go to www.compliancy-group.com/webinar to join our webinars
or go to http://compliancy-group.com/past-webinars/ to download these and other past webinar slides!
2. Compliance Simplified – Achieve , Illustrate, Maintain
Industry leading Education
Todays Webinar
• Please ask questions via questions or
chat
• Todays slides are available
Certified Partner Program http://compliancy-group.com/slides023/
• Past webinars and recordings
http://compliancy-group.com/webinar/
855.85HIPAA
www.compliancygroup.com
5. Definition
Interoperability allows disparate
information systems … to readily work
together and exchange data. *
5
*Microsoft (http://www.microsoft.com/about/legal/en/us/interoperability/default.aspx)
7. Definition
The Medicare and Medicaid EHR Incentive
Programs provide incentive payments … as
they adopt, implement, upgrade or
demonstrate meaningful use of certified
EHR technology.*
*CMS (http://www.cms.gov/Regulations-and- 7
Guidance/Legislation/EHRIncentivePrograms/index.html?redirect=/ehrincentiveprograms/)
8. Components of MU
Stage 1 - Use of certified EHR in a
meaningful manner
Stage 2 - Use of certified EHR technology for
electronic exchange of health information to
improve quality of health care
Stage 3 - …….
8
9. MU Stage 1
80% of patients must have records in EHR
Common Objectives - Individuals & Institutions:
Computerized provider order entry (CPOE)
Report clinical quality measures to CMS/States
Implement one clinical decision support rule
Provide patients with electronic copy of health information
Record demographics
Up-to-date problem list of current and active diagnoses
Maintain active medication list
Maintain active medication allergy list
Record and chart changes in vital signs
Record smoking status for patients 13 years or older
Exchange key clinical information among providers of care and patient-
authorized entities electronically
Protect electronic health information
9
10. MU Stage 2
Common Objectives - Individuals & Institutions:
CPOE - For more than 60% of medication, 30% of laboratory, & 30% of radiology
Demographics / Vital Signs / Smoking Status – Record for more than 80%
Interventions - 5 clinical decision support interventions + drug/drug and drug/allergy
Labs - Incorporate lab results for more than 55%
Patient List - Generate patient list by specific condition
Patient Access - Provide online access to health information for more than 50% with
more than 5% actually accessing
Education Resources - EHR to identify and provide education resources more than 10%
Rx Reconciliation - Medication reconciliation at more than 50% of transitions of care
Summary of Care - Summary of care document for more than 50% of
transitions of care with 10% sent electronically and one sent to a recipient
with a different EHR vendor or successfully testing with CMS test EHR
Immunizations - Successful ongoing transmission of immunization data
Security Analysis - Conduct or review security analysis and incorporate in risk
management process
10
11. Audit Failure
“If CMS determines during the audits that
the provider has failed to meet any one of
the reporting requirements, it plans to take
steps to recoup incentive payments.”*
*GAO (http://gao.gov/assets/600/590538.pdf/) 11
13. Health Information Exchange (HIE)
Reliable and interoperable electronic health-related
information sharing
Conducted in a manner that protects the confidentiality,
privacy, and security of the information.
Create a standardized interoperable model that is trusted,
scalable and reliable.
Public HIE - Community-based and are open to, and
governed by, participants from multiple organizations.
Private HIE - Operate under the governance of an
Integrated Delivery Network (IDN) or a single healthcare
system.
13
15. Accountable Care Organizations (ACO)
Groups of doctors, hospitals, and other health care
providers, who come together to give coordinated
care to Medicare patients.
The goal is to ensure that patients get the right care
and avoid unnecessary duplication of services and
medical errors.
When an ACO succeeds both in both delivering high-
quality care and spending health care dollars more
wisely, it will share in the savings it achieves for the
Medicare program.
15
16. Types of ACOs
Medicare Shared Savings Program—a program that
helps a Medicare fee-for-service program providers
become an ACO.
Advance Payment Initiative —a supplementary
incentive program for selected participants in the Shared
Savings Program.
Pioneer ACO Model —a program designed for early
adopters of coordinated care.
16
18. Health Information Organizations (HIO)
Organizations that oversee HIE
Employ nationally recognized standards to enable
interoperability, security and confidentiality
Ensure authorization of those who access the
information.
Effort to improve the way systems in healthcare share
critical information.
Develop integration profiles to facilitate health
information passing seamlessly from one system to
another.
