Florida HIE Gateway of Gateway Partners Readiness Questionnaire

Similar documents
Florida Health Information Exchange Subscription Agreement for Patient Look-Up and Delivery Services

WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance

2015 Minnesota e-health Summit Data Privacy and Security Prevailing Federal Laws for Local Public Health

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

For the purposes of this Policy and Procedure, the following definitions apply:

Business Associate and Data Use Agreement

How To Write A Community Based Care Coordination Program Agreement

ConnectVirginia EXCHANGE Onboarding and Certification Guide. Version 1.4

ILHIE Authority Data Security and Privacy Committee. Briefing Summary: Policies # 1, 3 (Panel #1) -- Patient Choice, Opt-in/Opt-out

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

Introducing the NASW Updated Sample HIPAA Privacy Forms and Policies

Appendix : Business Associate Agreement

INTRODUCTION. The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment

HIPAA Compliance and HIE

Florida Health Information Exchange Subscription Agreement for Direct Secure Messaging Services

Receipt of the BAA constitutes acceptance thereof, provided that you do not provide a written objection within fourteen (14) days of receipt.

I. Purpose. Applicability of Policies. NATE-Policy #3.c.1

Health Homes Implementation Series: NYeC Privacy and Security Toolkit. 16 February 2012

Model Business Associate Agreement

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT RECITALS

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

Training Guide for Florida Practitioners and Pharmacists. Florida Department of Health Prescription Drug Monitoring Program

COLUMBIA UNIVERSITY USAGE POLICY

Arizona Medical Information Exchange Proof Of Concept. Privacy & Security Policy Manual version 1.0

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

MERCY HEALTH MEDICAL TRANSPORTATION SERVICES PRIVACY NOTICE Revised Notice Effective Date: September 23, 2013

BUSINESS ASSOCIATE AGREEMENT

Request for Proposal. Integration System

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT. Recitals

Training Guide for Florida Practitioners and Pharmacists

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

NOTICE OF PRIVACY PRACTICES

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

Privacy Requirements Definition and Testing in the Healthcare Environment

Authorized. User Agreement

Check In Systems. Software Usage Agreement

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

Laying a Foundation for the Next 10 Years of Secure, Interoperable Exchange

FACT SHEET: Ransomware and HIPAA

Bradley D. Powell, PhD NOTICE OF PRIVACY PRACTICES: Effective June 1, 2004

Our Commitment to Information Security

KESWICK MULTI-CARE CENTER, INC. NOTICE OF PRIVACY PRACTICES

Population Health Management Program Notice of Privacy Practices from Evolent Health

How To Treat A Medical Condition

BUSINESS ASSOCIATE AGREEMENT

HIPAA NOTICE OF PRIVACY PRACTICES Woodlands Behavioral Healthcare Network (WBHN)

Health Partners HIPAA Business Associate Agreement

HomeCare Rehab and Nursing, LLC (HCRN) (DBA - Baker Rehab Group) Notice of Privacy Practice

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

EXHIBIT 2. CityBridge Privacy Policy. Effective November 4, 2014

SOP 502L: INTERNET/SOCIAL MEDIA-BASED RESEARCH

Sample Business Associate Agreement Provisions

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

HIPAA BUSINESS ASSOCIATE AGREEMENT

Health Record Banking Alliance White Paper

HIPAA S BUSINESS ASSOCIATE REQUIREMENTS FOR PATHOLOGISTS AND LABORATORIES

BUSINESS ASSOCIATE AGREEMENT

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

BUSINESS ASSOCIATE AGREEMENT

McZeely Coterie, LLC Privacy Notice. Effective Date of this Privacy Notice: February 11, 2015.

BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE SUBCONTRACTOR AGREEMENT

Tackling the Information Protection Essentials of Health Information Exchange. Carol Diamond, MD, MPH Managing Director, Markle Foundation

BUSINESS ASSOCIATE AGREEMENT ( BAA )

Issues to Address: The Privacy Concerns of Individuals

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

HIPAA SECURITY AWARENESS

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

Compliance Document for Holland Public Schools, G-768

BUSINESS ASSOCIATE AGREEMENT

Data Protection Good Practice Note

Clinical Document Exchange Integration Guide - Outbound

Pennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure User Guide. Version 1.0.

3Degrees Group, Inc. Privacy Policy

HIPAA Templates. Health Plan Privacy Edition Version 2.4. Policy and Procedure Templates

Implications of HIPAA Requirements on Healthcare Payment Processing

Maintaining the Privacy of Health Information in Michigan s Electronic Health Information Exchange Network. Draft Privacy Whitepaper

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.

