EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.

Slides:



Advertisements
Similar presentations
Office of Provider Adoption Support (OPAS): Supporting Primary Care Providers to Achieve Meaningful Use February 29, 2012.
Advertisements

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Population Management & Reporting. Federally-designated Regional Extension Center for the State of Missouri  University of Missouri:  Department of.
Data Classification & Privacy Inventory Workshop
Security Controls – What Works
What Happens after You Sign with Missouri Health Information Technology Assistance Center?
Better, Smarter, Healthier Delivery System Reform Presentation to the Health IT Policy Committee March 10, 2015 U.S. Department of Health and Human Services.
US Perspectives on HIT Adoption and Assessment under Meaningful Use Blackford Middleton, MD, MPH, MSc Partners HealthCare System, Inc. Harvard Medical.
Temporary Certification Program: Overview Educational Session August 18, 2010 Carol Bean, PhD Director, Certification Division Office of the National Coordinator.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
Protecting and Promoting the Practice of Good Medicine Getting Started with Meaningful Use: The impact on the professional eligible provider MMIC Health.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)
An Overview of HRSA’s Office of Health Information Technology (OHIT) Health IT Portal and Toolbox: Technical Assistance Resources Candice Henderson, MPH.
Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.
Tracking Clinical Quality Measures. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management.
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
What Did I Work on in Washington? John Glaser April 16, 2010.
HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
EMR Remedies Electronic Health Record Solutions Copyright – EMR Remedies Corporate Overview and General Information on Federal.
AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act) Regina.
Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN
Fiscal Year (FY) 2015 National Training and Technical Assistance Cooperative Agreements (NCA) Funding Opportunity Announcement (FOA) HRSA Objective.
Claire Brindis, Dr. P.H. University of California, San Francisco Professor of Pediatrics and Health Policy, Department of Pediatrics, Division of Adolescent.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
American Recovery and Reinvestment Act: Summary of Health-related Provisions April 15, 2009.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Resources. Behavioral Health providers are being challenged to adopt health information technology with very limited resources. There is a need to prepare.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Your Answer to All Things EHR.  Federally-designated Regional Extension Center for the State of Missouri  University of Missouri:  Department of Health.
This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator.
TIME CRITICAL DIAGNOSIS
BENEFITS OF ELECTRONIC HEALTH INFORMATION. Health IT Video from HealthIT.gov (Please wait for the video to load and click on the arrow to play)
Bringing Health Information to Life DAVID BLUMENTHAL, MD, MPP National Coordinator of Health Information Technology US Department of Health & Human Services.
Creating an Interoperable Learning Health System for a Healthy Nation Jon White, M.D. Acting Deputy National Coordinator Office of the National Coordinator.
Overview of ONC Report to Congress on Health Information Blocking Presented to the Health IT Policy Committee, Task Force on Clinical, Technical, Organizational,
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Final Rule Regarding EHR Certification Flexibility for 2014 Today’s presenters: Al Wroblewski, Client Services Relationship Manager Thomas Bennett, Client.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
California Telehealth Network eHealth Broadband Adoption Grant National Telecommunications and Information Agency (NTIA) Broadband Technology Opportunities.
An Unprecedented Opportunity: Using Federal Stimulus Funds to Advance Health IT in California Testimony of Sam Karp, Vice President of Programs California.
Health IT for Post Acute Care (HITPAC) Stratis Health Special Innovation Project Candy Hanson, BSN, PHN December 5, 2012.
Delivery System Reform Incentive Payment Program (“DSRIP”) New York Presbyterian Performing Provider System.
Medical Informatics: The American Recovery and Reinvestment Act, HITECH, and The Health Information Technology Decade Chapter 2.
HIMSS – Chicago – April, 2009 New Jersey - Health Information Technology – NJ HIT Act – Office for Health Information Technology Development - Recovery.
Health Management Information Systems Clinical Decision Support Systems Lecture b This material Comp6_Unit5b was developed by Duke University, funded by.
Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.
Sachin H. Jain, MD, MBA Office of the National Coordinator for Health IT United States Department of Health and Human Services The Nation’s Health IT Agenda:
ONC Listening Session June 26, 2009 American Recovery and Reinvestment Act of 2009 Section 3013: State Grant Program.
Refuah Community Health Collaborative (RCHC) PPS
SCC Partner Compliance Training Programs
California Telehealth Network eHealth Broadband Adoption Grant
Health Information Exchange: Alaska’s Health Pipeline
SCC Partner Compliance Training Progams
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Health Information Exchange for Eligible Clinicians 2019
Presentation transcript:

