Enviar búsqueda
Cargar
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
•
1 recomendación
•
689 vistas
E
Erik Ginalick
Seguir
Denunciar
Compartir
Denunciar
Compartir
1 de 9
Descargar ahora
Descargar para leer sin conexión
Recomendados
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
Erik Ginalick
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected?
Mark Merrill
Hospital information system
Hospital information system
Dr. B L Sharma
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
CitiusTech
21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare IT
CitiusTech
State Of EHR Adoption
State Of EHR Adoption
Wirehead Technology
HITECH Act
HITECH Act
meditrack
Mikhaela ripa
Mikhaela ripa
emerosegal
Recomendados
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
Erik Ginalick
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected?
Mark Merrill
Hospital information system
Hospital information system
Dr. B L Sharma
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
CitiusTech
21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare IT
CitiusTech
State Of EHR Adoption
State Of EHR Adoption
Wirehead Technology
HITECH Act
HITECH Act
meditrack
Mikhaela ripa
Mikhaela ripa
emerosegal
Health it portfolio
Health it portfolio
Pankaj Gupta
Computer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health Record
Rebotto89
NuanceWhitepaperfinal
NuanceWhitepaperfinal
Cheryl Goldberg
What you should know about Meaningful Use
What you should know about Meaningful Use
delmore44
Effective Population Health Management Means Being Able to Predict the Future
Effective Population Health Management Means Being Able to Predict the Future
CitiusTech
Midwest Regional Health - EHR
Midwest Regional Health - EHR
WILLIE GREER
Course Share Presentation
Course Share Presentation
tang76
The Digital Innovation Award - DocDoc
The Digital Innovation Award - DocDoc
The Digital Insurer
E Health Trust
E Health Trust
healthmashr
Learning Activity Justin Hoeft
Learning Activity Justin Hoeft
guest735d17
Healthcare information technology market in india sample (1)
Healthcare information technology market in india sample (1)
anupama0479
Health Care Domain & Testing Challenges
Health Care Domain & Testing Challenges
Mindfire Solutions
eClinicalWorks
eClinicalWorks
Software Finder
Population Stratification Made Easy, Quick, and Transparent for Anyone
Population Stratification Made Easy, Quick, and Transparent for Anyone
Health Catalyst
Healthcare Interoperability and Standards
Healthcare Interoperability and Standards
Arjei Balandra
MDDS for Health Standard Part I
MDDS for Health Standard Part I
Pankaj Gupta
1. keynote dominic mack morehouse school of medicine
1. keynote dominic mack morehouse school of medicine
GreaterRomeChamber
Health information exchange (HIE)
Health information exchange (HIE)
ACCESS Health Digital
Health information standars
Health information standars
Rubashkyn
FHIR for Life Sciences
FHIR for Life Sciences
CitiusTech
Evaluation of A CIS
Evaluation of A CIS
nursemichelle
hitech act
hitech act
padler01
Más contenido relacionado
La actualidad más candente
Health it portfolio
Health it portfolio
Pankaj Gupta
Computer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health Record
Rebotto89
NuanceWhitepaperfinal
NuanceWhitepaperfinal
Cheryl Goldberg
What you should know about Meaningful Use
What you should know about Meaningful Use
delmore44
Effective Population Health Management Means Being Able to Predict the Future
Effective Population Health Management Means Being Able to Predict the Future
CitiusTech
Midwest Regional Health - EHR
Midwest Regional Health - EHR
WILLIE GREER
Course Share Presentation
Course Share Presentation
tang76
The Digital Innovation Award - DocDoc
The Digital Innovation Award - DocDoc
The Digital Insurer
E Health Trust
E Health Trust
healthmashr
Learning Activity Justin Hoeft
Learning Activity Justin Hoeft
guest735d17
Healthcare information technology market in india sample (1)
Healthcare information technology market in india sample (1)