BUSINESS ASSOCIATE AGREEMENT

Meaningful Use Stage 2 & HIPAA: The Relationship between HIPAA and Meaningful Use Privacy & Security Regulations View the Replay on YouTube

Reproductive Medicine Associates of New Jersey, LLC

HIPAA BUSINESS ASSOCIATE AGREEMENT

Releasing Information

8.03 Health Insurance Portability and Accountability Act (HIPAA)

BUSINESS ASSOCIATE AGREEMENT

New HIPAA Rules and EHRs: ARRA & Breach Notification

Compliance Document for Kalamazoo College, G-1013

SDC-League Health Fund

Population Health Management Program Notice of Privacy Practices

Transcription:

Florida Health Information Exchange Patient Look-Up Service Gateway of Gateway Partners Questionnaire 6/24/2015 1

Table of Contents Introduction... 3 Florida Public Records Law... 4 General Information... 5 Primary Points of Contact Information... 5 Organization Information... 6 Logistics Information... 6 Health Information Exchange (HIE) Questions... 7 Security Implementation Questions... 7 Privacy Implementation Questions... 8 Consent Exchange Implementation Questions... 9 Attachment A: Consent Form SSA... 9 Attachment B: Florida Consent Form for Full Disclosure... 9 2

Introduction The Florida Health Information Exchange (Florida HIE) Patient Look-Up (PLU) service enables an authorized health care provider to search for and retrieve his/her patient s clinical data from other network participants at the point of care for treatment purposes. This Gateway of Gateway Partner Readiness Questionnaire is focused on prospective provider networks who wish to participate in the Florida HIE PLU service via the ehealth Exchange. The Florida HIE deploys a federated data architecture model. This model provides centralized services connected through a Florida HIE gateway at each participant site s edge system and includes integration engine/data connectors that leverage the site s local Master Patient Index (MPI). The Florida HIE is a participant in the ehealth Exchange providing a gateway to our federated HIE. Due to requirements in Florida law for obtaining explicit patient authorization to release certain sensitive conditions, the Florida HIE currently limits Gateway Partner health information exchange to organizations obtaining consent to query. With consent to query, the querying organization obtains the patient s on-going permission to search for and retrieve health information about the patient. To assist Harris Corporation s (Harris) team in assessing your organization s readiness to be a Florida HIE Gateway Partner, please complete and submit this questionnaire and e-mail it to FLHII@ahca.myflorida.com. A Florida HIE representative will contact you for follow-up. Gateway Partners are expected to understand and exchange in accordance with the gateway policies of the Florida HIE which reflect the laws of Florida and similarly provide such information about the destination state of the Partner if outside Florida. Gateway policies include: Outbound requests must be supported by documentation of explicit patient consent ( consent to query ) unless staff of an emergency department of a licensed hospital performed the query and it was not possible to obtain consent from the patient or family; Documentation of explicit patient consent or medical emergency documentation (name of medical personnel to whom disclosure was made, his/her affiliation with the hospital, date and time of query, and the nature of the emergency) will be securely transmitted to the PLU privacy manager within 72 hours of a request using Direct Messaging or another means mutually agreed upon; The Florida HIE reserves the right to cease exchange with a partner which does not exchange in accordance with these policies. 3

Florida Public Records Law Answers to this questionnaire are subject to Florida public records law. If your organization will be disclosing trade secret information, you will need to designate which sections are considered trade secrets by marking each page upon which such information appears, Trade Secret as defined in Section 812.081, Florida Statutes. Information specifically identified as a trade secret under Section 812.081, Florida Statutes, will be kept confidential to the extent provided by law. Designating material simply as proprietary will not necessarily protect it from disclosure under Chapter 119, Florida Statutes. 4

General Information Organization Name: Click here to enter organization name Mailing Address: Click here to enter organization mailing address Primary Points of Contact Information 1. Who is your Program Management Point of Contact? (This person will be responsible for ensuring mutual vision of exchange is realized.) Name: Title: Phone Number: office Phone Number: cell Email: Click here to enter name Click here to enter title. Click here to enter e-mail. 2. Who is your Technical Point of Contact? (This person will be responsible for operational requirements for exchange.) Name: Title: Phone Number: office Phone Numbers: cell Email: Click here to enter name. Click here to enter title Click here to enter e-mail. 3. Who is your Privacy/HIPAA Compliance Officer Point of Contact? (This person will be responsible for the sending and receiving documentation of consent.) Name: Title: Phone Number: office Phone Number: cell Email: Click here to enter name. Click here to enter title. Click here to enter e-mail. 5

