EMR Risk Mitigation and Optimization
|
|
- Raymond Day
- 3 years ago
- Views:
Transcription
1 EMR Risk Mitigation and Optimization Kelly Nueske, LarsonAllen LLP Jenny O Brien, Halleland Lewis Nilan & Johnson Session Objectives Define potential risk/audit areas in electronic medical records Selection Implementation Operations Review both familiar and new risk areas related to electronic records Discuss possible approaches to assess risks and audit controls effectiveness Offer a multi-disciplinary view, focusing on the enabling technology and resulting new operational risks January 21,
2 EMR - One Patient. One Record. Implementing Epic Single database architecture, supporting all of Allina s hospitals and clinics One of country s largest, most integrated implementations Scheduling/Registration CPOE, Clinical information, Care Plans Pharmacy, Radiology, OR, ED Professional and Facility Billing Pushing the limits of system design, capacity and integrated operation January 21, EMR Selection Risks Clarity of desired system scope Clinical only Clinical and billing Ancillary departments CPOE or not Scheduling Organizational status and culture Degree of common clinical and business support processes Operations ownership of initiative Physician relationships Financial health Drivers for EMR implementation January 21,
3 Selection Risks (continued) Integration with existing environment Network Database Interfaces to existing systems Workstations Vendor Fit/Technology Vendor experience with your implementation model Capacity and architecture Scalability Administrative access and logging Reporting versus transaction loads Configurability/flexibility of application Good and bad Redundancy - Built in or need to develop January 21, Organization Infrastructure Organizational Culture and Structure Medical staff bylaws Union contracts impact on jobs get their buy in Physician relationships Common charging philosophy, fee schedules Employed versus affiliated physicians Security and access philosophy for data Exposure and resolution of ineffective, inappropriate, sub-optimal workflows, processes January 21,
4 Organization Infrastructure (continued) Governance infrastructure to support maintenance and updating decision-making Ownership of shared data Integration pros and cons Central versus local control/accountability for most everything Criteria for transitioning from implementation to support Application and workflow support Where in organization? Skill sets needed? Physician and other care giver support requirements Patient safety response team and process Maintenance and updating of workflows January 21, Regulatory Accreditation Core measures reporting Very dependent on consistent workflow usage and adherence to documentation standards Potential revenue impacts and accreditation issues Integrating JCAHO standards and CMS Conditions of Participation into workflows and functionality Informed consent Medication reconciliation Single system design vs. varied facilities interpretation of regulations Procedures documentation and retention January 21,
5 Federal & State Regulations Occupational health records & pre-employment screening Compliance with state laws & union contracts Use of previous information for pre-employment screening Psychotherapy (HIPAA, federal and state regulations) Federally funded substance abuse programs Research studies Integration of FDA requirements Compliance with CFR statutes for EMR January 21, Financial External Audit Extended implementation impact General computer controls Change management Logical security Dual systems materiality extra costs Benefits Realization Operational drivers to achieve January 21,
6 Financial (continued) Revenue Impacts Charging processes Supplies Injections Drugs/dosages on MAR versus billing documentation Accountability for monitoring volumes/dollars Claims activities Creation Denials Write-offs/Discounts Payer relief during implementation of new system relief of timely filing deadlines? January 21, Clinical Practice Standards Scope of practice Use of protocols and clinical standards of care Management of duplicate orders Documentation standards for group notes Consistent follow up on increased volume of information Charting practices batch versus real time Increased information on actual activities and timing January 21,
7 Medical Record Integrity Maintaining history of end user name, licensure or credentialing changes and validation process Developing consistent data entry and data standards FYIs on charts Ensuring records integrity Interface errors Data entered on wrong patient deletion versus pointer removal Finding data in an electronic chart Data recovery after system outages Flagging deceased patients Timing of name change for adopted babies January 21, Technology Risk versus work effort for testing changes Technology IT technical staff expertise Maintenance and controls of multiple environments Disaster recovery planning (DRP) and testing Co-existence and synchronization of business continuity plan and down time procedures with DRP Wide area network load balancing traffic prioritization and monitoring Change control Programmatic Configuration Master table/file audit logs? January 21,
