Hospital Certified Electronic Health Record (EHR) Technology Questionnaire

Size: px
Start display at page:

Download "Hospital Certified Electronic Health Record (EHR) Technology Questionnaire"

Transcription

1 Page 1 of 10 Hospital Certified Electronic Health Record (EHR) Technology Questionnaire Thank you for taking time to complete this questionnaire. The Office of Inspector General (OIG) is conducting this survey as part of a study on fraud and abuse safeguards in EHRs. Participating will help us learn about the certified EHR technology hospitals are using. Our questions concern the presence of features and capabilities of certified EHR technology, as well as barriers to implementing certain safeguards for increased fraud protection and data integrity. If you have any questions, please contact Kim Yates at or Your responses will be saved every time you click the NEXT button. You can return to the questionnaire at any time, using the same link, until you click the red SUBMIT button. Click the PRINT button to print a copy of this questionnaire with your responses. Once you click the red SUBMIT button you will not be able to edit or print your responses. Click the NEXT button to begin. 1. Please provide the following information for the individual(s) completing this questionnaire: Respondent name(s) and title(s): Phone number: Hospital name: The following questions ask about the certified EHR technology this hospital has implemented and attested to meaningful use. 2. What type of EHR technology does this hospital use? One or more commercial vendor product(s) One or more internally developed product(s) A combination of vendor and internally developed products

2 Page 2 of How many years has the hospital used any EHR technology? 4. Is this hospital part of a network of hospitals that use the same EHR technology? The following questions ask about the certified EHR technology's capabilities regarding coding. 5. How are diagnoses and procedures coded at this hospital? Manually by professional coders Automatically with coding software 6. Does this hospital have plans to adopt computer-assisted coding? The following questions ask about user authentication and access to the certified EHR technology. 7. Does access to the hospital EHR technology require the following user authorizations? Unique user ID Password Token-based (e.g., identification card) Biometrics (e.g., fingerprints) Public-key (e.g., PKI, digital certificates) 8. Has the hospital implemented the following policies and procedures regarding access to the EHR technology? Automatic user log-off/ Session time-out Minimum password configuration rules Regular changing of password User agreements or contracts to prevent sharing of passwords

3 Page 3 of 10 The following questions ask about access to the certified EHR technology by outside entities. 9. Does this hospital allow any outside entity (such as a payer) access to the EHR technology? 10. How does the hospital allow outside entities access to the EHR technology? Remotely On-site 11. Does the hospital establish unique user IDs to track outside entities' activity? The following questions ask about access to the certified EHR technology by outside entities. 14. To what extent does the hospital consider the following to be barriers to allowing outside entities access to EHR technology? EHR technology does not support the capability Hardware does not support the capability Insufficient human resources Funding restrictions/additional costs to implement Insufficient training on EHR technology Inability to integrate with existing systems Inability to limit access to specific patients, encounters, or information Concerns with EHR system performance Concerns with patient privacy Concerns with provider rights Concerns with inappropriate use by outside entities Hospital policy prevents such access Please Specify: To A Large To Some To Little t At All The following questions ask about the certified EHR technology's audit log and metadata

4 Page 4 of 10 features. Audit logs and metadata track access and changes within an EHR chronologically by capturing data elements such as date and time when users access or change the record. 15. Does the audit log record data for the following events? Each entry or access to the EHR Signature event (the proactive or auto default completion of a patient encounter) Export of EHR document (printed, electronically exported, ed) Amendments, corrections, or modifications of data Import of data Disabling of audit log Release of encounter for billing Access by an authorized outside entity 16. Does the audit log record the following data? National Provider Identifier (NPI) Date/Time/User stamps Access type (creating, editing, viewing, printing, etc.) Internet Protocol (IP)/ Media Access Control (MAC) address Network Time Protocol (NTP)/ Simple Network Time Protocol (SNTP) synchronized time Method of data entry (direct entry, speech recognition, automated, copy/import, copy forward, dictation) Date/Time/User stamp of original author when data are copied Date/Time/User stamp of original author if data are entered on behalf of another (e.g., an assistant enters clinical information for a physician) The following questions ask about the certified EHR technology's audit log and metadata features. 17. Is the audit log operational whenever the EHR technology is available for updates or viewing?