anupama0479
Health Care Domain & Testing Challenges
Health Care Domain & Testing Challenges
Mindfire Solutions
eClinicalWorks
eClinicalWorks
Software Finder
Population Stratification Made Easy, Quick, and Transparent for Anyone
Population Stratification Made Easy, Quick, and Transparent for Anyone
Health Catalyst
Healthcare Interoperability and Standards
Healthcare Interoperability and Standards
Arjei Balandra
MDDS for Health Standard Part I
MDDS for Health Standard Part I
Pankaj Gupta
1. keynote dominic mack morehouse school of medicine
1. keynote dominic mack morehouse school of medicine
GreaterRomeChamber
Health information exchange (HIE)
Health information exchange (HIE)
ACCESS Health Digital
Health information standars
Health information standars
Rubashkyn
FHIR for Life Sciences
FHIR for Life Sciences
CitiusTech
La actualidad más candente
(20)
Health it portfolio
Health it portfolio
Computer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health Record
NuanceWhitepaperfinal
NuanceWhitepaperfinal
What you should know about Meaningful Use
What you should know about Meaningful Use
Effective Population Health Management Means Being Able to Predict the Future
Effective Population Health Management Means Being Able to Predict the Future
Midwest Regional Health - EHR
Midwest Regional Health - EHR
Course Share Presentation
Course Share Presentation
The Digital Innovation Award - DocDoc
The Digital Innovation Award - DocDoc
E Health Trust
E Health Trust
Learning Activity Justin Hoeft
Learning Activity Justin Hoeft
Healthcare information technology market in india sample (1)
Healthcare information technology market in india sample (1)
Health Care Domain & Testing Challenges
Health Care Domain & Testing Challenges
eClinicalWorks
eClinicalWorks
Population Stratification Made Easy, Quick, and Transparent for Anyone
Population Stratification Made Easy, Quick, and Transparent for Anyone
Healthcare Interoperability and Standards
Healthcare Interoperability and Standards
MDDS for Health Standard Part I
MDDS for Health Standard Part I
1. keynote dominic mack morehouse school of medicine
1. keynote dominic mack morehouse school of medicine
Health information exchange (HIE)
Health information exchange (HIE)
Health information standars
Health information standars
FHIR for Life Sciences
FHIR for Life Sciences
Similar a Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Evaluation of A CIS
Evaluation of A CIS
nursemichelle
hitech act
hitech act
padler01
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
kayla_ann_30
Nursing informatic'spresentation
Nursing informatic'spresentation
queeniejoy
CIS Project
CIS Project
sjustus114
Connecting Patient Monitoring Devices to EHRsAn electronic health .pdf
Connecting Patient Monitoring Devices to EHRsAn electronic health .pdf
eyebolloptics
Emerose galvez
Emerose galvez
emerosegal
Electronic Health Records - Market Landscape
Electronic Health Records - Market Landscape
Harrison Hayes, LLC
New Age Technology in Healthcare
New Age Technology in Healthcare
Marcus Selvide
H i t
H i t
King Khan
Questions On The Healthcare System
Questions On The Healthcare System
Amanda Gray
Electronic Health Record (EHR)
Electronic Health Record (EHR)
sourav goswami
Tips for transitioning to electronic health records
Tips for transitioning to electronic health records
ACROSEAS Global Solutions
Chandy Ravikumar
Chandy Ravikumar
Chandy1221
lauren_rosen_compliance_article
lauren_rosen_compliance_article
Lauren Rosen
What explains why certain services were covered and others were not .docx
What explains why certain services were covered and others were not .docx
ajoy21
DHANA FINAL(1)
DHANA FINAL(1)
dhana lakshmi
Him500 Milestone 3Precious Teasley Southern New
Him500 Milestone 3Precious Teasley Southern New
SusanaFurman449
76 CHAPTER 4 Assessing Health and Health Behaviors Objecti.docx
76 CHAPTER 4 Assessing Health and Health Behaviors Objecti.docx
priestmanmable
MyHealthRecords
MyHealthRecords
Rachna Narula