8 Privacy & Security Employee accessing their own medical record and records of family members Physician access to patient data Single database security versus monitoring Physicians concern about their competitors access to their patients data Conflicting state / federal regulations Designated record set definition Outside reviewers access & monitoring of activities Criteria for business associates remote access Disclosures tracking (single database) Monitoring and enforcement of company policies Design & philosophy of access monitoring vs. complex security structure January 21, Compliance & Audit Strategies Get involved push for membership on oversight groups Educate yourself and your staff Project documents Vendor training Readiness Assessments Computer skills Organizational focus, key operations roles assignments Physician readiness for CPOE Organizational model for managing physician issues January 21,
9 Compliance & Audit Strategies (continued) Sample Projects Validation of project progress reporting Testing documentation by clinical and business support staff Transfer of care workflow testing Security/access design and implementation Disaster Recovery review Business Continuity/Downtime Procedures/recovery plans by departments and sites Interfaces development methodology and testing controls Data conversions methodology and testing controls Change management controls programmatic, master files/tables, systems infrastructure Billing compliance 2-4 months post go-live for each site Auditors unique training needs January 21, Compliance & Audit Strategies (continued) Privacy and Security Participate in oversight or steering committee Review profiles and access Assess monitoring plans and activities Review sanctions process and actual use Review disclosures reporting and process Perform facility walk-throughs Locations of monitors and visibility to public Use of screen savers, password protection Generic workstations? January 21,
10 Lessons Learned Develop relationship with key management in project, operations Provide impartial eyes and ears, develop audit plan/projects in coordination with project/operations management Connect with other risk groups in your organization Law Compliance Risk Management Quality IT Internal Audit Develop a Risk Plan and Business Unit Implementation/Risk Plan Connect with other organizations Compare strategies, frustrations, successes January 21, Lessons Learned (continued) Look for gaps in supporting infrastructure in organization EMR with CPOE requires major changes in workflows Integration of clinical systems with billing systems increases complexity New approaches required for issue resolution, training, reporting and support functions Organization may need to create different infrastructures Pursue participation in key oversight groups, implementation teams Optimization takes time and effort January 21,
11 Kelly Nueske, Manager Leader, Risk Management & Performance Improvement Services Phone: Jenny O Brien, Attorney at Law Shareholder, Halleland Lewis Nilan & Johnson Phone:
Auditing Electronic Medical Record Systems. Mary Jo Flynn, RN, CIA, CCSA Interim Vice President, Audit Services
Auditing Electronic Medical Record Systems Mary Jo Flynn, RN, CIA, CCSA Interim Vice President, Audit Services Allina Hospitals and Clinics Allina Hospitals & Clinics is a not-for-profit system of hospitals,
Entity Overview and EMR Implementation Status. EMR Implementation: Compliance Challenges. Panel Members 11/29/2013. Moderator: Lynda Hilliard
EMR Implementation: Compliance Challenges HCCA Upper West Coast Regional Conference December 6, 2013 San Francisco Panel Members Greta Fees Ginny Kim Kevin Longo Moderator: Lynda Hilliard Entity Overview
EMR Implementation: Compliance Challenges
EMR Implementation: Compliance Challenges HCCA Upper West Coast Regional Conference December 6, 2013 San Francisco Panel Members Greta Fees Ginny Kim Kevin Longo Sutter Health John Muir Health Adventist
Decision Tree: When is a Business Associate Agreement (BAA) Required?
Decision Tree: When is a Business Associate Agreement (BAA) Required? Saint Louis University, a Covered Entity under HIPAA, is required to sign Business Associate Agreements with certain organizations
COMMUNIQUE. Information Technology (IT) Governance Guidance
COMMUNIQUE 14-COM-002 July 14, 2014 Information Technology (IT) Governance Guidance The Credit Union Prudential Supervisors Association (CUPSA) has established an IT Risk Working Group to focus on IT governance
NOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 Revision Date: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
TABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
HIPAA Security. 1 Security 101 for Covered Entities. Security Topics
HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &
WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance
WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance SEC-STM-072014 07/2014 Contents Patient Choice... 2 Security Protections... 2 Participation Agreement... 2 Controls... 3 Break the Glass...
