Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.
Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.
Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.
1 1 Risk Management: How to Comply with Everything July 11, 2013.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
CMS Proposals for Quality Reporting Programs Under the 2015 Medicare Physician Fee Schedule Proposed Rule PQRS, EHR Incentive Program, Physician Compare,
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.
The Auditing Process: Lessons Learned Florida’s Medicaid EHR Incentive Program July 23, 2015.
Medicaid EHR Incentive Program For Eligible Professionals Overview of the Proposed 2015 Modification Rule Kim Davis-Allen Outreach Coordinator
Affordable Healthcare IT Solutions. MU RX Compliance with Meaningful Use Stage 2.
Meaningful Use Security Risk Assessment (SRA): Resources for Eligible Professionals (EPs) Kim Bell, MHA, FACHE, PCMH-CCE Executive Director Georgia Health.
Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN
Meaningful Use Security Risk Analysis Passing Your Audit.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
©2011 Falcon, LLC. All rights reserved. Proprietary. May not be copied or distributed without the express written permission of Falcon, LLC. Falcon EHR.
Working with HIT Systems
Medicaid EHR Incentive Program Updates eHealth Services and Support September 24, 2014 Today’s presenter: Nicole Bennett, Provider Enrollment and Verification.
The Impact of Proposed Meaningful Use Modifications for June 23, 2015 Today’s presenters: Al Wroblewski, Client Services Relationship Manager.
Final Rule Regarding EHR Certification Flexibility for 2014 Today’s presenters: Al Wroblewski, Client Services Relationship Manager Thomas Bennett, Client.
Patient Engagement Today’s presenter:
MAPIR 5.7 Walk-Through Vermont Medicaid Electronic Health Record (EHR) Incentive Program May 25, 2016.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
CMS Final Rule: Stage 3 Meaningful Use and Modifications to MU for November 3, 2015 Today’s presenters: Thomas Bennett, Client Services Relationship.
Modified Stage 2 Meaningful Use Program Year 2015: Attestation 101 Massachusetts Medicaid EHR Incentive Payment Program July 5, 2016 Today’s presenter:
Psychiatric Clinical Nurse Specialists: Adopt, Implement, Upgrade (AIU) Massachusetts Medicaid EHR Incentive Program August 3, 2016 Today’s presenter:
Regulatory Roundtable Meaningful Use & HIPAA Kathy Branca Ray Harms.
AUDITS….. MEANINGFUL USE AND HIPAA COMPLIANCE (OCR) MARK NORRIS MEDICAL RECORDS SERVICES
Last Chance to Get Started with the Medicaid EHR Incentive Program September 27, 2016 Today’s presenters: Al Wroblewski, PCMH CCE, Client Services Relationship.
HIPAA Series: Part Three
Modified Stage 2 Meaningful Use: Objective #8 – Patient Electronic Access Massachusetts Medicaid EHR Incentive Payment Program July 19, 2016 Today’s presenter:
Community Health Center Security Risk Management
Psychiatric Clinical Nurse Specialists How to Get Your Medicaid EHR Incentive for 2016 November 21, 2016 Today’s presenters: Al Wroblewski, Client.
Meaningful Use Objectives Overview Massachusetts Medicaid EHR Incentive Program September 16, 2016 Today’s presenters: Brendan Gallagher Thomas.
What is HIPAA in 2016? Presented By: Suze Shaffer, CHSP
Modified Stage 2 Meaningful Use: Objective #9 – Secure Electronic Messaging Massachusetts Medicaid EHR Incentive Payment Program July 19, 2016 Today’s.
EHR Incentive Program 2017 Program Requirements
In-depth look at the security risk analysis
Florida’s Medicaid EHR Incentive Program
Psychiatric Clinical Nurse Specialists: Patient Volume Threshold (PVT) Massachusetts Medicaid EHR Incentive Program August 2, 2016 Today’s presenter:
Today’s presenters: Thomas Bennett, MeHI Technical Assistance Team
Stage 3 and ACI’s Relationship to Medicaid MU Massachusetts Medicaid EHR Incentive Program September 19 & 20, 2017 Today’s presenters: Brendan Gallagher.
Modified Stage 2 Meaningful Use: Objective #7– Medication Reconciliation Massachusetts Medicaid EHR Incentive Payment Program July 14, 2016 Today’s presenter:
Modified Stage 2 Meaningful Use: Objective #4 – ePrescribing (eRx) Massachusetts Medicaid EHR Incentive Payment Program July 12, 2016 Today’s presenter:
Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.
Interoperability and Patient Engagement: Health Information Exchange (HIE), Secure Messaging, and Patient Portals for Modified Stage 2 September.
Modified Stage 2 Meaningful Use: Objective #2 – Clinical Decision Support Massachusetts Medicaid EHR Incentive Payment Program July 7, 2016 Today’s presenter:
EHR Incentive Program 2017 Program Requirements
EHRs and HIPAA: Steps to Maintain Privacy and Security of Patient Data
The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture
Modified Stage 2 Meaningful Use Program Year 2015: Attestation 101 Massachusetts Medicaid EHR Incentive Payment Program July 5, 2016 Today’s presenter:
EHR Incentive Program 2018 Program Requirements
Modified Stage 2 Meaningful Use: Objective #6 – Patient Specific Education Massachusetts Medicaid EHR Incentive Payment Program July 14, 2016 Today’s.
Presented by UConn Health Information Technology (HIT)
2017 Modified Stage 2 Meaningful Use Objectives Overview Massachusetts Medicaid EHR Incentive Program September 19 & 20, 2017 September 19,
Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.
An Overview of Meaningful Use Proposed Rules in 2015
Modified Stage 2 Meaningful Use: Objective #10 – Public Health Reporting Massachusetts Medicaid EHR Incentive Payment Program July 21, 2016 Today’s presenter:
Risk Management: why and how to protect your health center
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
Modified Stage 2 Meaningful Use: Objective #5 – Health Information Exchange (Summary of Care) Massachusetts Medicaid EHR Incentive Payment Program July.
Clinical Decision Support (CDS): Meeting the Meaningful Use Measures Massachusetts Medicaid EHR Incentive Program May 14, 2019 & May 20, 2019.
Health Information Exchange (HIE): Meeting the Measures for Stage 3 Massachusetts Medicaid EHR Incentive Program May 13, 2019 & May 21, 2019.
HIPAA Security Risk Assessment (SRA)
Presentation transcript:

Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client Services Relationship Manager

Disclaimer This presentation was current at the time it was presented, published or uploaded onto the web. This presentation was prepared as a service to the public and is not intended to grant rights or impose obligations. This presentation may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage attendees to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents. Massachusetts eHealth Institute

The attestation deadline for Program Year 2015 is August 14, 2016 Reminder The attestation deadline for Program Year 2015 is August 14, 2016 This webinar series has been designed to help you successfully attest for Program Year 2015, so we wanted to remind you of the attestation deadline; we also encourage you to resolve any access issues (DCF, Special Enrollment) ASAP Massachusetts eHealth Institute

Agenda What is Meaningful Use (MU) Objective #1 all about? Steps to meet MU Objective #1 Do the right thing Follow the process Conduct a thorough assessment or review Follow-up with appropriate actions Create and retain supporting documentation Attesting for MU Objective #1 Common Issues Questions and Answers

What is MU Objective #1 all about?

What is MU Objective #1 all about?

What is MU Objective #1 all about? Protect Patient Health Information Objective Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities. Measure Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI created or maintained by CEHRT in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP's risk management process. Exclusion No exclusion.

What is MU Objective #1 all about? Conduct or review a SRA Encryption/security of data Create mitigation plan Implement updates A minimum of once/year Attest to conducting analysis Redo after upgrades Cover entire EHR reporting period Updates/deficiencies addressed demonstrating that corrections were made consistent with risk management process What is MU Objective #1 all about? Protect Patient Health Information - Additional Information

What is MU Objective #1 all about? Conduct during program year and before attestation Does not go beyond HIPAA Security Rule HHS Office for Civil Rights (OCR) has issued guidance on doing a SRA in accordance with HIPAA Free tools are available; no single required format What is MU Objective #1 all about? Protect Patient Health Information - Additional Information

Steps to meet MU Objective #1

Meeting MU Objective #1 Do the right thing “Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities.” Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI created or maintained by CEHRT in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP's risk management process.

Meeting MU Objective #1 Follow the process

Meeting MU Objective #1 Conduct a thorough assessment or review covering all five of the key security areas for all locations identifying threats, vulnerabilities, risks and deficiencies: Physical safeguards Administrative safeguard Technical safeguards Policies & procedures Organizational requirements

Meeting MU Objective #1 Follow-up and implement appropriate actions Assign responsibility for next steps Create and stick to timeline Document everything Demonstrate decision-maker commitment to and involvement in the process

Meeting MU Objective #1 Create and retain supporting documentation For attestation For audit purposes For internal use

Attesting for MU Objective #1

Attesting for MU Objective #1

Attesting for MU Objective #1 Upload supporting documentation SRA/R cover sheet attesting to the truthfulness and accuracy of the SRA/R An SRA/R for every location where EP practiced Name of practice Location Date completed Signed List name and title of person who did SRA/R

Common Issues

Common Issues: Objective #1 Some common issues encountered with Objective #1

Common Issues: Objective #1 Who should do it? Doesn’t the EHR vendor already do this? There is no standardized format or set of questions Our system is totally secure --- we have no issues We can’t afford to do an SRA/R We’re a very small practice, why do we have to do this? We’re a very large practice, why do we have to do this? Isn’t this a duplication of HIPAA? When ePHI is shared electronically, who is liable for breaches? EP works for more than our organization and we cannot get the SRA from the other organization SRA not integrated into a risk management process

Questions Questions?

Helpful Links CMS 2015 Program Requirements page MeHI Medicaid EHR Incentive Program page MeHI 2015 Supporting Documentation Requirements Guide HHS OCR HIPAA Guidance Risk Assessment Tool

Contact Us Thomas Bennett Client Services Relationship Manager (508) 870-0312, ext. 403 tbennett@masstech.org Brendan Gallagher Client Services Relationship Manager (508) 870-0312, ext. 387 gallagher@masstech.org Al Wroblewski, PCMH CCE Client Services Relationship Manager (508) 870-0312, ext. 603 wroblewski@masstech.org

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.