ACO Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security It s a Team Sport. Robby Gulri VP, Product Marketing gulri@echoworx.com 8/28/13 1
Industry leading Educa1on Cer1fied Partner Program Please ask ques1ons For todays Slides h#p://compliancy- group.com/slides023/ Todays & Past webinars go to: h#p://compliancy- group.com/webinar/ #CGwebinar 855.85HIPAA www.compliancygroup.com
Real Stats in the Field 8/28/13 3
ACO Accountable Care Organizations Definition Accountable Care Organizations (ACOs) are groups of doctors, hospitals, and other health care providers, who come together voluntarily to give coordinated high quality care to their Medicare patients Goal of coordinated care is to ensure that patients get the right care at the right time, while avoiding unnecessary duplication of services and preventing medical errors Share in the savings it achieves for the Medicare program 8/28/13 4
ACO Illustrated 8/28/13 5
Encryption requirements for ACOs Requirements Scan, Encrypt or Block outbound email Compliance (PHI, PAN, etc) Confidential or Sensitive information Business Process Enablement for Efficiency Replace paper based processes Loan applications, regulatory filings Medical records, insurance claims, and information exchange Automated edocument Delivery Email distribution of documents containing private information Bank, mortgage, credit card statements Bills and invoices Insurance policies and claims 8/28/13 6
The Players within ACOs Providers As networks of providers, ACOs are composed mostly of hospitals, physicians, and other healthcare professionals. Payers The federal government, in the form of Medicare, will be the primary payer of an ACO Other payers include private insurances, or employerpurchased insurance Patients An ACO s patient population will primarily consist of Medicare beneficiaries 8/28/13 7
ACOs and Health Care IT Encryp1on, Security of Data at Rest and in Mo1on 8/28/13 8
4 Essential Technologies for effective ACOs HIEs (Healthcare Information Exchange) Portal Secure Email Push / Pull Analytics Reporting Dashboards Care Management applications Tele Medicine Remote Patient Monitoring Encryption & Security Applications Document Encryption Email Encryption 8/28/13 9
Security Framework for ACOs Secure, online environment which allows for controlled access to and sharing of data on a variety of levels between stakeholders Access to aggregate cost and quality trends by governance and project teams Secure repository for shared aggregate and detailed data Sharing of patient-specific clinical data between responsible caregivers 8/28/13 10
Tools required for Secure Communications Source: AT&T Compliance Report 2013 8/28/13 11
Push / Pull Support 8/28/13 12
Complying to HIPAA for ACOs Becomes even more important as information is constantly being exchanged across multiple organizations and providers More scrutiny and enforcement of HIPAA Omnibus Encryption becomes an important compliance tool and weapon 8/28/13 13
HIPAA Encryption Requirements Standard ~ Transmission Security: Implement technical security measures to guard against unauthorized access to PHI that is being transmitted over an electronic communications network 45 CFR 164.312 (e)(1) Addressable Implementation Feature ~ implement a mechanism to encrypt electronic protected health information whenever deemed appropriate 45 CFR 164.312 (e)(2)(ii) Email containing PHI requires Encryp1on
Addressable Implementation of encryption is not optional Addressable implementation features are not optional, they must be addressed; HCO must either: 1 Implement the feature or 2 Document why it s not reasonable and appropriate to implement feature, and implement an equivalent alternative measure when reasonable and appropriate
Omnibus & Email Encryption More enforcement with Omnibus Direct liability for both Covered Entities and Business Associates More parties involved with PHI exchange Breach Definition have changed Breach is presumed and you have to prove why breach didn t occur Increase Penalties for liability 8/28/13 16
Echoworx Snapshot 8/28/13 17
Thank you 8/28/13 18
HIPAA Compliance HITECH Attestation Omnibus Rule Ready Meaningful Use core measure 15 Free Demo and 60 Day Evaluation www.compliancy- group.com HIPAA Hotline 855.85HIPAA 855.854.4722