Your SlideShare is downloading. ×

Cooperative ACO's Must Lead to Cooperative Security Measures


Published on

To learn more about our FREE HIPAA webinar series or our compliance tracking solution The Guard visit

To learn more about our FREE HIPAA webinar series or our compliance tracking solution The Guard visit

Published in: Education, Technology, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. 8/28/13 1 ACO – Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security “It’s a Team Sport.” Robby Gulri VP, Product Marketing  
  • 2. 855.85HIPAA   Industry  leading  Educa1on   Cer1fied  Partner  Program     •  Please  ask  ques1ons   •  For  todays  Slides   h#p://compliancy-­‐   •  Todays  &  Past  webinars  go  to:   h#p://compliancy-­‐   #CGwebinar  
  • 3. Real Stats in the Field 8/28/13 3
  • 4. ACO – Accountable Care Organizations Definition •  Accountable Care Organizations (ACOs) are groups of doctors, hospitals, and other health care providers, who come together voluntarily to give coordinated high quality care to their Medicare patients •  Goal of coordinated care is to ensure that patients get the right care at the right time, while avoiding unnecessary duplication of services and preventing medical errors •  Share in the savings it achieves for the Medicare program 8/28/13 4
  • 5. ACO Illustrated 8/28/13 5
  • 6. Encryption requirements for ACOs 8/28/13 6 Requirements Scan, Encrypt or Block outbound email •  Compliance (PHI, PAN, etc) •  Confidential or Sensitive information Business Process Enablement for Efficiency •  Replace paper based processes •  Loan applications, regulatory filings •  Medical records, insurance claims, and information exchange Automated eDocument Delivery •  Email distribution of documents containing private information •  Bank, mortgage, credit card statements •  Bills and invoices •  Insurance policies and claims
  • 7. The Players within ACOs •  Providers •  As networks of providers, ACOs are composed mostly of hospitals, physicians, and other healthcare professionals. •  Payers •  The federal government, in the form of Medicare, will be the primary payer of an ACO •  Other payers include private insurances, or employer- purchased insurance •  Patients •  An ACO’s patient population will primarily consist of Medicare beneficiaries 8/28/13 7
  • 8. ACOs and Health Care IT 8/28/13 8  Encryp1on,  Security  of  Data  at  Rest  and  in  Mo1on  
  • 9. 4 Essential Technologies for effective ACOs •  HIEs (Healthcare Information Exchange) •  Portal •  Secure Email •  Push / Pull •  Analytics •  Reporting •  Dashboards •  Care Management applications •  Tele Medicine •  Remote Patient Monitoring •  Encryption & Security Applications •  Document Encryption •  Email Encryption 8/28/13 9
  • 10. Security Framework for ACOs •  Secure, online environment which allows for controlled access to and sharing of data on a variety of levels between stakeholders •  Access to aggregate cost and quality trends by governance and project teams •  Secure repository for shared aggregate and detailed data •  Sharing of patient-specific clinical data between responsible caregivers 8/28/13 10
  • 11. Tools required for Secure Communications 8/28/13 11 Source:    AT&T  Compliance  Report  2013  
  • 12. Push / Pull Support 8/28/13 12
  • 13. Complying to HIPAA for ACOs •  Becomes even more important as information is constantly being exchanged across multiple organizations and providers •  More scrutiny and enforcement of HIPAA Omnibus •  Encryption becomes an important compliance tool and weapon 8/28/13 13
  • 14. HIPAA Encryption Requirements •  Standard ~ Transmission Security: Implement technical security measures to guard against unauthorized access to PHI that is being transmitted over an electronic communications network 45 CFR 164.312 (e)(1) •  Addressable Implementation Feature ~ implement a mechanism to encrypt electronic protected health information whenever deemed appropriate 45 CFR 164.312 (e)(2)(ii) Email  containing  PHI  requires  Encryp1on  
  • 15. Addressable Implementation of encryption is not optional •  Addressable implementation features are not optional, they must be addressed; HCO must either: 1  Implement the feature   or 2  Document why it’s not reasonable and appropriate to implement feature,   and implement an equivalent alternative measure when reasonable and appropriate
  • 16. Omnibus & Email Encryption •  More enforcement with Omnibus •  Direct liability for both Covered Entities and Business Associates •  More parties involved with PHI exchange •  Breach Definition have changed •  Breach is presumed and you have to prove “why breach didn’t occur…” •  Increase Penalties for liability 8/28/13 16
  • 17. Echoworx Snapshot 8/28/13 17
  • 18. 8/28/13 18 Thank you
  • 19. Free  Demo  and  60  Day  Evaluation   www.compliancy-­‐     HIPAA  Hotline       855.85HIPAA   855.854.4722     HIPAA  Compliance     HITECH  Attestation     Omnibus  Rule  Ready     Meaningful  Use  core  measure  15