Similar a Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
(20)
Evaluation of A CIS
Evaluation of A CIS
hitech act
hitech act
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Nursing informatic'spresentation
Nursing informatic'spresentation
CIS Project
CIS Project
Connecting Patient Monitoring Devices to EHRsAn electronic health .pdf
Connecting Patient Monitoring Devices to EHRsAn electronic health .pdf
Emerose galvez
Emerose galvez
Electronic Health Records - Market Landscape
Electronic Health Records - Market Landscape
New Age Technology in Healthcare
New Age Technology in Healthcare
H i t
H i t
Questions On The Healthcare System
Questions On The Healthcare System
Electronic Health Record (EHR)
Electronic Health Record (EHR)
Tips for transitioning to electronic health records
Tips for transitioning to electronic health records
Chandy Ravikumar
Chandy Ravikumar
lauren_rosen_compliance_article
lauren_rosen_compliance_article
What explains why certain services were covered and others were not .docx
What explains why certain services were covered and others were not .docx
DHANA FINAL(1)
DHANA FINAL(1)
Him500 Milestone 3Precious Teasley Southern New
Him500 Milestone 3Precious Teasley Southern New
76 CHAPTER 4 Assessing Health and Health Behaviors Objecti.docx
76 CHAPTER 4 Assessing Health and Health Behaviors Objecti.docx
MyHealthRecords
MyHealthRecords
Más de Erik Ginalick
Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
Erik Ginalick
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
Erik Ginalick
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
Erik Ginalick
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
Erik Ginalick
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Erik Ginalick
The Worry Free Network Wp091050
The Worry Free Network Wp091050
Erik Ginalick
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
Erik Ginalick
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
Erik Ginalick
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Erik Ginalick
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Erik Ginalick
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Erik Ginalick
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
Plan For Success White Paper
Plan For Success White Paper
Erik Ginalick
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
Erik Ginalick
Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305
Erik Ginalick
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Erik Ginalick
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Erik Ginalick
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
Erik Ginalick
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
Erik Ginalick
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
Erik Ginalick
Más de Erik Ginalick
(20)
Unleashing The Power Of Customer Data Wp091047
Unleashing The Power Of Customer Data Wp091047
Reaching For The Cloud Wp101366
Reaching For The Cloud Wp101366
Qmoe For Manufacturing Wp090862
Qmoe For Manufacturing Wp090862
Qmoe For Public Sector Wp090863
Qmoe For Public Sector Wp090863
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
Sip Trunk Services The Cornerstone Of Unified Communications Wp101194
The Worry Free Network Wp091050
The Worry Free Network Wp091050
Qmoe For Financial Services Wp090860
Qmoe For Financial Services Wp090860
Qmoe For Healthcare Wp090861
Qmoe For Healthcare Wp090861
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Mpls Future Proofing Enterprise Networks For Long Term Success Wp101094
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Plan For Success White Paper
Plan For Success White Paper
Optimizing Your Communications In A Recession Wp090993
Optimizing Your Communications In A Recession Wp090993
Is Cloud Computing Right For You Wp101305
Is Cloud Computing Right For You Wp101305
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Infrastructures For Innovation Wp090974
Infrastructures For Innovation Wp090974
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
1.
