EMR

Agenda. Government s Role in Promoting EMR Technology. EMR Trends in Health Care. What We Hear as Reasons to Not Implement and EMR Agenda A 360-Degree Approach to EMR Implementation Environmental Overview Information on the HITECH Stimulus Opportunities Hospitals, Physicians and Interoperability Preparing for an EMR Implementation

More information

Custom Report Data Elements: 2012 IT Database Fields. Source: American Hospital Association IT Survey

Custom Report Data Elements: 2012 IT Database Fields. Source: American Hospital Association IT Survey Custom Report Data Elements: 2012 IT Database Fields Source: American Hospital Association IT Survey COMPUTERIZED SYSTEM IMPLEMENTATION 3 Bar Coding 3 Computerized Provider Order Entry 3 Decision Support

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Meaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM. www.getrealhealth.com

Meaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM. www.getrealhealth.com www.getrealhealth.com Meaningful Use Overview We are at the forefront of the patient engagement era. The American Recovery and Reinvestment Act of 2009 included the Health Information Technology for Economic

More information

THE 2009 HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT

THE 2009 HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT July 2009 THE 2009 HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT SUMMARY The Health Information Technology for Economic and Clinical Health Act (HITECH) is an important component of

More information

Of EHRs and Meaningful Use. Pat Wise, RN, MA, MS FHIMSS COL (USA ret d) VP, Healthcare Information Systems, HIMSS

Of EHRs and Meaningful Use. Pat Wise, RN, MA, MS FHIMSS COL (USA ret d) VP, Healthcare Information Systems, HIMSS Of EHRs and Meaningful Use Pat Wise, RN, MA, MS FHIMSS COL (USA ret d) VP, Healthcare Information Systems, HIMSS 1 MU: Where We are Today From www.cms.gov As of the end of January 31, 2013: >210,000 EPs

More information

Privacy & Security The HHS Rule is Out What s New and What s Next. Mary Jo Carden, RPh, JD Director, Regulatory Affairs AMCP mcarden@amcp.

Privacy & Security The HHS Rule is Out What s New and What s Next. Mary Jo Carden, RPh, JD Director, Regulatory Affairs AMCP mcarden@amcp. Privacy & Security The HHS Rule is Out What s New and What s Next Mary Jo Carden, RPh, JD Director, Regulatory Affairs AMCP mcarden@amcp.org Disclosure Mary Jo Carden is an employee of the Academy of Managed

More information

Electronic Health Records. Going Beyond Data Collection to Making the Data Usable

Electronic Health Records. Going Beyond Data Collection to Making the Data Usable Electronic Health Records Going Beyond Data Collection to Making the Data Usable Overview Compliance to the Meaningful Use guidelines in the Health Information Technology Economic and Clinical Health (HITECH)

More information

Health Homes Implementation Series: NYeC Privacy and Security Toolkit. 16 February 2012

Health Homes Implementation Series: NYeC Privacy and Security Toolkit. 16 February 2012 Health Homes Implementation Series: NYeC Privacy and Security Toolkit 16 February 2012 1 Agenda What are the New York ehealth Collaborative (NYeC) and the Regional Extension Center? What are Health Homes?

More information

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq. HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September

More information

Meaningful Use Stage 2:

Meaningful Use Stage 2: Meaningful Use Stage 2: Where We Are Now, Where We re Going, and What it Means for Your Practice Russell B. Leftwich, MD, FAAAI Chief Medical Informatics Officer Office of ehealth Initiatives, State of

More information

Certification Guidance for EHR Technology Developers Serving Health Care Providers Ineligible for Medicare and Medicaid EHR Incentive Payments

Certification Guidance for EHR Technology Developers Serving Health Care Providers Ineligible for Medicare and Medicaid EHR Incentive Payments I. Background Certification Guidance for EHR Technology Developers Serving Health Care Providers Ineligible for Medicare and Medicaid EHR Incentive Payments The Medicare and Medicaid EHR Incentive Programs,

More information

Health Insurance Portability and Accountability Act HIPAA. Glossary of Common Terms

Health Insurance Portability and Accountability Act HIPAA. Glossary of Common Terms Health Insurance Portability and Accountability Act HIPAA Glossary of Common Terms Terms: HIPAA Definition*: PHCS Definition/Interpretation: Administrative Simplification HIPAA Subtitle F It is the purpose

More information

Enabling Patients Decision Making Power: A Meaningful Use Outcome. Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality

Enabling Patients Decision Making Power: A Meaningful Use Outcome. Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality Enabling Patients Decision Making Power: A Meaningful Use Outcome Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality Today 1. Meaningful Use (MU) 2. 2/3rds of MU relates

More information

Meaningful Use: Stage 1 and 2 Hospitals (EH) and Providers (EP) Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality

Meaningful Use: Stage 1 and 2 Hospitals (EH) and Providers (EP) Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality Meaningful Use: Stage 1 and 2 Hospitals (EH) and Providers (EP) Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality Meaningful Use Stage 1 Focuses on Functional & Interoperability

More information

SURVEY QUESTIONNAIRE 2013 AHA ANNUAL SURVEY INFORMATION TECHNOLOGY SUPPLEMENT

SURVEY QUESTIONNAIRE 2013 AHA ANNUAL SURVEY INFORMATION TECHNOLOGY SUPPLEMENT 2013 AHA ANNUAL SURVEY INFORMATION TECHNOLOGY SUPPLEMENT SURVEY QUESTIONNAIRE This survey instrument can be used to facilitate sales, planning and marketing activities. For example, consider current and

More information

Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes

Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes Watch the Replay Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes FairWarning Executive Webinar Series May 20, 2014 #AnytimeAudit Today s Panel Laura E. Rosas, JD, MPH

More information

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients HIPAA: Protecting Your Ericka L. Adler Practice and Your Patients Rachel V. Rose Fallout from the Omnibus Rule Compliance strategies for medical practices 1. Know / manage your business associates and

More information

How to Achieve Meaningful Use with ICANotes

How to Achieve Meaningful Use with ICANotes How to Achieve Meaningful Use with ICANotes Meaningful use involves using an EHR in a way that the government has defined as meaningful to collect incentive payments. but do not participate. Note: If you

More information

Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel

Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Questions Answers 1 Is a Business Associate (BA) responsible for assuming a Covered

More information

Kaiser Permanente Comments on Health Information Technology, by James A. Ferguson

Kaiser Permanente Comments on Health Information Technology, by James A. Ferguson Kaiser Permanente Comments on Health Information Technology, by James A. Ferguson FTC Public Workshop: Innovations in Health Care Delivery 24 April, 2008 Kaiser Permanente Overview Established in 1945,

More information

Demonstrating Meaningful Use of EHRs: The top 10 compliance challenges for Stage 1 and what s new with 2

Demonstrating Meaningful Use of EHRs: The top 10 compliance challenges for Stage 1 and what s new with 2 Demonstrating Meaningful Use of EHRs: The top 10 compliance challenges for Stage 1 and what s new with 2 Today s discussion A three-stage approach to achieving Meaningful Use Top 10 compliance challenges

More information