Hospital Certified Electronic Health Record (EHR) Technology Questionnaire



Similar documents
Your responses will be saved every time you click the NEXT button.

MEDITECH CUSTOMERS & THE OIG QUESTIONNAIRE

NOT ALL RECOMMENDED FRAUD SAFEGUARDS HAVE BEEN IMPLEMENTED IN HOSPITAL EHR TECHNOLOGY

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS

Fraud Prevention in an Increasingly Digitized World

Electronic Signature, Attestation, and Authorship

Full Compliance Contents

DeltaV Capabilities for Electronic Records Management

Guidance and Instructions on Configuring Access and Auditing. NYC Dept. of Health and Mental Hygiene. Primary Care Information Project

EHR s-new Opportunities for the Confident Coder

How To Control A Record System

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

DeltaV Capabilities for Electronic Records Management

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

West Virginia Meaningful Use Registration System Instructions

Compliance and Industry Regulations

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

CMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRS

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

AHLA. E. My Vendor Made Me Do It: New Compliace Risks in EHR

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

SUBJECT: Bureau of Highway Instructional Memorandum Digitally Encrypted Electronic Signatures

ELECTRONIC HEALTH RECORDS

intertrax Suite intertrax exchange intertrax monitor intertrax connect intertrax PIV manager User Guide Version

Office of Inspector General

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

PCI DSS Requirements - Security Controls and Processes

Sunrise Acute Care (SAC) Module 1 New Provider Basic Course

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

To start the pre-approval process, providers must fill out a short online survey, available at:

Internet Banking Internal Control Questionnaire

EMR Pearls and Perils

6/8/2012. Cloning and Other Compliance Risks in Electronic Medical Records

OIG Security Audit: What You Need To Know

IMPLEMENTING AND MAINTAINING ELECTRONIC MEDICAL RECORDS

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Standard: Event Monitoring

Navigating Compliance Landmines in Electronic Health Record (EHR) Documentation

21 CFR Part 11 Electronic Records & Signatures

itrust Medical Records System: Requirements for Technical Safeguards

5/16/2014. Revenue Cycle Impact Documentation risks in an EMR AGENDA. EMR Challenges Related to Billing and Revenue Cycle

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Oracle WebCenter Content

Integrating LANGuardian with Active Directory

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Support for the HIPAA Security Rule

The CIO s Guide to HIPAA Compliant Text Messaging

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

Server Security Checklist (2009 Standard)

Guidance for Industry

HIPAA Compliance Guide

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

White Paper. Support for the HIPAA Security Rule PowerScribe 360

HIPAA. The Health Insurance Portability and Accountability Act, commonly. Health Insurance Portability and Accountability Act of 1996

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

CoSign for 21CFR Part 11 Compliance

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

Sponsor Site Questionnaire FAQs Regarding Maestro Care

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

8/28/2013. Lessons Learned in the EHR. Documentation risks in an EMR AGENDA

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

Information Privacy and Security Program Title:

Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013

PCI Compliance Instructions

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

Munson Medical Center Exchange Clinical Information Objective General Instructions

Adobe Digital Signatures in Adobe Acrobat X Pro

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

CWBdirect Business Online Banking. User Guide

Introduction to Health Insurance

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

The Impact of 21 CFR Part 11 on Product Development

Empower TM 2 Software

Vendor Risk Assessment Questionnaire

Access to Electronic Health Records Policy Franciscan Health System

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

21 CFR Part 11 Implementation Spectrum ES

(EHR) Incentive Program

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Compliance Matrix for 21 CFR Part 11: Electronic Records

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Guidance for Industry

HIT Audit Workshop. Jeffrey W. Short.

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

SonicWALL PCI 1.1 Implementation Guide

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry

9/11 Heroes Stamp Act of 2001 File System

FAQs for OPEN PAYMENTS Mobile for Physicians & OPEN PAYMENTS Mobile for Industry

How To Use Allnet Configuration Utility On A Pc Or Mac Or Ipad (Powerline) With A Powerline (Powerbook) With Powerline 2.5 (Powerbee) With An Ipad Or Powerplug (Powerplug) With

Security standards PCI-DSS, HIPAA, FISMA, ISO End Point Corporation, Jon Jensen,

Transcription:

