Modern Healthcare Information Technology


Published on

A Health Care Information technology overview. Discuss talking points on services & solutions around HITECH/EHR and talk about risks associated.

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Modern Healthcare Information Technology

  1. 1. Opportunity Knocks: Modern HealthcareInformation Technology
  2. 2. Agenda• HITECH/EHR Overview• HITECH/EHR Services & Solutions• Health Information Technology Risks• ANSI PHI Project
  3. 3. HITECH/EHR Overview HITECH/EHR Overview HIPAA & PHI Data Breaches Enforcement Updates
  4. 4. HITECH/EHR Overview• HC IT Project Drivers: Incentives  ARRA HITECH – ―EHR … by 2014‖  Nationwide HIT infrastructure  Meaningful Use HIPAA security requirements  Changing EHR MU Stage 2 & 3 requirements  Upcoming ACO requirements• HC IT Project Drivers: Sanctions  PHI breach notification  HIPAA enforcement
  5. 5. HIPAA and PHI Data Breaches• Ponemon Institute: Data breaches cost hospitals nearly $6 billion/year1• Medical-related data breaches listed in Privacy Rights Clearinghouse2  116 breaches listed in 2007-2008  229 breaches listed in 2009-2010• 86% of large-hospital employees surveyed believe the number of data breaches discovered will increase under HITECH3• The Department of Justice secured ―$2.5 billion in health care fraud recoveries—the largest in history,‖ for the fiscal year ending 9-30-20104 1- Source: Benchmark Study on Patient Privacy and Data Security, November 9, 2010, Ponemon Institute LLC. 2- Source: 3- Source: 2009 HIMSS Analytics Report:―Taking a Pulse on HITECH, Are Hospitals and Business Associates Ready?‖ November 17, 2009. 4- Source: Department of Justice, November 22, 2010, 5
  6. 6. Enforcement UpdatesHIPAA Sanctions• Periodic HHS CE & BA HIPAA Compliance Audits• Violations range from $100 to $1.5 million (willful neglect)• Extends criminal penalties to individual or employee of CE• State attorneys general can file civil suit on behalf of residents
  7. 7. Enforcement UpdatesOCR Commitment to HIPAA EnforcementProgram Increases• Regional Office Privacy Advisors (+$2.283 million)• Enforcement of the HIPAA Security Rule (+$1 million)• Investigation of the HITECH Breach Reports (+$1.335 million)• Compliance Review Program (+$1 million)
  8. 8. Enforcement UpdatesHIPPA Enforcement Activities• Cignet Health, 2011: $4.3 million – Denying access to medical records & refusing to cooperate with OCR investigation• Massachusetts General Hospital Settles HIPAA Violations, 2011: $1 million – Documents left on subway by employee• Health Net, 2011: $55,000 + mandatory data-security audit 2 years – Lost portable drive & misrepresentation of risk 1.html• Rite Aid, 2010: $1 Million – Poor disposal practices
  9. 9. HITECH/EHR Services & Solutions EHR Related Services BKD Provides
  10. 10. HITECH/EHR Services & SolutionsOutsourced Project Management• Assist management with development of project plan to manage all phases of EHR implementation project• Assist management with overseeing project milestones• Periodic project status & project risk reports EHR System Selection• Assist management with identifying & evaluating an EHR-compliant system• Demonstration scorecards—basis for purchase decisions• Total cost of ownership—three-year estimates that include software, equipment & implementation feesEHR Readiness Assessment• IT & infrastructure inventory• EHR current capabilities assessment• IT Governance & process maturity measurements• Security compliance assessment10
  11. 11. HITECH/EHR Services & SolutionsARRA Reimbursement Analysis• Develop reimbursement projections• Develop multi-year cash flow analysis mapping EHR project timeline with federal funding timeline projectionsEHR Meaningful Use Attestation Assistance• Review meaningful use objectives management has decided to report against• Develop audit procedures to determine if selected objectives are being met• Provide findings & recommendations based on executed audit proceduresHIPAA Data Security & Privacy Assessment• Data-flow analysis• Risk & control identification• IT Governance & process maturity measurements• Control design & effectiveness testing11
  12. 12. Health InformationTechnology Risks Understanding HIT Data-flowRisk Associated with Clinical Systems Expanded Audit Procedures
  13. 13. Health Information TechnologyRisks• Developing clinical system & sub-system inventory• Understanding flow of data in a healthcare system• Identifying risks & controls13
  14. 14. Health Information TechnologyRisks14
  15. 15. Health Information TechnologyRisks15
  16. 16. Health Information TechnologyRisks16
  17. 17. Health Information TechnologyRisksExpanded HIT Audit Procedures• Data-flow analysis• Computer Assisted Audit Techniques (CAAT)• Evaluating security at clinical system level• Evaluating intermediary data repositories & job scheduling/data integration systems17
  18. 18. ANSI/Shared Assessments PHI Project Report & tools valuing financial impact of unauthorized disclosure of protected health information (PHI)
  19. 19. ANSI/Shared Assessments PHIProject
  20. 20. Thank YouMatt Lathrom, CISM, CISA, MCP Managing Consultant BKD IT Risk Services 816.221.6300