Vermont Information Technology Leaders
Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 1 Policy Title: Information Privacy and Security Management Process IDENT INFOSEC1 Type of Document:
The Challenge of Implementing Interoperable Electronic Medical Records
Annals of Health Law Volume 19 Issue 1 Special Edition 2010 Article 37 2010 The Challenge of Implementing Interoperable Electronic Medical Records James C. Dechene Follow this and additional works at:
RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER
RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based
Compliance Considerations in the World of an EHR. Community Health Network. Epic Journey 4/24/2014
Compliance Considerations in the World of an EHR Jackie Smith, CHC, CHPC Network Privacy & Compliance Officer Community Health Network April 8, 2014 Community Health Network 7 Hospitals, 12 Outpatient
NOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: September, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
BILLING COMPANY STANDARDS
BILLING COMPANY STANDARDS ASSESSING PRACTICE VALUE OF OUTSOURCING Cost Saving Efficiencies gained Improved collections Compliance Once a decision to out source is made the following due diligence should
NOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 Revision Date: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
White Paper. Trends in Hospital Professional Liability Operations. Macro Trends in Hospital Insurance Operations
Trends in Hospital Professional Liability Operations White Paper Hospital systems today are facing an increasingly difficult operating environment. Revenues and reimbursements are decreasing, the capital
Cloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
Healthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte
Healthcare Data in the Cloud A Gathering Storm of Governance Erik Pupo Senior Manager, Deloitte Objectives for this Webinar Explain what the healthcare cloud really means Highlight emerging challenges
case study Denver Health & Hospital Authority IT as a Change Agent in the Transformation of Healthcare Summary Introductory Overview ORGANIZATION:
The Computerworld Honors Program Denver, Colorado, United States Summary For the past nine years, has partnered with Siemens Medical Solutions to further its mission as a safety net city-wide hospital
Sponsor Site Questionnaire FAQs Regarding Maestro Care
Sponsor Site Questionnaire FAQs Regarding Maestro Care Data Security and Validation 1. Are the electronic source documents or computer systems specific to the site and/or developed by the site? a. Developed
Microsoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
What Virginia s Free Clinics Need to Know About HIPAA and HITECH
What Virginia s Free Clinics Need to Know About HIPAA and HITECH This document is one in a series of tools and white papers produced by the Virginia Health Care Foundation to help Virginia s free clinics
HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates
HIPAA Myths WEDI Regional Affiliates Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards
Sustainable Compliance: A System for Ongoing Audit Readiness
View the Replay on YouTube Sustainable Compliance: A System for Ongoing Audit Readiness FairWarning Executive Webinar Series November 14, 2013 Agenda Sustainable Compliance at St. Charles Health System
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
Information Technology Risk
Information Technology Risk Joint World Bank/Federal Reserve System Seminar for Senior Bank Supervisors from Emerging Economies Adrienne Haden & Mike Wallas Board of Governors of the Federal Reserve System
HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA)
Sí necesita ayuda para traducir esta información, por favor comuníquese con el departamento de Servicios a miembros de Highmark Delaware al número al réves de su tarjeta de identificación de Highmark Delaware.
Lessons Learned from HIPAA Audits
Lessons Learned from HIPAA Audits October 29, 2012 Tony Brooks, CISA, CRISC Partner - IT Assurance and Risk Services HORNE LLP AGENDA HIPAA/HITECH Regulations Breaches and Fines OCR HIPAA/HITECH Compliance
Secure HIPAA Compliant Cloud Computing
BUSINESS WHITE PAPER Secure HIPAA Compliant Cloud Computing Step-by-step guide for achieving HIPAA compliance and safeguarding your PHI in a cloud computing environment Step-by-Step Guide for Choosing
2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
Final. National Health Care Billing Audit Guidelines. as amended by. The American Association of Medical Audit Specialists (AAMAS)
Final National Health Care Billing Audit Guidelines as amended by The American Association of Medical Audit Specialists (AAMAS) May 1, 2009 Preface Billing audits serve as a check and balance to help ensure
Information Technology General Controls (ITGCs) 101