Page 1 of 10 Hospital Certified Electronic Health Record (EHR) Technology Questionnaire Thank you for taking time to complete this questionnaire. The Office of Inspector General (OIG) is conducting this survey as part of a study on fraud and abuse safeguards in EHRs. Participating will help us learn about the certified EHR technology hospitals are using. Our questions concern the presence of features and capabilities of certified EHR technology, as well as barriers to implementing certain safeguards for increased fraud protection and data integrity. If you have any questions, please contact Kim Yates at 617-565-2911 or Kim.Yates@oig.hhs.gov. Your responses will be saved every time you click the NEXT button. You can return to the questionnaire at any time, using the same link, until you click the red SUBMIT button. Click the PRINT button to print a copy of this questionnaire with your responses. Once you click the red SUBMIT button you will not be able to edit or print your responses. Click the NEXT button to begin. 1. Please provide the following information for the individual(s) completing this questionnaire: Respondent name(s) and title(s): Phone number: Hospital name: The following questions ask about the certified EHR technology this hospital has implemented and attested to meaningful use. 2. What type of EHR technology does this hospital use? One or more commercial vendor product(s) One or more internally developed product(s) A combination of vendor and internally developed products

Page 2 of 10 3. How many years has the hospital used any EHR technology? 4. Is this hospital part of a network of hospitals that use the same EHR technology? The following questions ask about the certified EHR technology's capabilities regarding coding. 5. How are diagnoses and procedures coded at this hospital? Manually by professional coders Automatically with coding software 6. Does this hospital have plans to adopt computer-assisted coding? The following questions ask about user authentication and access to the certified EHR technology. 7. Does access to the hospital EHR technology require the following user authorizations? Unique user ID Password Token-based (e.g., identification card) Biometrics (e.g., fingerprints) Public-key (e.g., PKI, digital certificates) 8. Has the hospital implemented the following policies and procedures regarding access to the EHR technology? Automatic user log-off/ Session time-out Minimum password configuration rules Regular changing of password User agreements or contracts to prevent sharing of passwords

Page 3 of 10 The following questions ask about access to the certified EHR technology by outside entities. 9. Does this hospital allow any outside entity (such as a payer) access to the EHR technology? 10. How does the hospital allow outside entities access to the EHR technology? Remotely On-site 11. Does the hospital establish unique user IDs to track outside entities' activity? The following questions ask about access to the certified EHR technology by outside entities. 14. To what extent does the hospital consider the following to be barriers to allowing outside entities access to EHR technology? EHR technology does not support the capability Hardware does not support the capability Insufficient human resources Funding restrictions/additional costs to implement Insufficient training on EHR technology Inability to integrate with existing systems Inability to limit access to specific patients, encounters, or information Concerns with EHR system performance Concerns with patient privacy Concerns with provider rights Concerns with inappropriate use by outside entities Hospital policy prevents such access Please Specify: To A Large To Some To Little t At All The following questions ask about the certified EHR technology's audit log and metadata

Page 4 of 10 features. Audit logs and metadata track access and changes within an EHR chronologically by capturing data elements such as date and time when users access or change the record. 15. Does the audit log record data for the following events? Each entry or access to the EHR Signature event (the proactive or auto default completion of a patient encounter) Export of EHR document (printed, electronically exported, emailed) Amendments, corrections, or modifications of data Import of data Disabling of audit log Release of encounter for billing Access by an authorized outside entity 16. Does the audit log record the following data? National Provider Identifier (NPI) Date/Time/User stamps Access type (creating, editing, viewing, printing, etc.) Internet Protocol (IP)/ Media Access Control (MAC) address Network Time Protocol (NTP)/ Simple Network Time Protocol (SNTP) synchronized time Method of data entry (direct entry, speech recognition, automated, copy/import, copy forward, dictation) Date/Time/User stamp of original author when data are copied Date/Time/User stamp of original author if data are entered on behalf of another (e.g., an assistant enters clinical information for a physician) The following questions ask about the certified EHR technology's audit log and metadata features. 17. Is the audit log operational whenever the EHR technology is available for updates or viewing?

Page 5 of 10 18. To what extent does the hospital consider the following to be barriers to having the audit log operational at all times? Insufficient storage space for data Impedes system performance Inability to use audit log data (i.e., cannot identify and interpret audit log data) Insufficient human resources Inadequate training on audit log functionality A lack of user guides for audit log functionality To A Large To Some To Little t At All The following questions ask about the certified EHR technology's audit log and metadata features. 19. Can the audit log be disabled? 20. Who can disable the audit log? Any EHR user EHR users who are authorized to access the audit log EHR system administrators 21. Can the audit log be deleted? 22. Who can delete the audit log? Any EHR user EHR users who are authorized to access the audit log EHR system administrators 23. Can the audit log be edited? 24. Who can edit the audit log? Any EHR user EHR users who are authorized to access the audit log EHR system administrators