ELECTRONIC HEALTH RECORDS: PROTECTING
YOUR ASSETS WITH A SOLID SECURITY PLAN To maximize the financial and productivity benefits of an EHR solution, you need to implement a security plan that’s right for the structure and needs of your health organization. By Carolyn P. Hartley, MLA Securing the data for your healthcare organization or practice makes good business sense, especially if you use or are transitioning to an Electronic Health Record (EHR) solution. Aside from the investment in your clinical and administrative workforce, patient records are an asset worth protecting. When using an EHR system, all patient records are stored in one location and readily accessible, which can enable faster access to a patient’s health history, problem list, medicatio ns, lab results, diagnostic imaging and work-ups. Medical literature and medication databases that alert or support the practitioner’s care plan also can be rapidly accessed. While an EHR creates a shift in the management and access of patient records, it also requires organizations to give additional thought to having a proper data security plan and allows you to continue safeguarding protected health information (PHI). To take advantage of the benefits you can achieve with EHR and to further protect you r organization’s valuable data, follow these best practices to help build a security plan and: Increase your EHR return on investment (ROI) with proactive secure business preparation strategies. Enable mobility through secure access to confidential records from inside or outside the facility. Protect hardware, EHR and third-party software from security breaches with firewalls and anti-virus software. Ensure availability of EHR information at any time. Provide secure electronic communications with patients, pharmacies and suppliers. MAXIMIZE YOUR ROI The financial incentives provided under the American Recovery and Reinvestment Act of 2009 (ARRA) 1 for EHR have motivated many physician practices and healthcare organizations to implement one. 1 Ronald Sterling, Qwest white paper, ―Electronic Health Records: Helping Healthcare Practitioners Understand the Benefits of Implementing a System,‖ 2009. Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
2.
Although the cost
can be significant, the investment typically pays back in dramatic ways. For example, a practice administrator in a three-physician Texas allergy clinic conducted a time and motion study in 2 which he identified $40,000 to $50,000 in potential savings fr om administrative inefficiencies. By automating workflows, such as scheduling patient visits and sending patient reminders as well as using electronic faxing and computerized physician order entry (CPOE), physicians have used the recovered savings to experience many benefits that allow them to: Eliminate potential errors by accessing a single longitudinal record. Respond to emergencies or weekends on -call without going to the facility to search for a patient chart. Access PHI from anywhere Internet service is available. Securely consult other practitioners involved in the patient’s care. Receive electronic alerts if a patient is admitted to a hospital. Provide educational material relevant to the patient’s diagnosis without having to make copies of copies. 3 Be paid for virtual office visits. Achieving these benefits is within reach of any practitioner no matter the size of the operation. However, it also requires business planning and preparedness to protect your network and your PHI. PROTECT PATIENT CONFIDENTIALITY If you are considering making new hardware purchases, such as mobile devices for clinicians, and you are juggling priorities, it’s a good idea to put the hardware purchase on hold until your EHR selection is finalized, and your internal security measures are in place. You may also want to review how you safeguard PHI. Ensuring the electronic creation, use, storage and transmission of PHI has been the subject of nearly a decade of planning, legislation, stakeholder conferences and public comment. Confidentiality, integrity and availability of data are the three tenets of 4 the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. 2 Carolyn P. Hartley, ―Identify Low-Value Work, then Automate It,‖ For the Record magazine, June 12, 2006, Vol. 18 No. 12 P. 8, available online at http://www.fortherecordmag.com/archives/ftr_06122006p8.shtml . 3 Sheri Porter, ―New, Revised CPT Codes Target Online, Telephone Services,‖ AAFP News Now, February 29, 2008. Available online at http://www.aafp.org/online/en/home/publications/news/news -now/practice- management/20080229cptcodes.html. Use revised CPT codes 99441 (5-10 minutes), 99442 (11-20 minutes) and 99443 (21 to 30 minutes) when report ing medical care via telephone that is initiated by an established patient or by the patient’s guardian. The reporting physician, or a physician of the same specialty in the same practice, must have seen the patient within the past three years. 4 The Office for Civil Rights within the U.S. Department of Health and Human Services maintains updates on privacy and security of electronic health information. View the HIPAA Security Rule and guidance about that rule at http://www.hhs.gov/ocr. Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
3.