Information Technology General Controls (ITGCs) 101 Presented by Sugako Amasaki (Principal Auditor) University of California, San Francisco December 3, 2015 Internal Audit Webinar Series Webinar Agenda
Voice Documentation in HIPAA Compliance
Voice Documentation in HIPAA Compliance An OAISYS White Paper Americas Headquarters OAISYS 7965 South Priest Drive, Suite 105 Tempe, AZ 85284 USA www.oaisys.com (480) 496-9040 CONTENTS 1 Introduction 2
COMPLIANCE WITH LAWS AND REGULATIONS (CLR)
Principle: Ensuring compliance with applicable laws, regulations and professional standards of practice implementing systems and processes that prevent fraud and abuse. 91 Compliance with Laws and Regulations
Security Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
Health Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
Accountable Care Organizations
Building a Healthy ACO Compliance Program HCCA 2014 Compliance Institute Mary C. Malone, Esq. Hancock, Daniel, Johnson & Nagle, P.C. Disclaimer: The content of this presentation does not constitute legal
Six Steps to Achieving Meaningful Use Qualification, Stage 1
WHITE PAPER Six Steps to Achieving Meaningful Use Qualification, Stage 1 Shefali Mookencherry Principal Healthcare Strategy Consultant Hayes Management Consulting Background Providers can qualify for Stage
HITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
The Practical Guide to HIPAA Privacy and Security Compliance
The Practical Guide to HIPAA Privacy and Security Compliance By Kevin Beaver and Rebecca Herold Published by Auerbach Publications in December 2003 TABLE OF CONTENTS SECTION 1 HIPAA ESSENTIALS 1 Introduction
IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES
PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES TABLE OF CONTENTS A. Overview of HIPAA Compliance Program B. General Policies 1. Glossary of Defined Terms Used in HIPAA Policies and Procedures 2. Privacy
Become a Certified Health Care Compliance Professional
Become a Certified Health Care Compliance Professional Program designed for working professionals and graduate students: Health and legal professionals Graduate students Law students Offered by Hamline
Using Computer Assisted Audit Techniques For More Effective Compliance Auditing and Monitoring In Healthcare Organizations
Using Computer Assisted Audit Techniques For More Effective Compliance Auditing and Monitoring In Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San
Seven Component Framework For Compliance Auditing & Monitoring Physician Contracting In Healthcare Organizations
Seven Component Framework For Compliance Auditing & Monitoring Physician Contracting In Healthcare Organizations Author: Debi J. Weatherford, Vice President, Compliance and Audit Services, Revenue Cycle
Safeguarding the Revenue Cycle from ICD-10. January 22, 2014 James W. Akimchuk Jr.
Safeguarding the Revenue Cycle from ICD-10 January 22, 2014 James W. Akimchuk Jr. Safeguarding the Revenue Cycle from ICD-10 Most healthcare providers are focused on how to be prepared for the October
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) Transactions Standards 1. Health claims 2. Health claim attachments 3. Healthcare payment and remittance advice 4.
Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
Anti-Cloning Campaign: One Individual at a Time RCPA Conference October 6, 2015
NHS Human Services and Magellan Behavioral Health of Pennsylvania present: Anti-Cloning Campaign: One Individual at a Time RCPA Conference October 6, 2015 Presented By: Magellan Karli Schilling, MA, Compliance
Dr. Peters has declared no conflicts of interest related to the content of his presentation.
Dr. Peters has declared no conflicts of interest related to the content of his presentation. Steve G. Peters MD NAMDRC 2013 No financial conflicts No off-label usages If specific vendors are named, will
The Role of Oversight and Monitoring and the Use of Analytics to Increase Effectiveness of your Compliance Program
The Role of Oversight and Monitoring and the Use of Analytics to Increase Effectiveness of your Compliance Program Presented by: David Curé, Vice President and Chief Auditor Christopher Price, Sr. Director,
HIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
Information Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
HIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
Information Systems and Technology
As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons
The Requirements Compliance Matrix columns are defined as follows:
1 DETAILED REQUIREMENTS AND REQUIREMENTS COMPLIANCE The following s Compliance Matrices present the detailed requirements for the P&I System. Completion of all matrices is required; proposals submitted
Agile Technology Controls for Startups a Contradiction in Terms or a Real Opportunity?
