By 2015, all healthcare organizations must deploy comprehensive Electronic Health Records (EHR) to be in compliance with the Health Insurance Portability and Accountability Act (HIPAA) enacted by the U.S. Congress more than a decade ago in an effort to reform healthcare. Title II of HIPAA requires healthcare organizations to standardize the interchange of electronic data for specified administrative and financial transactions in order to protect the security and confidentiality of electronic health information. Meeting these standards is an uphill battle for most healthcare organizations. Transferring documents to an electronic format is a long and expensive process. While larger enterprises such as hospitals and health systems are leading the switch to EHR, only 13 percent of physicians have implemented EHR systems in their practices.

1. WHITE PAPER
Leveraging Funding For EHR While Meeting
HIPAA Requirements
EHR Adoption Requirements By 2015, all healthcare organizations However, HIPAA requirements do
must deploy comprehensive Electronic not discriminate. Everyone is subject
Health Records (EHR) to be in to the same penalties of non-
compliance with the Health Insurance compliance. Those who fail to adopt
Portability and Accountability Act EHR technology in the next five years will
(HIPAA) enacted by the U.S. Congress see their Medicare fee schedule for
more than a decade ago in an effort professional services reduced by up to
to reform healthcare. Title II of HIPAA five percent per year. This urgency to
requires healthcare organizations to comply has healthcare professionals
standardize the interchange of electronic feeling backed up against a wall because
data for specified administrative and many organizations are struggling to
financial transactions in order to protect find the funds and resources to afford
the security and confidentiality of the EHR transition.
electronic health information.
That’s why the American Recovery
Meeting these standards is an uphill and Reinvestment Act of 2009 (ARRA)
battle for most healthcare organizations. has created an incentive for hospitals
Transferring documents to an electronic and doctors who are early adopters of
format is a long and expensive process. EHR systems. The ARRA has allocated
While larger enterprises such as billions in funds – most of which will
hospitals and health systems are leading be paid out in incentives to those who
the switch to EHR, only 13 percent of purchase EHR systems. Organizations
physicians have implemented EHR can start collecting ARRA funds as soon
systems in their practices. as 2011 if their EHR systems are in place.
Modernizing Your Network The greatest challenge with the switch with HIPAA privacy statutes, and the
to EHR begins with the network. network security necessary to ensure
Organizations must continue to comply this privacy comes at a substantial cost.
© Windstream 2012
DATE: 3.27.12 | REVISION: 2 | 009575_Leveraging_Funding | CREATIVE: MF | JOB#: 9575 - Leveraging Funding For EHR | COLOR: GS | TRIM: 8.5” x 11”

2. WHITE PAPER
ARRA Payment Table
2011 2012 2013 2014
1st Payment Year Amount 18,000 18,000 15,000 12,000
2nd Payment Year Amount 12,000 12,000 12,000 8,000
3rd Payment Year Amount 8,000 8,000 8,000 4,000
4th Payment Year Amount 4,000 4,000 4,000 0
5th Payment Year Amount 2,000 2,000 0 0
Total $44,000 $44,000 $39,000 $24,000
Data Prioritization Early adopters using EHR by 2011 will Historically, large enterprises have been
be eligible to receive up to $44,000 in better than smaller entities at making
incentive payments over a five-year the EHR transformation. According to
period and up to $18,000 in their first an SK&A poll, 50 percent of healthcare
payment year alone. The table outlines systems and 44 percent of hospitals
the incentive payment schedule as have made the switch. Yet, larger
defined by the ARRA. systems are not immune from difficulties.
Networks must be modernized to handle The EHR shift requires significant
the volume of traffic and data associated manpower and financial resources,
with an EHR system, and the proper and takes time and money away from
security measures must be in place other initiatives. Still, smaller entities
to protect the privacy of patient data. are struggling to find the resources to
Many healthcare entities still run on get started. Lack of IT staff and proper
cable or DSL legacy networks that lack technology, as well as budget restraints,
the speed, serviceability, and security seem to plague many organizations and
needed to support an EHR system. But make EHR installation next to impossible
the penalties for non-compliance are for some.
substantial and not worth the risk, as
fines can be as high as $50,000 per
incident and include jail time.
© Windstream 2012

3. WHITE PAPER
Subsidizing EHR Costs In order to alleviate the burdens of EHR With the EFS and SFS solutions,
system implementation, Windstream companies can have access to the
offers exclusive programs called necessary hardware or software while
Equipment for Services (EFS) and experiencing minimal or no capital
Software for Services (SFS). These outlay. This can free up IT resources
programs allow clients to use a portion for enterprises, as well as put those
of the money they spend on Windstream lagging behind on track to meet
services to subsidize new equipment HIPAA deadlines.
and software purchases for their network
to effectively install EHR systems. Windstream provides customers with
an initial consultation that includes
Since the programs began in 1998, insights about their network
Windstream has funded more than $90 infrastructure, how to improve it, and
million in equipment and software for the technologies and products
more than 4,800 customers. With the necessary to provide ample security
EFS and SFS programs, Windstream is for EHR implementation And, with the
able to work with organizations to help EFS and SFS programs, customers
subsidize the up-front purchase costs are not limited to only Windstream
of an EHR system, while still allowing software and hardware. Organizations
organizations to receive full incentive have the option to work with other
payments from the government. communications equipment vendors,
or Windstream’s preferred vendors.
A Firewall is Not Enough The Windstream team also helps the security of medical records. While
customers implement the proper network network firewalls provide a basic line of
security solutions needed to meet HIPAA defense, there are still vulnerabilities that
requirements. Network security is vital organizations must prepare for in order
to the protection of sensitive medical to prevent a network security breach.
records data; however, the risk to network
security continues to grow. In 2009, Windstream works with customers to
Internet crimes such as hackers and design and execute a plan for EHR while
malicious software (malware) attacks helping to fund necessary technology
increased by 27 percent. and providing security to keep patient
information safe. With Windstream’s
Private patient data is extremely EFS and SFS programs, healthcare
vulnerable to an attack. A layering organizations do not have to navigate
of network products and solutions through HIPAA requirements on their
is necessary to effectively combat own. They can draw on the expertise
malicious activity that may compromise of a true partner.
© Windstream 2012

4. WHITE PAPER
Keeping Patient Healthcare organizations may benefit are launched. When an anomaly is
Information Safe from Windstream’s Intrusion Detection discovered, both the IDPS customer
and Prevention System (IDPS) that and Windstream’s security operations
works along with the firewall to provide center are alerted. Windstream
both Intrusion Prevention Sensors (IPS) engineers contact the customer about
and Intrusion Detection System (IDS) the malicious activity, and also help
protection for the entire network. These remediate the problem.
systems identify and prevent malware
intrusion by examining information With current IDS or IPS solutions, IT
via sensors within the network professionals need to sift through a
infrastructure. wall of network data that likely
contains a great deal of false positives
As malware evolves, network security – information that is classified as
must keep pace. If not, companies will malicious, but is, in fact, harmless.
continue to be at risk for damage to Windstream manages this process for
their networks and reputations. One its customers, and has a 99.9999
network security breach can bring percent guarantee against false
operations to a screeching stop if patient positives, ensuring that the IT
data is jeopardized. professional’s time is spent in the most
productive way possible. This fully
Windstream’s IDPS sensors provide managed and monitored IDPS solution
“zero hour” protection for the helps organizations meet and exceed
customer so healthcare organizations HIPAA requirements.
are protected as soon as threats
009575 | 3/12 © Windstream 2012