5 To safeguard PHI,
the HIPAA Security Rule requires that you conduct a risk analysis to help evaluate where security vulnerabilities exist inside and outside your organization. A risk analysis is considered an industry best practice and is a required annual activity to participate in the Health 6 Information Technology for Economic and Cl inical Health (HITECH) Meaningful Use incentive funds. One forecasting tool is HITECH’s Meaningful Use reporting grid, which identifies quality measures 7 to be captured from 2011 to 2013 and yet-to-be-defined measures for Stage 2 (2013-2014) and Stage 3 (2015). For example, to meet Stage 1 Meaningful Use measures, your EHR system must enable you to provide patients with secure electronic copies of their health information, including lab results, problem list, medication list, allergies, discharge summar y and/or procedures. In your business planning, you need to determine if this can be achieved via one or any combination of the following: The EHR vendor’s secure patient online portal access options The patient’s secure online personal health record appl ication The local or regional health information exchange The risk analysis guides you through questions that evaluate firewalls and virus protection you need from web-based threats. It also explains the security measures to support secure e -communication with other providers or your patients. As a Covered Entity under HIPAA’s Security Rule, your responsibilities include ensuring a secure electronic environment. A Covered Entity is a healthcare provider that conducts certain transactions electronically, (including doctors, clinics and pharmacies), health plan (health insurance companies, HMOs and government healthcare programs) or healthcare clearing house (companies that process health information). 5 Several organizations provide low-cost risk analyses for solo practitioners to multi -departmental risk analyses for hospital systems. 6 Ronald Sterling, Qwest white paper, ―Electronic Health Records: Helping Healthcare Practitioner s Understand the Benefits of Implementing a System,‖ 2009. 7 The Centers for Medicare and Medicaid (CMS) EHR incentive programs will provide incentive payments to eligible professionals, eligible hospitals and critical access hospitals that are meaningfu l users of certified EHR technology. The most current Meaningful Use grid can be found online at http://healthit.hhs.gov. Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
4.
ADMINISTRATIVE SAFEGUARDS Administrative safeguards
approach security at an organizational level so you can evaluate risks and enact policies and procedures to manage those risks. This includes policies to manage the development, implementation and maintenance of security measures to protect PHI. You should reach out to your communications vendor or IT consultant to discuss how you will receive up-to-date information on significant potential threats and vulnerabilities that could impact your system. You should consider having an internal security leader, or s ecurity official, to establish your security policies and procedures. This person is responsible for training the staff on procedures to manage those risks, as well as implementing sanctions for those who accidentally or intentionally put PHI at risk and breach confidentiality, negatively affect productivity and patient trust. These sanctions may include additional training or more stringent actions, including employment discipline. TECHNICAL SAFEGUARDS Technical safeguards establish measures to leverage n etwork and EHR system capabilities in the most secure ways. Safeguards to evaluate include: Role-based access Access audit trails Remote access Application audit Vulnerability testing and reviews Audit trails can help you learn if a current or terminated e mployee accessed information he or she was not authorized to see. When customizing your EHR system, you will be asked to provide user names with their role-based access — this regulates access to your computers and your network resources based on each user ’s job and responsibilities. Aside from your organization’s users, health IT vendors might need access to your local network to provide technical support when necessary. Your organization should also consider a virtual private network (VPN) for offsite users to be able to access your system. For example, a VPN allows practitioners using mobile handheld devices to connect to your EHR. You can also reach out to your communications vendor and ask them to help you understand vulnerabilities you may face and test your system to help you assess your current network integrity. The results can help determine immediate short -term and strategic long-term steps for stabilizing your network. Attack and penetration tests, for example, include having your vendor iden tify system vulnerabilities by attempting to gain access to your network system or your information from either the WAN or LAN. Other tests may include assessing your web applications for various vulnerabilities and misconfigurations. Review unused or unn ecessary programs installed on your network. Ask your IT vendor or IT consultant to identify unused applications that can be discarded or updated to mitigate potential transmission threats or exposure to open networks. Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
5.