18
19. Integrating the Healthcare Enterprise (IHE)
The Healthcare Information Management & Systems
Society (HIMSS) provides leadership for the optimal use
of information technology and management systems for
the betterment of healthcare.
Healthcare Information Technology Standards Panel
(HITSP) purpose of achieving a widely accepted and
useful set of standards specifically to enable and support
widespread interoperability among healthcare software
applications.
19
22. Federated Model
Each participating
Participant
organization retains
control of their
healthcare
Participant Participant
information and
responds to queries
when information is
requested.
Participant
22
23. Centralized Model
Participant
A central
organization
collects information
from participating
Participant Information Participant
Exchange organizations and
stores the
information in a
centralized place to
provide access.
Participant
23
24. Hybrid Model
Participant
Some information
is stored centrally
and other
information is
Participant Information Participant
Exchange stored at
participating
organizations.
Participant
24
26. Issues
Individual participants can prepare all they want, but
bad data can snarl the exchange.
Normalization of data across multiple independent
organizations leaves data more vulnerable to
contamination, duplication and mix-ups.
Medicare collection of extensive data, raising privacy
concerns and administrative costs.
Aggregating, analyzing and managing Utilization and
Total Medical Cost (of a patient) across organizations.
26
29. Testing - Ownership
Each participant must concede a certain amount of ownership of
resources and timelines for projects to the “Greater Good”.
29
31. Normalization - Federated Model
Each participating
Participant
must maintain a
cross reference
table of Patient
Participant Participant
Master ID’s and
other data that
needs to be shared.
Participant
31
32. Normalization - Centralized / Hybrid
Participant
A Master Patient
Reference and
other Cross
Reference is
Participant Information Participant
Exchange maintained by the
Information
Exchange and
accessed by
participants.
Participant
32
34. Testing - Analytics
Data Analytics
Warehouse
Calculation and
understanding of
Participant
Utilization and Total
Cost of Expenses
Participant
Participant
Participant Participant
Participant
Reporting for
Individual Participants
Participant
Pre- Government reporting
Processor
Participant
Proper Entitlements to
view reporting.
Information
Exchange
34
36. Testing - Federated Model
One participant
organization has the De-
Identification Hub.
Agent
Participant
Sensitive Data Discovery
is automated for each
participant.
Hub Agent The Hub maintains the
Participant Participant
complete sensitive data
inventory from all
participants.
The other participants
have remote agents
Participant
which process discovery
Agent and de-identification on
their own network so
that no PHI data leaves
their network.
36
37. Testing - Centralized / Hybrid
Agent The Information
Participant Exchange has the De-
Identification Hub.
Sensitive Data Discovery
is automated for the
Agent
Information Exchange as
well as each participant.
Information
The Hub maintains the
Participant Participant
Exchange Hub
complete sensitive data
Agent
inventory including that
of all participants.
Each participant has a
Participant remote agent which
process discovery and
Agent de-identification on their
own network so that no
PHI data leaves their
network.
37
39. Risk Based Solutions
• Axis has created a set of eGRC related
solutions that leverage our overall
consulting expertise as well as our
DMsuiteTM and product
implementation capabilities
Enterprise Governance, Risk and
Compliance
Strategic Business Processes / Goals
Enterprise Architecture
Reference Models, Business Architecture, Application Architecture
Drives Drives
Information Security Architecture
Regulatory & Corporate Requirements, Environment Maturity Assessment
Data Masking Identity / Access Data Information
(De-Identification) Management Management Security
Drives Entitlements Data Sensitive Data Drives
DMsuiteTM
Management Governance Assessment
Operational Environment
39
40. Data De-Identification - DMsuiteTM
DMsuite™ - A robust,
proprietary tool that has been
deployed at clients for over
8 years with:
Sensitive Data Discovery - HIPAA
Ready Out of the Box,
Data De-Identification and
Auditing functionality.
40
41. Questions or Further Discussions
Contact: Joe Santangelo
Email: jsantangelo@axistechnologyllc.com
Phone: (646) 596-2670
Twitter: @DataPrivacyDude
41
42. Compliance Simplified – Achieve , Illustrate, Maintain
Compliance Simplified!
HIPAA Compliance
Achieve
HITECH Attestation
Meaningful Use core measure 15
Illustrate
Free Demo and 15 Day Evaluation
855.85HIPAA
Maintain
http://compliancy-group.com/
New & Past Webinars
http://compliancy-group.com/webinar/
855.85HIPAA
www.compliancygroup.com