Pristine Technology Solutions, Inc.

Transcription

1 Pristine Technology Solutions, Inc.

2 25 Measures 1. CPOE for Medication Orders 2. Drug Interaction Checks Drug-Drug/Allergy 3. Maintain Problem List 4. Permissible Prescriptions - eprescribing 5. Active Medication List 6. Medication Allergy List 7. Record Demographics 8. Record Vital Signs 9. Record Smoking Status 13 Years or Older 10. Clinical Quality Measures-CMS/States 11. Clinical Decision Support Rule (1) 12. Electronic Copy of Health Info.- Upon Request 3BD 13. Clinical Summaries Each Office Visit 3 BD 14. Electronic Exchange of Clinical Information 15.Protect Electronic Health Information 16. Drug Formulary Checks 17. Clinical Lab Test Results Structured Data 18. Patient Lists 19. Patient Reminders Per Patient Preference 20. Patient Electronic Access - Portal 21. Patient-specific Education Resources 22. Medication Reconciliation 23. Transition of Care Summary Referrals 24. Immunization Registries Data Submission 25. Syndromic Surveillance Data Submission CORE MENU

3 Measure Number 15 Protect Electronic Health Information Objective Capability to exchange key clinical information (for example, problem list, medication list, medication allergies, and diagnostic test results), among providers of care and patient authorized entities electronically. Measure Conduct or review a security risk analysis in accordance with the requirements under 45 CFR (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

4

5

6

7

8

9

10 State Attorney General Permits civil actions on behalf of patients May enjoin the actions; and Obtain damages not to exceed $25,000 annually Attorneys fees may be recovered by State

11

12 Meaningful Use Measure 15

13

14

15

16 The Risk Healthcare practices are at significant risk of financial loss resulting from a breach of patient information. The Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) and Payment Card Industry Standards (PCI) all impose substantial fines and penalties on health care entities that disclose patient information. Thieves target patients personal information (social security numbers, American Express, Visa and MasterCard numbers, addresses, phone numbers, and drivers license numbers), along with patients confidential medical data. Data breaches are not limited to outside hackers or burglars, many times even trusted employees purposely or inadvertently allow patient data to be breached. The U.S. Department of Health and Human Services (HHS) recently announced a broad-based enforcement initiative to crack down on HIPAA and HITECH violators.

17 Minimal levels of Penalties based on Intent: $100 - $25,000 Person did not know and would not have known $1,000 - $100,000 Reasonable cause and not willful neglect $10,000 - $250,000 Willful neglect $50,000 -$1,500,000 Willful neglect and not corrected

18 The Risk Human error remains the greatest threat to healthcare data security. In a survey conducted in 2012 by HIMSS*, 79% of respondents reported that a security breach was perpetrated by an employee. Everyone from cafeteria workers to surgeons will come into contact with patient data and that they will do so in even more ways from work computers, through paper records, via mobile devices and more it becomes clear that evolving threats will always outpace even the most thorough regulatory requirements, said Brian Lapidus, senior vice president for Kroll Advisory Solutions in a press release dated April 11, *Healthcare Information & Management Systems Society

19 The Risk In a press announcement dated April 24, 2012, Leon Rodriguez, Director of OCR emphasized, We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity. Small physician practices should take note that they are not immune to OCR investigation. Ober/Kaler s Healthcare Information Technology and Privacy Group

20 The Risk HIPAA Violations Common ways a data breach can occur: Backing up PHI and taking it home Office mail containing PHI Employees being uneducated about the proper ways to store and discard private information Having unsupervised staff (i.e. cleaning crew or maintenance) working after hours Employees sharing stories about patient cases Source: HHS Office of Civil Rights Report to Congress

21 Questions

22 The Program HIPAA Safeguard A web portal that serves as a compliance resource to effectively manage the ever-changing landscape of HIPAA/HITECH and PCI. Our no obligation risk assessment to detect vulnerabilities. Customer service center staffed by data security professionals. Up to $100,000 of protection per healthcare practice for costs associated with data breach of patient information covered under the program. Protection for civil fines and penalties mandated by HIPAA/HITECH as relates to the breach of protected health information. Protection for PCI fines levied by the payment card brands (e.g. American Express, Visa and MasterCard) from a breach of payment card information.

23 The Program Online Assessment

24 The Program Report Card

25 The Program Data Privacy & Security All HIPAA Safeguard Participants receive: Access to web portal providing HIPAA and PCI privacy and security information and tools: HIPAA security rule forms and policies HIPAA privacy rule guidance, forms, policies Sample agreements for covered entities and business associates PCI data security standards Access to Customer Service Center

26 The Program HIPAA Protection HIPAA Protection For HIPAA violations resulting from a data breach, the program provides the following protection per the terms and conditions: Mandatory forensic investigation Crisis management (notification to victims, identity monitoring) Civil fines and penalties HIPAA data breach includes: Theft of electronic patient files Physical theft of patient files Accidental release of patient information Employee theft of patient files or related information Malicious software attacks

27 The Program - HIPAA Protection HIPAA and PCI-DSS Data Breach Program Limits $100,000 aggregate limit of protection per healthcare practice $25,000 sub-limit for crisis management (i.e. notification cost) $5,000 annual aggregate deductible (negotiable based on enrollment) HIPAASafeguard is a product of RGS Ltd., LLC. and this information is intended to present a general overview for illustrative purposes only. It is not intended to constitute a binding contract. Please remember that only the relevant insurance policy can provide the actual terms, coverage's, amounts, conditions and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.

28 The Program PCI DSS Breach Protection PCI Protection For Visa/MasterCard PCI violations resulting from a data breach: the program provides the following protection per the terms and conditions: Mandatory forensic investigation, Assessments (such as card replacement costs) Fines and penalties imposed by Visa/MasterCard Visa/MasterCard data breach includes: Theft of electronic cardholder or check information. Physical theft of cardholder or check information. Employee theft of cardholder information.

29 The Program Customer & Claim Support Customer Support Professional forensic auditors available by phone or . Available to answer questions about the program and your procedures. Any questions related to the protection are answered by a licensed insurance agent. Claims Support Reporting of breaches and claims can be done online or by phone. Once the online form is completed, HIPAA Safeguard will contact the medical site to prepare a response plan and file a claim.

30 About Royal Group Services (RGS) RGS is a leader in delivering unique programs to protect healthcare providers, banks, and merchants from data security risks associated with HIPAA, HITECH and the Payment Card Industry (PCI). The RGS executive team has decades of experience in working to expand business opportunities in both local and national perspectives. insurance, healthcare and payment card industries. We pride ourselves in offering best in class products. RGS has forged exclusive partnerships with some of the largest and most respected organizations representing healthcare professionals and the electronic payments industry. This RGS program is backed by our longtime partner, Chartis Insurance Company, which is one of the largest insurance companies in the world.

31 Questions

32

33 Value Proposition 2 Day Seminar HIPAA Safeguard Protection Service Cost Service Cost Event (per provider) Plane Ticket $500 Hotel $125 2 Days Work $3000 Time Working Process $1295 Protection (per practice) Priceless $49.99 per month Total for Seminar $4,931 8 Years Protection $4,799 2 Providers $9, Years Protection $9,598 Protection $0 Protection $100,000

34

35 Risk Assessment Risk Assessment Information Security Policy Program Management & Support Asset Management Trustworthy Human Resources Physical & Environmental Security Information Technology Communications & Operations Access Control Systems & Application Development Incident Response Business Continuity Management Program Maintenance & Compliance