In addition, you
can ask your vendor to perform risk assessment based on the National Security Agency’s InfoSec Assessment Methodology, more commonly known as NSA IAM, which can help you craft an action plan to move from your current network’s state to your desired network goals. PHYSICAL SAFEGUARDS Physical safeguards include an analysis of how to protect your facility, workstations and electronic information systems from natural and environmental hazards and unauthorized intrusions. Just as you lock doors to protect your physical assets, p hysical safeguards require you to protect your electronic systems and establish plans to handle contingencies in the event of an emergency or disaster. Here are a few physical risks you may want to identify and manage: Determine whether you need a wired, wireless and/or server-based network, and review the risks and benefits of each. Nearly all organizations today select some type of secure wireless connectivity to their network. Assess how you will protect your hardware and software inventory and who ha s access to tablets, handheld devices or desktop computers. Control access to portable and desktop computers, network servers and information systems. You may decide to employ a security guard, use a keypad or card reader entry system, install deadbolt locks or install biometric systems, such as finger image recognition systems. Develop a contingency plan so your operations continue to operate after a disaster. In the event of a fire, for example, you will need secure access to insurance documents, hardwa re and software inventory. Also, you will want a process to re -establish secure access to health records and business data. This could include gaining secure remote access to your schedule and records of incoming patients. You’ll also want to notify patien ts where to find you until the facility is repaired. In addition, it’s important to know how to report lost or stolen laptops or handheld devices. The Breach Notification Rule details financial penalties and public announcements you must make for a lost o r stolen electronic device, but a safe harbor exists if you encrypt electronic PHI in your database (data at rest) or 8 in your transactions (data in motion). Finally, you can establish policies on how often you should back up your system, how you will rec over from a disaster and what applications are most critical to getting your system up and running again. An IT consultant can guide you through those discussions. 8 45 CFR 164.308(a)(6)(i), NIST SP 800-66, p. 27-28, 68 Federal Register 8377. Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
6.
ONLINE BACKUP MEASURES As
you continue securing your PHI and EHR solutions, it’s also a good time to build your emergency access procedures and develop a contingency plan for downtime. Because systems and networks go down from time to time, it’s a best practice to secure redundant access as a prevention strategy. Investing in 24/7 web support that also monitors downtime is one of the best investments you can make, especially if your organization has developed the good habit of reviewing patient records the evening before a patient encounter. Organizations with server -based systems should consider server mirroring or cloning software that backs up the system in real time. CONCLUSION The move to EHR is a dramatic change to how you and your health organization practices medicine. Look for competent solutions advisors in the following areas: Networking – keeping your organization connected Security/business continuity – safeguarding your data against loss Contact center – enabling you to provide exceptional service An advisor can help ensure that the move is done securely so you can focus on the clinical and administrative workflow changes. ABOUT QWEST BUSINESS Qwest Business is a choice of 95 percent of Fortune 500 companies, offering a comprehensive portfolio of data and voice networking communications solutions to enterprises, government agencies and educational institutions of all sizes. The Qwest network backbone covers the entire continental United States and has one of the largest fiber footprints in the U.S., capable of supporting 40 Gbps data transmission rates now and 100 Gbps soon. Go to Qwest.com/business to see why enterprises coast-to-coast rely on Qwest for first-class communications solutions and to learn more about Qwest’s commitment to perfecting the customer experience. ABOUT THE AUTHOR Carolyn P. Hartley is president and CEO of Physicians EHR LLC. She has been in healthcare since 1982 and in health information technology for more than a decade. She is lead or co -author of 13 textbooks on privacy, security and EHR implementation and also serves as EMR technical advisor to oncology, gastroenterology, community health centers and dental societies and providers. Her books include EHR Implementation: A Step by Step Guide for the Physician’s Office (AMA Press) and Handbook for HIPAA Security Implementation (AMA Press). Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
7.