5 Page 5 of To what extent does the hospital consider the following to be barriers to having the audit log operational at all times? Insufficient storage space for data Impedes system performance Inability to use audit log data (i.e., cannot identify and interpret audit log data) Insufficient human resources Inadequate training on audit log functionality A lack of user guides for audit log functionality To A Large To Some To Little t At All The following questions ask about the certified EHR technology's audit log and metadata features. 19. Can the audit log be disabled? 20. Who can disable the audit log? Any EHR user EHR users who are authorized to access the audit log EHR system administrators 21. Can the audit log be deleted? 22. Who can delete the audit log? Any EHR user EHR users who are authorized to access the audit log EHR system administrators 23. Can the audit log be edited? 24. Who can edit the audit log? Any EHR user EHR users who are authorized to access the audit log EHR system administrators

6 Page 6 of 10 The following questions ask about the certified EHR technology's audit log and metadata features. 25. How long are audit log data stored? 26. Does the EHR technology allow for the destruction of EHR and audit log data according to the hospital's data retention policies? 27. Can the EHR technology produce a user friendly version of the audit log (i.e., a summary of audit data in a readable format or embedded in an electronic form) for transmitting, printing, or exporting? The following questions ask about the certified EHR technology's audit log and metadata features. 28. Does anyone at the hospital analyze the audit log data? 29. Which of the following individuals at the hospital analyzes the audit log data? EHR system administrator Compliance officer Privacy officer 30. How often is the audit log data reviewed and analyzed? Monthly Quarterly Annually 31. To what extent does the hospital consider the following to be barriers to analyzing audit log data? Insufficient storage space for data Inability to interpret audit log data Insufficient human resources Inadequate training on audit log data To A Large To Some To Little t At All

7 Page 7 of 10 A lack of user guides for audit functionality The following questions ask about how physician progress notes are entered into the certified EHR technology. 32. To what extent are physician progress notes handwritten and/or dictated instead of directly entered into the EHR at this hospital? All physician progress notes are handwritten/dictated Some physician progress notes are handwritten/dictated and some are directly entered into the EHR physician progress notes are handwritten/dictated 33. How are these physician progress notes maintained? Maintained as a hardcopy Scanned into the EHR Transcribed into the EHR 34.Why are physician progress notes not directly entered into the EHR? 35. How are physician progress notes entered into the EHR? Typed directly into the EHR as free text Entered into the EHR with templates The following questions ask about how nursing notes are entered into the certified EHR technology. 36. To what extent are narrative nursing notes handwritten instead of directly entered into the EHR at this hospital? All narrative nursing notes are handwritten Some narrative nursing notes are handwritten and some are directly entered into the EHR narrative nursing notes are handwritten 37. How are these narrative nursing notes maintained? Maintained as a hardcopy Scanned into the EHR 38.Why are narrative nursing progress notes not directly entered into the EHR?

8 Page 8 of How are narrative nursing notes entered into the EHR? Typed directly into the EHR as free text Entered into the EHR with templates Please Specify: The following questions ask about the certified EHR technology's capabilities regarding exporting and transmitting EHR documents. 40. Are there limits on which EHR users are authorized to electronically export, transfer, or print EHR documents? 41. Does the EHR technology require the user to document why an EHR document was electronically exported, transferred, or printed? 42. Does the EHR technology have the capability to disable the Print Screen function? 43. Does the hospital disable the Print Screen function for the EHR technology? The following questions ask about certified EHR technology features regarding patient access. 44. Do patients have the following electronic access to their EHR data? View their entire EHR View only components of their EHR Ability to comment in their EHR View all entities to which their EHR was released View all the entities who accessed their EHR The following questions ask about certified EHR technology features regarding patient access. 45. To what extent does the hospital consider the following to be barriers to allowing patient access to their EHR data?

