• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Modern Healthcare Information Technology

Modern Healthcare Information Technology



A Health Care Information technology overview. Discuss talking points on services & solutions around HITECH/EHR and talk about risks associated.

A Health Care Information technology overview. Discuss talking points on services & solutions around HITECH/EHR and talk about risks associated.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Modern Healthcare Information Technology Modern Healthcare Information Technology Presentation Transcript

    • Opportunity Knocks: Modern HealthcareInformation Technology
    • Agenda• HITECH/EHR Overview• HITECH/EHR Services & Solutions• Health Information Technology Risks• ANSI PHI Project
    • HITECH/EHR Overview HITECH/EHR Overview HIPAA & PHI Data Breaches Enforcement Updates
    • HITECH/EHR Overview• HC IT Project Drivers: Incentives  ARRA HITECH – ―EHR … by 2014‖  Nationwide HIT infrastructure  Meaningful Use HIPAA security requirements  Changing EHR MU Stage 2 & 3 requirements  Upcoming ACO requirements• HC IT Project Drivers: Sanctions  PHI breach notification  HIPAA enforcement
    • HIPAA and PHI Data Breaches• Ponemon Institute: Data breaches cost hospitals nearly $6 billion/year1• Medical-related data breaches listed in Privacy Rights Clearinghouse2  116 breaches listed in 2007-2008  229 breaches listed in 2009-2010• 86% of large-hospital employees surveyed believe the number of data breaches discovered will increase under HITECH3• The Department of Justice secured ―$2.5 billion in health care fraud recoveries—the largest in history,‖ for the fiscal year ending 9-30-20104 1- Source: Benchmark Study on Patient Privacy and Data Security, November 9, 2010, Ponemon Institute LLC. 2- Source: http://www.privacyrights.org/ 3- Source: 2009 HIMSS Analytics Report:―Taking a Pulse on HITECH, Are Hospitals and Business Associates Ready?‖ November 17, 2009. 4- Source: Department of Justice, November 22, 2010, http://www.justice.gov/opa/pr/2010/November/10-civ-1335.html 5
    • Enforcement UpdatesHIPAA Sanctions• Periodic HHS CE & BA HIPAA Compliance Audits• Violations range from $100 to $1.5 million (willful neglect)• Extends criminal penalties to individual or employee of CE• State attorneys general can file civil suit on behalf of residents
    • Enforcement UpdatesOCR Commitment to HIPAA EnforcementProgram Increases• Regional Office Privacy Advisors (+$2.283 million)• Enforcement of the HIPAA Security Rule (+$1 million)• Investigation of the HITECH Breach Reports (+$1.335 million)• Compliance Review Program (+$1 million)
    • Enforcement UpdatesHIPPA Enforcement Activities• Cignet Health, 2011: $4.3 million – Denying access to medical records & refusing to cooperate with OCR investigation http://www.hhs.gov/news/press/2011pres/02/20110222a.html• Massachusetts General Hospital Settles HIPAA Violations, 2011: $1 million – Documents left on subway by employee http://www.hhs.gov/news/press/2011pres/02/20110224b.html• Health Net, 2011: $55,000 + mandatory data-security audit 2 years – Lost portable drive & misrepresentation of risk http://www.healthdatamanagement.com/news/breach_hipaa_privacy_security_hitech_lawsuit-39645- 1.html• Rite Aid, 2010: $1 Million – Poor disposal practices http://www.hhs.gov/news/press/2010pres/07/20100727a.html
    • HITECH/EHR Services & Solutions EHR Related Services BKD Provides
    • HITECH/EHR Services & SolutionsOutsourced Project Management• Assist management with development of project plan to manage all phases of EHR implementation project• Assist management with overseeing project milestones• Periodic project status & project risk reports EHR System Selection• Assist management with identifying & evaluating an EHR-compliant system• Demonstration scorecards—basis for purchase decisions• Total cost of ownership—three-year estimates that include software, equipment & implementation feesEHR Readiness Assessment• IT & infrastructure inventory• EHR current capabilities assessment• IT Governance & process maturity measurements• Security compliance assessment10
    • HITECH/EHR Services & SolutionsARRA Reimbursement Analysis• Develop reimbursement projections• Develop multi-year cash flow analysis mapping EHR project timeline with federal funding timeline projectionsEHR Meaningful Use Attestation Assistance• Review meaningful use objectives management has decided to report against• Develop audit procedures to determine if selected objectives are being met• Provide findings & recommendations based on executed audit proceduresHIPAA Data Security & Privacy Assessment• Data-flow analysis• Risk & control identification• IT Governance & process maturity measurements• Control design & effectiveness testing11
    • Health InformationTechnology Risks Understanding HIT Data-flowRisk Associated with Clinical Systems Expanded Audit Procedures
    • Health Information TechnologyRisks• Developing clinical system & sub-system inventory• Understanding flow of data in a healthcare system• Identifying risks & controls13
    • Health Information TechnologyRisks14
    • Health Information TechnologyRisks15
    • Health Information TechnologyRisks16
    • Health Information TechnologyRisksExpanded HIT Audit Procedures• Data-flow analysis• Computer Assisted Audit Techniques (CAAT)• Evaluating security at clinical system level• Evaluating intermediary data repositories & job scheduling/data integration systems17
    • ANSI/Shared Assessments PHI Project Report & tools valuing financial impact of unauthorized disclosure of protected health information (PHI)
    • ANSI/Shared Assessments PHIProject http://www.ansi.org/standards_activities/standards_boards_panels/idsp/protected_health_information.aspx19
    • Thank YouMatt Lathrom, CISM, CISA, MCP Managing Consultant BKD IT Risk Services mlathrom@bkd.com 816.221.6300