Organization Information 1. Is your organization a legal entity? Yes/No. 2. Type of Legal Entity (C Corporation, S Corporation, LLC, limited partnership, general partnership)? Click here to enter type. 3. Date of incorporation or legal formation: Click here to enter date. 4. Are you a not-for-profit organization under the IRS tax code? Yes/No. 5. Are you licensed to do business in the State of Florida? Yes/No. 6. Please describe what type of industry organization you are (e.g., integrated delivery network, health system, regional health information organization): Click here to enter type. 7. Are you considered a covered entity under HIPAA? Yes/No. 8. Are you considered a business associate of one or more covered entities under HIPAA and have written business associate agreements with those covered entities? Yes/No. Logistics Information 1. When would you be interested in becoming an exchange partner with the Florida HIE PLU service? (e.g., As soon as possible, within 6 months, within 1 year, or within 2 years) Click here to enter timeframe. 2. Are you willing to obtain patient authorizations/consents and other documentation as required by Florida HIE policy to assure compliance with Florida law? Yes/No. If yes, please attach a copy of the consent form you will use. See examples of acceptable explicit consent forms in Appendix A and B. 3. Are you willing to send documentation to the Florida HIE regarding authorizations/consents and other documentation when requested as required by Florida HIE policy to assure compliance with Florida law? Yes/No. 4. Are you able to send and receive consent documents using a Direct Trust accredited Direct Messaging service? Yes/No. Please indicate other modes of secure transport if Direct Messaging is not available: Click here to enter option. 6

Please answer the following questions to the best of your ability. If a specific section or question is not applicable to your organization, please leave it blank. Health Information Exchange (HIE) Questions 1. 2. 3. 4. 5. Does your HIE exchange data using a Continuity of Care Document (CCD) XML payload? Do you support the Consolidated Clinical Document Architecture (C- CDA)? What type of patient matching do you support? Please describe and indicate whether deterministic or probabilistic. How many unique patients do you estimate have clinical data contained and accessible within your network (i.e., unique patients in MPI?) What other types of data formats do you support that could potentially be used to generate a payload (e.g., PDF,.doc,.rtf, TIFF, JPEG, ebxml, etc.)? Security Implementation Questions 1. 2. Do you fully comply with the HIPAA Security Rule? Have you performed a HIPAA compliant assessment of the current potential security risks and vulnerabilities to the confidentiality, integrity, and availability of Electronic Protected Health Information (EPHI) held by your organization and your business associates? 7

3. 4. Do you have an updated Risk Management Plan addressing the implementation of security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level? Have you had any security breaches in the last 5 years? If so, please describe the cause of the breach and what steps were taken to address any issues. Privacy Implementation Questions What procedures and tools do you use to grant and deny access to PHI by 1. your users? How often to you audit them? When registering your users for accounts that can access PHI, do you identity proof them at NIST Level 1, 2, 2. 3, or 4? (Please see: http://nvlpubs.nist.gov/nistpubs/special Publications/NIST.SP.800-63-2.pdf) Please describe any emergency (breakthe-glass) access procedure for users to 3. access PHI. How is Patient Consent (if any) to 4. 2 access PHI administered within your. system? Please describe. Does your organization employ an optin, opt-out or consent to query model 5. of patient authorizations of HIE? Please describe how your organization uses the model employed. Does your organization use consent to 6. query for all exchanges? Please explain exceptions. 8

7. Do you have any federally funded substance abuse treatment programs that are subject to 42 CFR Part 2 in your HIE? If so, can you filter the data? Consent Exchange Implementation Questions Issue Question Response and Discussion 1. What is your estimated number of monthly queries to the Florida HIE for treatment? 2. What is your estimated number of monthly queries to the Florida HIE for emergency treatment? 3. Do you currently have test patient data? 4. Additional comments? Thank you for completing the Florida HIE Gateway Readiness Questionnaire. Please e-mail your responses to FLHII@ahca.myflorida.com (e.g., use the send option within Microsoft Word). A Florida HIE representative will contact you for follow-up information, as needed. Attachment A: Consent Form SSA http://www.socialsecurity.gov/forms/ssa-827.pdf http://ssa.gov/disability/professionals/ssa827_informationpage.htm Attachment B: Florida Consent Form for Full Disclosure http://www.fhin.net/privacyregulations/index.shtml 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information