9 Page 9 of 10 EHR technology does not support the capability Hardware does not support the capability Resistance by physicians to have patients access the information Concerns with patient security and privacy Funding restrictions/ additional costs to implementation Insufficient training on the EHR technology Inability to integrate with existing systems Concerns with EHR system performance Hospital policy prevents such access To A Large To Some To Little t At All The following questions ask about the certified EHR technology features regarding patient identity management. 46. What procedures does the hospital require to identify patients upon check-in? Photo identification Established relationship (i.e., visual recognition) Verifying identity based on information an individual can verify (e.g., address, data of birth) Biometric identification 47. For each patient check-in, does the EHR technology have the capability to record which identification procedure was used to confirm patient identity? The following questions ask about additional features and safeguards that the hospital's certified EHR technology may have in place. 48. Can an EHR document be modified after it has been finalized by a "signature event" (i.e., the proactive or auto default completion of a patient encounter)? 49. Are the original unmodified EHR data retained?

10 Page 10 of Can the following features be customized in the EHR technology? Copy/Paste Templates Do t Have That Feature 51. Does the hospital have a policy regarding the use of the copy/paste feature in EHR technology? 52.Please describe the hospital's copy/paste policy: The following questions ask about the additional features and safeguards the the hospital's certified EHR technology may have in place. 53. Has the hospital implemented any of the following safeguards? Policies and procedures for analysis of audit log data Written policies and agreements for EHR users Employee training on privacy Employee training on fraud and abuse prevention Employee training on EHR data integrity Routine review of EHR user privileges 54.Please describe any other procedures, policies, or capabilities specific to the EHR technology that your hospital has implemented in order to maintain data integrity and prevent fraud. Click the PRINT button if you would a copy of this questionnaire with your responses. Please click the red SUBMIT button to complete this questionnaire. Once you do so, you will not be able to change or print your responses. Thank you!

Your responses will be saved every time you click the NEXT button.

Your responses will be saved every time you click the NEXT button. Hospital Certified Electronic Health Record (EHR) Technology Questionnaire Thank you for taking time to complete this questionnaire The Office of Inspector General (OIG) is conducting this survey as part

More information

MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE

MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE Hospitals that have received Medicare incentive payments for meaningful use of electronic health records have been asked by the Office of Inspector General of

More information

NOT ALL RECOMMENDED FRAUD SAFEGUARDS HAVE BEEN IMPLEMENTED IN HOSPITAL EHR TECHNOLOGY

NOT ALL RECOMMENDED FRAUD SAFEGUARDS HAVE BEEN IMPLEMENTED IN HOSPITAL EHR TECHNOLOGY Department of Health and Human Services OFFICE OF INSPECTOR GENERAL NOT ALL RECOMMENDED FRAUD SAFEGUARDS HAVE BEEN IMPLEMENTED IN HOSPITAL EHR TECHNOLOGY Daniel R. Levinson Inspector General December 2013

More information

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS OBJECTIVE Increase your IT vocab so that you can assess the risks related to your audits of EHRs and/or EHR related data AGENDA What

More information

Fraud Prevention in an Increasingly Digitized World

Fraud Prevention in an Increasingly Digitized World Fraud Prevention in an Increasingly Digitized World California Association of Health Plans July 22, 2013 Presented by R. Gregory Cochran, MD, JD Introduction Government s evolving stance on EHR 2004 State

More information

Electronic Signature, Attestation, and Authorship

Electronic Signature, Attestation, and Authorship Electronic Signature, Attestation, and Authorship Appendix C: Electronic Signature Model Policy This template document is not intended for adoption as a substitute for a customized organizational policy

More information

Full Compliance Contents

Full Compliance Contents Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex

More information

DeltaV Capabilities for Electronic Records Management

DeltaV Capabilities for Electronic Records Management January 2013 Page 1 DeltaV Capabilities for Electronic Records Management This paper describes DeltaV s integrated solution for meeting FDA 21CFR Part 11 requirements in process automation applications