Voice over Internet
Protocol (VoIP) uses the Internet to connect phone calls, which can bypass some of the charges associated with traditional telephone lines. VoIP also has the potential to untether your workforce from their desk, by allowing them to respond to and make patient calls using the VoIP wireless network. During a disaster recovery situation, this capability is a significant benefit that enables a physician to stay in touch with patients without being at the facility. Evaluating the option of VoIP requires the use of strategies similar to TIPS ON CHOOSING A VOICE AND DATA PROVIDER selecting your EHR. Here are some issues to consider and questions to ask: SERVICE PROVIDER’S REPUTATION • How long has the company been in business? • Ask for references from other practitioners who are in your area and use the system and who are similar to your size. COSTS • Are VoIP service fees the same for national and international calls? • What are the terms for contract termination? • Does the VoIP provider charge an installment fee? • Ask to see a sample invoice to evaluate user fees and taxes. TECHNICAL SUPPORT • Who will install the system? • What kind of technical support and training will you receive after the system is live? • How quickly does your technical support react to incidents? EQUIPMENT AND BANDWIDTH • Who provides the customer with equipment, such as modems and phones? • Who verifies that the service and equipment will connect with your network? • What bandwidth will you need, especially as you transition to an EHR? BUSINESS PREPAREDNESS • Is the VoIP system dependent on electricity to power the network translator? If so, how will you communicate if a power failure occurs? • Will the VoIP phones communicate clearly with existing phone sets? • How often is service upgraded and what business interruption guarantees will you receive during upgrades? If you receive satisfactory responses, document the decisions you made with the VoIP service provider and then coordinate the installation. It’s best to go live on the new service before or after implementing the EHR, but not concurrently. Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
8.
t
Building or refining your healthcare organization’s security plan can deliver the results you expect, especially if you follow these steps. CONDUCT A RISK ANALYSIS • Review current Protected Health Information (PHI) safeguards: http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/ safeguards.pdf • Use HITECH’s Meaningful Use Reporting Grid: CHECKLIST: DATA SECURITY PLAN FOR YOUR EHR • Evaluate firewalls and virus protection • Review security measures for secure e-communications http://healthit.hhs.gov • Review your responsibilities as a Covered Entity under HIPAA’s Security Rule: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/ ESTABLISH ADMINISTRATIVE SAFEGUARDS • Assign an internal security leader • Establish data security policies and procedures for staff • Develop plan to ensure updates of potential web threats BUILD TECHNICAL SAFEGUARDS • Determine role-based access and implement audit trails • Audit applications • Test and review network vulnerability CREATE PHYSICAL SAFEGUARDS • Develop policies and procedures to inventory and control access to desktops, servers and information systems. • Develop process for handling lost or stolen laptops and handheld devices • Determine system backup and data recovery procedures: • Natural: Flood, earthquake, tornado, etc. • Environmental: Chemical spills, HVAC problems, power outages, etc. • Unauthorized intrusions: Hackers, burglary, etc. • Establish contingency plans DETERMINE ONLINE BACKUP MEASURES • Create and document emergency access procedures • Consider 24/7 web support • Consider using server mirroring or cloning software Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
9.
Visit the following
sites for more information: QWEST SOLUTIONS • Heathcare Solutions • Ethernet Solutions for Healthcare – Fast, Secure, Reliable • Interactive Healthcare guide QWEST WHITE PAPERS • Qwest White Paper Resource Center • Electronic Health Records: Helping Healthcare Practitioners Understand the Benefits of Implementing a System • Healthcare IT Security Necessity • Ethernet for Healthcare Providers AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009 (ARRA) • http://www.recovery.gov: Information on the federal government’s economic recovery program • http://bit.ly/xhg5m: IRS ARRA Information Center RESOURCES MEANINGFUL USE DEFINITIONS • http://bit.ly/1f6Ri0: Recommendation from the Meaningful Use Workgroup • http://www.meaningfuluse.org: Discussion forum from the Association of Medical Directors of Information Systems HIPAA SECURITY REGULATIONS • http://bit.ly/bqzT5k: HHS security standards • http://bit.ly/ZlLrF: Detailed overview of the HIPAA security rule SECURITY ISSUES • http://www.NIST.gov: National Institute for Standards and Technology, which defines minimum encryption standards adopted into the Breach Notification Rule • http://edocket.access.gpo.gov/2009/pdf/E9-20169.pdf: Breach Notification for Unsecured Protected Health Information; Interim Final Rule Copyright © 2010 Qwest. All Rights Reserved. Not to be distributed or reproduced by anyone other than Q west entities. All marks are the property of the respe ctive co mpany. W P101207 4/10
Descargar ahora