Agile Technology Controls for Startups a Contradiction in Terms or a Real Opportunity? Implementing Dynamic, Flexible and Continuously Optimized IT General Controls POWERFUL INSIGHTS Issue It s not a secret
Managing the Weight of the World - Best Practices in Global Subsidiary Compliance. Add TX Chapter logo
Managing the Weight of the World - Best Practices in Global Subsidiary Compliance Add TX Chapter logo September 10, 2014 Kelli Cubeta General Counsel ISS World Robert Munden Senior Vice President, General
PARCA Certified PACS System Analyst (CPSA) Requirements
PARCA Certified PACS System Analyst (CPSA) Requirements Copyright notice: Copyright 2005 PACS Administrators in Radiology Certification Association (PARCA). All rights reserved. All rights reserved. This
Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
HIPAA Notice of Privacy Practices - Sample Notice. Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520)
HIPAA Notice of Privacy Practices - Sample Notice Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520) The information provided in this document does not constitute, and is no substitute
EHR Implementation: What you need to know to have a successful project: Part 2. Bruce Kleaveland President Kleaveland Consulting, Inc.
EHR Implementation: What you need to know to have a successful project: Part 2. Bruce Kleaveland President Kleaveland Consulting, Inc. Learning Objectives: Recognize key EHR hardware & network components
HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
Shellie Sulzberger, LPN, CPC, ICDCT-CM. Coding & Compliance Initiatives, Inc.
Shellie Sulzberger, LPN, CPC, ICDCT-CM Coding & Compliance Initiatives, Inc. My connection to coding and documentation My connection to clinical processes My connection to ICD-10 My connection to YOU Coding
Table of Contents. Preface... 1. 1 CPSA Position... 2. 1.1 How EMRs and Alberta Netcare are Changing Practice... 2. 2 Evolving Standards of Care...
March 2015 Table of Contents Preface... 1 1 CPSA Position... 2 1.1 How EMRs and Alberta Netcare are Changing Practice... 2 2 Evolving Standards of Care... 4 2.1 The Medical Record... 4 2.2 Shared Medical
LIFESTREAM BEHAVIORAL CENTER, INC. JOINT NOTICE OF PRIVACY PRACTICES. Effective Date: April 14, 2003
LIFESTREAM BEHAVIORAL CENTER, INC. JOINT NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 THIS DOCUMENT DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET
HIM 111 Introduction to Health Information Management HIM 135 Medical Terminology
HIM 111 Introduction to Health Information Management 1. Demonstrate comprehension of the difference between data and information; data sources (primary and secondary), and the structure and use of health
California Community Clinics EHR Assessment and Readiness
How do you know if your clinic is ready for an electronic health record? Successful transition from paper-based charts to an electronic health record (EHR) requires organization-wide commitment, significant
LIS Implementation and Work Flow Design: Getting the Most Out of Your LIS
LIS Implementation and Work Flow Design: Getting the Most Out of Your LIS Kathy M. Davis, B.S.,MT(ASCP) Tuesday, October 4, 2011 October 4, 2011 Pathology Informatics 2011 1 October 4, 2011 Pathology Informatics
2014 ACMPE Exam Blueprint
2014 ACMPE Exam Blueprint The medical practice management profession has always and will continue to evolve and change. To ensure that board certification continues to be the most effective, and contemporary
Third Party Security: Are your vendors compromising the security of your Agency?
Third Party Security: Are your vendors compromising the security of your Agency? Wendy Nather, Texas Education Agency Michael Wyatt, Deloitte & Touche LLP TASSCC Annual Conference 3 August 2010 Agenda
I P A A P R I V A C Y R U L E I.
HIPAA Task List from regulations minimum requirements H I P A A P R I V A C Y R U L E I. Individual Rights/Communications Notice of Privacy Practices Develop model notice(s) P&Ps for distributing notices
Centricity Physician Office
Centricity Physician Office 2005 User Summit EMR Orders Implementation in an Enterprise Don Sepulveda, Clinical Consultant GE Healthcare Clay Williams, Clinical Consultant GE Healthcare Peggy Romfh, Project
Cloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
Introduction. By Santhosh Patil, Infogix Inc.