More information

Guidance and Instructions on Configuring Access and Auditing. NYC Dept. of Health and Mental Hygiene. Primary Care Information Project

Guidance and Instructions on Configuring Access and Auditing. NYC Dept. of Health and Mental Hygiene. Primary Care Information Project Guidance and Instructions on Configuring Access and Auditing NYC Dept. of Health and Mental Hygiene Primary Care Information Project Privacy and Security Guidelines for PCIP Participating Practices Purpose:

More information

EHR s-new Opportunities for the Confident Coder

EHR s-new Opportunities for the Confident Coder EHR s-new Opportunities for the Confident Coder Angela Jordan, CPC Chair AAPCCA Board of Directors Manager Coding and Compliance EvolveMD amjordan.cpc@gmail.com Objective EHR basics Basic knowledge of

More information

Thermo Scientific Qtegra Intelligent Scientific Data Solution (ISDS) Software for 21 CFR Part 11 Compliant Laboratories

Thermo Scientific Qtegra Intelligent Scientific Data Solution (ISDS) Software for 21 CFR Part 11 Compliant Laboratories Thermo Scientific Qtegra Intelligent Scientific Data Solution (ISDS) Software for 21 CFR Part 11 Compliant Laboratories Technical Note 43106 Key Words Compliance, Electronic Records, 21 CFR Part 11 Goal

More information

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system. 21 CRF 11 Electronic Records and Signatures Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system. By Todd Duell What does Title 21 of the Code of Federal

More information

DeltaV Capabilities for Electronic Records Management

DeltaV Capabilities for Electronic Records Management September 2004 Page 1 An integrated solution for meeting FDA 21CFR Part 11 requirements in process automation applications using a configurable off-the-shelf (COTS) solution Emerson Process Management.

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,

More information

West Virginia Meaningful Use Registration System Instructions

West Virginia Meaningful Use Registration System Instructions West Virginia Meaningful Use Registration System Instructions To register, go to: http://www.wvdhhr.org/bph/oeps/murs/login.cfm Click on Need to register an account? Enter e-mail and your choice of password.

More information

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E. Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E. President & CEO Agenda Introduction Who is Malisko Engineering? Title

More information

Compliance and Industry Regulations

Compliance and Industry Regulations Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy

More information

Thermo Scientific Qtegra Intelligent Scientific Data Solution (ISDS) Software for 21 CFR Part 11 Compliant Laboratories

Thermo Scientific Qtegra Intelligent Scientific Data Solution (ISDS) Software for 21 CFR Part 11 Compliant Laboratories Thermo Scientific Qtegra Intelligent Scientific Data Solution (ISDS) Software for 21 CFR Part 11 Compliant Laboratories Technical Note 43106 Key Words Compliance, Electronic Records, 21 CFR Part 11 Goal

More information

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System White Paper By Frank Tontala Agilent Technologies Software & Informatics Life Sciences & Chemical Analysis Group

More information

CMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRS

CMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRS Department of Health and Human Services OFFICE OF INSPECTOR GENERAL CMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRS Daniel R. Levinson Inspector

More information

AHLA. E. My Vendor Made Me Do It: New Compliace Risks in EHR

AHLA. E. My Vendor Made Me Do It: New Compliace Risks in EHR AHLA E. My Vendor Made Me Do It: New Compliace Risks in EHR James Cannatti Office of Counsel to the Inspector General US Department of Health and Human Services Washington, DC Danielle B. Fletcher Office

More information

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

SUBJECT: Bureau of Highway Instructional Memorandum 2012-02 Digitally Encrypted Electronic Signatures

SUBJECT: Bureau of Highway Instructional Memorandum 2012-02 Digitally Encrypted Electronic Signatures Michigan Department of Transportation OFFICE MEMORANDUM DATE: February 28, 2012 TO: FROM: Region Engineers Region Associate Operations Engineers Region Construction Engineers TSC Managers TSC Construction