Page 6 of 10 The following questions ask about the certified EHR technology's audit log and metadata features. 25. How long are audit log data stored? 26. Does the EHR technology allow for the destruction of EHR and audit log data according to the hospital's data retention policies? 27. Can the EHR technology produce a user friendly version of the audit log (i.e., a summary of audit data in a readable format or embedded in an electronic form) for transmitting, printing, or exporting? The following questions ask about the certified EHR technology's audit log and metadata features. 28. Does anyone at the hospital analyze the audit log data? 29. Which of the following individuals at the hospital analyzes the audit log data? EHR system administrator Compliance officer Privacy officer 30. How often is the audit log data reviewed and analyzed? Monthly Quarterly Annually 31. To what extent does the hospital consider the following to be barriers to analyzing audit log data? Insufficient storage space for data Inability to interpret audit log data Insufficient human resources Inadequate training on audit log data To A Large To Some To Little t At All

Page 7 of 10 A lack of user guides for audit functionality The following questions ask about how physician progress notes are entered into the certified EHR technology. 32. To what extent are physician progress notes handwritten and/or dictated instead of directly entered into the EHR at this hospital? All physician progress notes are handwritten/dictated Some physician progress notes are handwritten/dictated and some are directly entered into the EHR physician progress notes are handwritten/dictated 33. How are these physician progress notes maintained? Maintained as a hardcopy Scanned into the EHR Transcribed into the EHR 34.Why are physician progress notes not directly entered into the EHR? 35. How are physician progress notes entered into the EHR? Typed directly into the EHR as free text Entered into the EHR with templates The following questions ask about how nursing notes are entered into the certified EHR technology. 36. To what extent are narrative nursing notes handwritten instead of directly entered into the EHR at this hospital? All narrative nursing notes are handwritten Some narrative nursing notes are handwritten and some are directly entered into the EHR narrative nursing notes are handwritten 37. How are these narrative nursing notes maintained? Maintained as a hardcopy Scanned into the EHR 38.Why are narrative nursing progress notes not directly entered into the EHR?

Page 8 of 10 39. How are narrative nursing notes entered into the EHR? Typed directly into the EHR as free text Entered into the EHR with templates Please Specify: The following questions ask about the certified EHR technology's capabilities regarding exporting and transmitting EHR documents. 40. Are there limits on which EHR users are authorized to electronically export, transfer, or print EHR documents? 41. Does the EHR technology require the user to document why an EHR document was electronically exported, transferred, or printed? 42. Does the EHR technology have the capability to disable the Print Screen function? 43. Does the hospital disable the Print Screen function for the EHR technology? The following questions ask about certified EHR technology features regarding patient access. 44. Do patients have the following electronic access to their EHR data? View their entire EHR View only components of their EHR Ability to comment in their EHR View all entities to which their EHR was released View all the entities who accessed their EHR The following questions ask about certified EHR technology features regarding patient access. 45. To what extent does the hospital consider the following to be barriers to allowing patient access to their EHR data?

Page 9 of 10 EHR technology does not support the capability Hardware does not support the capability Resistance by physicians to have patients access the information Concerns with patient security and privacy Funding restrictions/ additional costs to implementation Insufficient training on the EHR technology Inability to integrate with existing systems Concerns with EHR system performance Hospital policy prevents such access To A Large To Some To Little t At All The following questions ask about the certified EHR technology features regarding patient identity management. 46. What procedures does the hospital require to identify patients upon check-in? Photo identification Established relationship (i.e., visual recognition) Verifying identity based on information an individual can verify (e.g., address, data of birth) Biometric identification 47. For each patient check-in, does the EHR technology have the capability to record which identification procedure was used to confirm patient identity? The following questions ask about additional features and safeguards that the hospital's certified EHR technology may have in place. 48. Can an EHR document be modified after it has been finalized by a "signature event" (i.e., the proactive or auto default completion of a patient encounter)? 49. Are the original unmodified EHR data retained?

Page 10 of 10 50. Can the following features be customized in the EHR technology? Copy/Paste Templates Do t Have That Feature 51. Does the hospital have a policy regarding the use of the copy/paste feature in EHR technology? 52.Please describe the hospital's copy/paste policy: The following questions ask about the additional features and safeguards the the hospital's certified EHR technology may have in place. 53. Has the hospital implemented any of the following safeguards? Policies and procedures for analysis of audit log data Written policies and agreements for EHR users Employee training on privacy Employee training on fraud and abuse prevention Employee training on EHR data integrity Routine review of EHR user privileges 54.Please describe any other procedures, policies, or capabilities specific to the EHR technology that your hospital has implemented in order to maintain data integrity and prevent fraud. Click the PRINT button if you would a copy of this questionnaire with your responses. Please click the red SUBMIT button to complete this questionnaire. Once you do so, you will not be able to change or print your responses. Thank you!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information