WHITEC Services Group Overview Team of experienced health IT - - PowerPoint PPT Presentation

whitec services group overview
SMART_READER_LITE
LIVE PREVIEW

WHITEC Services Group Overview Team of experienced health IT - - PowerPoint PPT Presentation

Jan 21, 2024 121 likes •237 views

WHITEC Services Group Overview Team of experienced health IT specialists with broad vendor knowledge Federally designated to assist primary care providers; now expanding services to specialty providers across the country Have assisted

slide-1
SLIDE 1

WHITEC Services Group | www.whitec.org 1

WHITEC Services Group Overview

  • Team of experienced health IT specialists with

broad vendor knowledge

  • Federally designated to assist primary care

providers; now expanding services to specialty providers across the country

  • Have assisted more than 800 providers achieve

meaningful use and earn incentives

  • Recommended provider of Virtual Security Risk

Assessments for RevolutionEHR

slide-2
SLIDE 2

WHITEC Services Group | www.whitec.org 2

Overview of HIPAA and HITECH

  • 1996: HIPAA passed by Congress
  • 2003: Privacy Rule went into effect
  • 2005: Security Rule went into effect
  • 2009: HITECH enacted as part of ARRA
  • CMS EHR Incentive Programs
  • Significant changes to HIPAA
  • 2013: HIPAA/HITECH Omnibus Final Rule

published

  • Business Associates, Breach Notification
slide-3
SLIDE 3

WHITEC Services Group | www.whitec.org 3

3 EHRs & HIE

HITECH: Catalyst for Transformation

HITECH Act

Pre 2009 2009 2014 A system plagued by inefficiencies EHR Incentive Program and 62 Regional Extension Centers

Paper records

Widespread adoption and meaningful use

  • f EHRs
slide-4
SLIDE 4

WHITEC Services Group | www.whitec.org 4

Meaningful Use: Path to better outcomes and quality

Stage 1 Data capture and sharing Stage 2 Advanced clinical processes Stage 3 Improved

  • utcomes

 Better clinical outcomes  Improved population health

  • utcomes

 Increased transparency and efficiency  Empowered individuals  More robust research data on health system

slide-5
SLIDE 5

WHITEC Services Group | www.whitec.org 5

Meaningful Use is…

Using certified EHR technology1 to:

  • 1. Improve quality, safety and efficiency
  • 2. Engage patients and families
  • 3. Improve care coordination
  • 4. Improve public and population health
  • 5. *Ensure privacy & security for personal health

information*

1 Certification as defined by ONC-Authorized Testing and Certification Body (ONC-ATCB). For more information on

certified EHRs and the process of certification, visit http://onc-chpl.force.com/ehrcert.

slide-6
SLIDE 6

WHITEC Services Group | www.whitec.org 6

MU and Privacy & Security

Core Measure (Stage 1): Protect Electronic Health Information

Objective Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities. Measure Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. Exclusion No exclusion.

Source: Stage 1 EHR Meaningful Use Specification Sheets for Eligible Providers: http://www.cms.gov/EHRIncentivePrograms/30_Meaningful_Use.asp#BOOKMARK4

slide-7
SLIDE 7

WHITEC Services Group | www.whitec.org 7

MU and Privacy & Security

Core Measure (Stage 2): Protect Electronic Health Information

Objective Protect electronic health information created or maintained by the certified EHR technology (CEHRT) through the implementation of appropriate technical capabilities. Measure Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the encryption/ security of data stored in CEHRT in accordance with requirements under 45 CFR 164.312 (a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. Exclusion No exclusion.

slide-8
SLIDE 8

WHITEC Services Group | www.whitec.org 8

HIPAA Security Risk Analysis

  • Under the Administrative safeguards:
  • §164.308(a)(1)(ii)(A) Risk analysis (Required).

Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity

  • §164.308(a)(1)(ii)(A) Risk management (Required).

Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a)

slide-9
SLIDE 9

WHITEC Services Group | www.whitec.org 9

MU EHR Security Risk Analysis

  • Evaluate security vulnerabilities associated with

an EHR and focus on meeting federal HIPAA requirements

  • Rank threats and vulnerabilities and identify your

most significant risks

  • Develop an action plan to mitigate top risks and

document progress

  • SRA needs to be completed every year of

participation in EHR Incentive Program

slide-10
SLIDE 10

WHITEC Services Group | www.whitec.org 10

Preparing for MU Audits

  • Happening for both Medicare and

Medicaid EHR Incentive programs

  • At minimum 5% of EPs are being audited
  • If you are unable to support attestation you

may be required to return incentive payment

  • Alternately, you may be audited prior to

release of payment

slide-11
SLIDE 11

WHITEC Services Group | www.whitec.org 11

MU Audit-Required Documentation

  • Need to maintain documentation for:
  • Proof of Eligibility
  • Each core and menu measure
  • In some cases proving system configuration
  • Each CQM measure
  • Security Risk Assessment
  • Identified Risks
  • Risk Mitigation plans