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

intertrax Suite intertrax exchange intertrax monitor intertrax connect intertrax PIV manager User Guide Version 3 2011

intertrax Suite intertrax exchange intertrax monitor intertrax connect intertrax PIV manager User Guide Version 3 2011 intertrax Suite intertrax exchange intertrax monitor intertrax connect intertrax PIV manager User Guide Version 3 2011 Copyright 2003-2011 by Salamander Technologies, Inc. Protected by US Patents 5,573,278;

More information

Internet Banking Internal Control Questionnaire

Internet Banking Internal Control Questionnaire Internet Banking Internal Control Questionnaire Completed by: Date Completed: 1. Has the institution developed and implemented a sound system of internal controls over Internet banking technology and systems?

More information

ELECTRONIC HEALTH RECORDS

ELECTRONIC HEALTH RECORDS ELECTRONIC HEALTH RECORDS Medical Protective Clinical Risk Management Department AUGUST 2013 For questions, products, or services, please contact 800 4MEDPRO or visit http://www.medpro.com/. This document

More information

PCI DSS Requirements - Security Controls and Processes

PCI DSS Requirements - Security Controls and Processes 1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

To start the pre-approval process, providers must fill out a short online survey, available at: https://www.surveymonkey.com/s/hrszft2.

To start the pre-approval process, providers must fill out a short online survey, available at: https://www.surveymonkey.com/s/hrszft2. Maryland Medicaid EHR Incentive Program Attestation Form for Eligible Providers to Meet Program Requirements Under the Certified Electronic Health Record (CEHRT) Flexibility Rule for Program Year 2014

More information

EMR Pearls and Perils

EMR Pearls and Perils EMR Pearls and Perils Presented by Bruce Rappoport, MD, CPC, CHCC All rights reserved Today s EMR Data Points Selection Implementation Upgrades Documentation Payer communications Coding 1 Documentation

More information

OIG Security Audit: What You Need To Know

OIG Security Audit: What You Need To Know Watch the Replay on YouTube OIG Security Audit: What You Need To Know Executive Series Webinar July 23rd, 2015 Today s Speakers Elana R. Zana Attorney & Author Ogden Murphy Wallace P.L.L.C. ezana@omwlaw.com

More information

Sunrise Acute Care (SAC) Module 1 New Provider Basic Course

Sunrise Acute Care (SAC) Module 1 New Provider Basic Course Sunrise Acute Care (SAC) Module 1 New Provider Basic Course May 2013 Sunrise Acute Care Training Consists of 5 modules To gain access to Acute Care you will need to: Complete all 5 modules Pass the Acute

More information

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER Copyright 2012 FileHold Systems Inc. All rights reserved. For further information about this manual or other FileHold Systems products,

More information

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA) Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA) Compliance with 21 CFR Part 11 Introduction Part 11 in Title 21 of the Code of Federal

More information

6/8/2012. Cloning and Other Compliance Risks in Electronic Medical Records

6/8/2012. Cloning and Other Compliance Risks in Electronic Medical Records Cloning and Other Compliance Risks in Electronic Medical Records Lori Laubach, Partner, Moss Adams LLP Catherine Wakefield, Vice President, Corporate Compliance and Internal Audit, MultiCare 1 AGENDA Basic

More information

IMPLEMENTING AND MAINTAINING ELECTRONIC MEDICAL RECORDS

IMPLEMENTING AND MAINTAINING ELECTRONIC MEDICAL RECORDS IMPLEMENTING AND MAINTAINING ELECTRONIC MEDICAL RECORDS A Guide to EMR Utilization and Compliance Risks for s, IT Professionals, and Administrators Prepared by: Dawnese Kindelt, CPC, CHC - System Compliance

More information

21 CFR Part 11 Electronic Records & Signatures

21 CFR Part 11 Electronic Records & Signatures Gap Analysis - Checklist 21 CFR Part 11 Electronic Records & Signatures his document is a proposal and starting point only. he type and extent of documentation depends on the process environment. he proposed