Enterprise Health Information Management Framework: Charting the path to bring efficiency in business operations and reduce administrative costs for healthcare payer organizations. By Santhosh Patil, Infogix
Meaningful Use and Core Requirement 15
Meaningful Use and Core Requirement 15 How can I comply the lack of time and staff... www.compliancygroup.com 1 Meaningful Use and Core Requirement 15 Meaningful Use Protection of Protected Health Information
Southern Law Center Law Center Policy #IT0014. Title: Privacy Expectations for SULC Computing Resources
Southern Law Center Law Center Policy #IT0014 Title: Privacy Expectations for SULC Computing Resources Authority: Department Original Adoption: 5/7/2007 Effective Date: 5/7/2007 Last Revision: 9/17/2012
Revenue Integrity Strategies
Agenda Discuss the key activities performed, risks and typical deficiencies that exist, and various process improvement strategies within the following revenue cycle components: Patient Access Utilization
Authorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
The Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses
Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses DR. KIBBE S RESPONSES What is health information exchange? How can health information exchange help my practice? Can I comply
Governance Custodian to changing business trends and IT landscape
Governance Custodian to changing business trends and IT landscape SURESH GP Trend on Governance Companies with effective IT Governance have profits that are 20 % higher than other companies pursuing similar
APPROVED BY: DATE: NUMBER: PAGE: 1 of 9
1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless
EHR s-new Opportunities for the Confident Coder
EHR s-new Opportunities for the Confident Coder Angela Jordan, CPC Chair AAPCCA Board of Directors Manager Coding and Compliance EvolveMD amjordan.cpc@gmail.com Objective EHR basics Basic knowledge of
HIPAA CHECKLISTS DEVELOPING YOUR HIPAA DOCUMENTS PRACTICAL TOOLS AND RESOURCES. MASSACHUSETTS MEDICAL SOCIETY Getting Ready for
MASSACHUSETTS MEDICAL SOCIETY Getting Ready for HIPAA BASIC ELEMENTS FOR COMPLIANCE WITH THE PRIVACY REGULATIONS CHECKLISTS Assess and Begin Your HIPAA Compliance Efforts DEVELOPING YOUR HIPAA DOCUMENTS
General HIPAA Implementation FAQ
General HIPAA Implementation FAQ What is HIPAA? Signed into law in August 1996, the Health Insurance Portability and Accountability Act ( HIPAA ) was created to provide better access to health insurance,
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
Jonathan Siff, MD, MBA, FACEP MetroHealth Medical Center
Jonathan Siff, MD, MBA, FACEP MetroHealth Medical Center Discuss some basic definitions List benefits of electronic records systems and reasons for getting one Discuss types of systems in broad terms Learn
Presented by: Patrick Gauthier September 2011
IADDA Annual Conference Consortium Approaches to Adopting and Purchasing EHR Systems A Vision so for Substance Use Disorder Treatment e t Providers Presented by: y Patrick Gauthier September 2011 Problem
CUSTOMER CASE STUDIES: HIPAA COMPLIANT HOSTING
CUSTOMER CASE STUDIES: HIPAA COMPLIANT HOSTING At Connectia, integrity is everything. From our people to your data, we embrace integrity as our hallmark. That s why healthcare organizations, healthcare
Lessons Learned from OCR Privacy and Security Audits
Lessons Learned from OCR Privacy and Security Audits Program Overview & Initial Analysis Linda Sanches, MPH Verne Rinker, JD MPH Presentation to IAPP Global Privacy Summit March 7, 2013 Program Mandate
Evergreen Solutions Lowering the cost of EHR ownership
Evergreen Solutions Lowering the cost of EHR ownership As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the
Policy & Procedure AUTUMN RIDGE RESIDENTIAL CARE. March, 2013
AUTUMN RIDGE RESIDENTIAL CARE Policy & Procedure HIPAA / PRIVACY NOTICE OF PRIVACY PRACTICES FUNCTION NUMBER PRIOR ISSUE EFFECTIVE DATE March, 2013 PURPOSE To ensure that a Notice of Privacy Practices
Eye Clinic of Bellevue, LTD. P.S. Privacy Policy EYE CLINIC OF BELLEVUE LTD PS NOTICE OF INFORMATION PRACTICES
Eye Clinic of Bellevue, LTD. P.S. Privacy Policy EYE CLINIC OF BELLEVUE LTD PS NOTICE OF INFORMATION PRACTICES Date of Last Revision: 4/8/03 Effective Date: Immediately This information is made available
Qualified Entity (QE) Member Facing Services Requirements
Qualified Entity (QE) Member Facing Services Requirements Version 1.2 REVISED June 2014 AS DEVELOPED THROUGH THE STATEWIDE HEALTH INFORMATION NETWORK OF NEW YORK (SHIN-NY) POLICY STANDARDS Table of Contents
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. NOTICE OF PRIVACY PRACTICES Understanding Your