More information

U.S. FDA TITLE 21 CFR PART 11 COMPLIANCE ASSESSMENT OF SAP LEARNING SOLUTION

U.S. FDA TITLE 21 CFR PART 11 COMPLIANCE ASSESSMENT OF SAP LEARNING SOLUTION U.S. FDA TITLE 21 CFR PART 11 COMPLIANCE ASSESSMENT OF SAP LEARNING SOLUTION Disclaimer These materials are subject to change without notice. SAP AG s compliance analysis with respect to SAP software performance

More information

Standard: Event Monitoring

Standard: Event Monitoring Standard: Event Monitoring Page 1 Executive Summary The Event Monitoring Standard defines the requirements for Information Security event monitoring within SJSU computing resources to ensure that information

More information

itrust Medical Records System: Requirements for Technical Safeguards

itrust Medical Records System: Requirements for Technical Safeguards itrust Medical Records System: Requirements for Technical Safeguards Physicians and healthcare practitioners use Electronic Health Records (EHR) systems to obtain, manage, and share patient information.

More information

Support for the HIPAA Security Rule

Support for the HIPAA Security Rule WHITE PAPER Support for the HIPAA Security Rule PowerScribe 360 Reporting v2.0 HEALTHCARE 2 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of PowerScribe

More information

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure. Payment Card Industry Security Standards Over the past years, a series of new rules and regulations regarding consumer safety and identify theft have been enacted by both the government and the PCI Security

More information

5/16/2014. Revenue Cycle Impact Documentation risks in an EMR AGENDA. EMR Challenges Related to Billing and Revenue Cycle

5/16/2014. Revenue Cycle Impact Documentation risks in an EMR AGENDA. EMR Challenges Related to Billing and Revenue Cycle EMR Challenges Related to Billing and Revenue Cycle Lori Laubach, Principal Health Care Consulting California Primary Care Association Billing Managers Peer Conference May 20 21, 2014 1 The material appearing

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

Oracle WebCenter Content

Oracle WebCenter Content Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was

More information

8/28/2013. Lessons Learned in the EHR. Documentation risks in an EMR AGENDA

8/28/2013. Lessons Learned in the EHR. Documentation risks in an EMR AGENDA Lessons Learned in the EHR Lori Laubach, Partner Health Care Consulting Group 1 The material appearing in this presentation is for informational purposes only and is not legal or accounting advice. Communication

More information

The CIO s Guide to HIPAA Compliant Text Messaging

The CIO s Guide to HIPAA Compliant Text Messaging The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

Application Security Questionnaire. Application Name Vendor Version Release Date. Name Title Department. Company Name Telephone #

Application Security Questionnaire. Application Name Vendor Version Release Date. Name Title Department. Company Name Telephone # Instructions: Check the appropriate column to indicate the application s security capabilities. Please provide any additional responses or detailed explanations of other compensating controls as comments.

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher A Nemaris Company Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher 306 East 15 th Street Suite 1R, New York, New York 10003 Application Name Surgimap Vendor Nemaris Inc. Version

More information

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0 WHITE PAPER Support for the HIPAA Security Rule RadWhere 3.0 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of the RadWhere 3.0 system as part of

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

Integrating LANGuardian with Active Directory

Integrating LANGuardian with Active Directory Integrating LANGuardian with Active Directory 01 February 2012 This document describes how to integrate LANGuardian with Microsoft Windows Server and Active Directory. Overview With the optional Identity

More information

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements www.infinityqs.com Copyright InfinityQS International Table of Contents Overview... FDA s 21 CFR Part 11 Requirements... PART 11 ELECTRONIC

More information

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Guidance for Industry

Guidance for Industry Guidance for Industry Electronic Source Data in Clinical Investigations U.S. Department of Health and Human Services Food and Drug Administration Center for Drug Evaluation and Research (CDER) Center for

More information

Server Security Checklist (2009 Standard)

Server Security Checklist (2009 Standard) Server Security Checklist (2009 Standard) Server identification and location: Completed by (please print): Date: Signature: Manager s signature: Next scheduled review date: Date: Secure Network and Physical

More information

White Paper. Support for the HIPAA Security Rule PowerScribe 360

White Paper. Support for the HIPAA Security Rule PowerScribe 360 White Paper Support for the HIPAA Security Rule PowerScribe 360 2 Summary This white paper is intended to assist Nuance customers who are evaluating the security aspects of the PowerScribe 360 system as

More information

HIPAA. The Health Insurance Portability and Accountability Act, commonly. Health Insurance Portability and Accountability Act of 1996

HIPAA. The Health Insurance Portability and Accountability Act, commonly. Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability and Accountability Act, commonly referred to as, became a federal law in 1996. The act contains insurance reform

More information

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards

More information

Navigating Compliance Landmines in Electronic Health Record (EHR) Documentation

Navigating Compliance Landmines in Electronic Health Record (EHR) Documentation Navigating Compliance Landmines in Electronic Health Record (EHR) Documentation Brian T. Bates, CPA, CHC, MAc Corporate Compliance Officer University of Alabama Health Services Foundation, P.C. AHLA/HCCA

More information

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State

More information

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures Subpart A General Provisions Sec. 11.1 Scope. (a) The regulations in this part set forth the criteria

More information

CoSign for 21CFR Part 11 Compliance

CoSign for 21CFR Part 11 Compliance CoSign for 21CFR Part 11 Compliance 2 Electronic Signatures at Company XYZ Company XYZ operates in a regulated environment and is subject to compliance with numerous US government regulations governed

More information

Sponsor Site Questionnaire FAQs Regarding Maestro Care

Sponsor Site Questionnaire FAQs Regarding Maestro Care Sponsor Site Questionnaire FAQs Regarding Maestro Care Data Security and Validation 1. Are the electronic source documents or computer systems specific to the site and/or developed by the site? a. Developed

More information

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management Disclaimer These materials are subject to change without notice. SAP AG s compliance analysis with respect to SAP software

More information

Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013

Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013 Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures January 8, 2013 Wet Signatures Standards and legal standing Standards are based on legal precedence Non-repudiation inherent

More information

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.

More information

PCI Compliance Instructions

PCI Compliance Instructions PCI Compliance Instructions 1. Access our website at www.bridgenb.com and click Bridge Merchant 2. Click the Merchant PCI Compliance Program button, located at the bottom of the page 3. Enter Username

More information

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS U.S. Department of Health and Human Services Food and Drug Administration Center for Biologic Evaluation and Research (CBER) Center for

More information

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card

More information

Information Privacy and Security Program Title:

Information Privacy and Security Program Title: 1 Page: 1 of 7 I. PURPOSE: 1 The purpose of this standard is to provide direction for Tenet regarding auditing and monitoring requirements. Logging and auditing of actions within networks, systems, and

More information

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information

More information

Munson Medical Center Exchange Clinical Information Objective General Instructions

Munson Medical Center Exchange Clinical Information Objective General Instructions Munson Medical Center Exchange Clinical Information Objective General Instructions It is Munson Medical Center s interpretation that to complete Core Measure Performing at least one test of certified EHR

More information

Adobe Digital Signatures in Adobe Acrobat X Pro

Adobe Digital Signatures in Adobe Acrobat X Pro Adobe Digital Signatures in Adobe Acrobat X Pro Setting up a digital signature with Adobe Acrobat X Pro: 1. Open the PDF file you wish to sign digitally. 2. Click on the Tools menu in the upper right corner.

More information

Introduction to Health Insurance

Introduction to Health Insurance Chapter 2 PART 2 of 2 Introduction to Health Insurance Copyright 2013 Delmar, Cengage Learning. ALL RIGHTS RESERVED. 1 Healthcare Documentation Documentation is the systematic, logical, and consistent

More information

Vendor Risk Assessment Questionnaire

Vendor Risk Assessment Questionnaire Vendor Risk Assessment Questionnaire VENDOR INFORMATION: Vendor Name: Vendor Address: Vendor Contact Name: Vendor Contact Phone No: Vendor Contact Email: DATA SENSITIVITY What is the nature of data that

More information

CWBdirect Business Online Banking. User Guide

CWBdirect Business Online Banking. User Guide CWBdirect Business Online Banking User Guide Table of Contents CWBdirect Business Online Banking... 2 Introduction... 2 Convenience... 2 Flexibility... 2 Security... 2 Login... 2 First-time login... 3

More information

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology RUTGERS POLICY Section: 70.2.22 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Information Security: Electronic Information and Information Systems Access Control

More information

Access to Electronic Health Records Policy Franciscan Health System

Access to Electronic Health Records Policy Franciscan Health System Access to Electronic Health Records Policy Franciscan Health System PURPOSE: The purpose of the Access to Electronic Health Records Policy ( EHR Policy ) is to establish processes and procedures for permitting

More information

The Impact of 21 CFR Part 11 on Product Development

The Impact of 21 CFR Part 11 on Product Development The Impact of 21 CFR Part 11 on Product Development Product development has become an increasingly critical factor in highly-regulated life sciences industries. Biotechnology, medical device, and pharmaceutical

More information

Empower TM 2 Software

Empower TM 2 Software Empower TM 2 Software 21 CFR PART 11 COMPLIANCE ASSESSMENT Revision A, December, 2005 1 of 14 Waters Corporation Note: Information presented in this document assumes that the appropriate Empower 2 System

More information

Compliance Matrix for 21 CFR Part 11: Electronic Records

Compliance Matrix for 21 CFR Part 11: Electronic Records Compliance Matrix for 21 CFR Part 11: Electronic Records Philip E. Plantz, PhD, Applications Manager David Kremer, Senior Software Engineer Application Note SL-AN-27 Revision A Provided By: Microtrac,

More information

(EHR) Incentive Program

(EHR) Incentive Program ATTESTATION USER GUIDE For Eligible Professionals Medicare Electronic Health Record (EHR) Incentive Program 2014 Stage 1 Definition of Meaningful Use June 2014 CONTENTS Click on the Step below to navigate

More information

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries White Paper No 01 I December 2010 Implementation of 21 CFR Part 11 in the epmotion Software Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device

More information

FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry

FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry 1. Why did the Centers for Medicare & Medicaid Services (CMS) develop mobile applications (apps) for the OPEN PAYMENTS program? Answer: CMS developed two mobile apps to serve as tools that can be used

More information

21 CFR Part 11 Implementation Spectrum ES

21 CFR Part 11 Implementation Spectrum ES 21 CFR Part 11 Implementation Spectrum ES INFRARED SPECTROSCOPY T E C H N I C A L N O T E Introduction Compliance with 21 CFR Part 11 is mandatory for pharmaceutical companies and their suppliers to sell

More information

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations

More information

FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry

FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry 1. Why did the Centers for Medicare & Medicaid Services (CMS) develop mobile applications (apps) for the Open Payments program?

More information

How Managed File Transfer Addresses HIPAA Requirements for ephi

How Managed File Transfer Addresses HIPAA Requirements for ephi How Managed File Transfer Addresses HIPAA Requirements for ephi 1 A White Paper by Linoma Software INTRODUCTION As the healthcare industry transitions from primarily using paper documents and patient charts

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Guidance for Industry

Guidance for Industry Guidance for Industry Electronic Source Data in Clinical Investigations DRAFT GUIDANCE This guidance document is being distributed for comment purposes only. Comments and suggestions regarding this draft

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

AAMC COMPLIANCE OFFICERS FORUM

AAMC COMPLIANCE OFFICERS FORUM Electronic Health Records in Academic Health Centers TOPIC 1: Medical Student Documentation January 2011 Purpose Medical students are learners. In no state are they given a license to practice medicine

More information