EHR Privacy & Security

Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics  Center for Health Policy  Department of Family and Community Medicine  Missouri School of Journalism  Partners:  EHR Pathway  Hospital Industry Data Institute (Critical Access Hospitals)  Missouri Primary Care Association  Missouri Telehealth Network  Primaris

Assist Missouri's health care providers in using electronic health records to improve the access and quality of health services; to reduce inefficiencies and avoidable costs; and to optimize the health outcomes of Missourians

 For providers who do not have a certified EHR system - We help you choose and implement one in your office  For providers who already have a system - We help eligible providers meet the Medicare or Medicaid criteria for incentive payments 4

Cerner and the University of Missouri Health System have an independent strategic alliance to provide unique support for the Tiger Institute for Health Innovation, a collaborative venture to promote innovative health care solutions to drive down cost and dramatically increase quality of care for the state of Missouri. The Missouri Health Information Technology Assistance Center at the University of Missouri, however, is vendor neutral in its support of the adoption and implementation of EMRs by health care providers in Missouri as they move toward meaningful use. This regional extension center is funded through an award from the Office of the National Coordinator for Health Information Technology, Department of Health and Human Services Award Number 90RC0039/01

Information Security Risk Assessment Process Becky Thurmond Fowler System Security Analyst –Principal Division of IT, University of Missouri

Agenda Introduction Risk Assessment Process Risk Assessment Cheat Sheet Moving Forward… Questions?

Why Are We Doing This? Increased focus on security & privacy in society Federal and state laws and regulations Heard of a little thing called HIPAA?

HIPAA Covered Entities (CE’s) and Business Associates of CE’s must comply with the HIPAA Security Rule, including: ◦Due diligence ◦Good business practices ◦Analysis of risk ◦Creation of appropriate safeguards ◦Documentation

The Process – An Overview 1. Identify key relevant systems 2. Conduct a risk assessment 3. Implement a risk management program 4. Acquire IT systems and services as necessary 5. Create and deploy policies and procedures 6. Develop and implement a sanction policy 7. Develop and deploy the information system activity review process

Risk Assessment Process Identify key relevant systems ◦Categorize the sensitivity of the data ◦Which information systems are involved? ◦Perform inventory – who owns? ◦Configuration management and documentation

Risk Assessment Process Conduct a risk assessment ◦Variety of checklists and procedures to help you through the process ◦Document what you’re doing, do what you’re documenting! ◦Answers to questions raised in your risk assessment can help you determine where your data is vulnerable

Risk Assessment Cheat Sheet Section 1: Organizational Information ◦Definition of Personally Identifiable Information (PII) What kind of PII does your organization have, and what do you do with it?

Risk Assessment Cheat Sheet Section II: Access to Work Area Objective: To control unauthorized access to work areas where confidential or sensitive information is held or utilized

Risk Assessment Cheat Sheet Section III: Access to Work Equipment/Information/Materials Objective: To control unauthorized access to confidential or sensitive materials and work equipment

Risk Assessment Cheat Sheet Section IV: Information Systems Security & Access Objective: To appropriately manage confidential and sensitive electronic files and IT resources

Risk Assessment Cheat Sheet Section IV: (continued) ◦This section will require close work with your Information Technology folks.  Technical reviews  Application and server level controls  Networking  Disaster Recovery and Business Continuity

Risk Assessment Cheat Sheet Section V: Access to Waste Materials Objective: To ensure paper and electronic files and media are properly destroyed when appropriate

Risk Assessment Cheat Sheet Section VI: Organizational Procedures & Employee Training Objective: To set expectations and raise awareness among employees who handle confidential and sensitive information

Risk Assessment Process Implement Risk Management program ◦Thoughtfully choose security measures to reduce risks. ◦Qualitative vs. quantitative Looking to: ◦Reduce risk ◦Transfer risk ◦Accept risk ◦Avoid risk

Risk Assessment Process Acquire IT systems and services as necessary ◦Security isn’t free! What is your desired end result?

Risk Assessment Process Create and deploy policies and procedures Develop and implement a sanction policy Develop and deploy the information system activity review process (rinse & repeat)

Q & A Questions? Thank you!

 If you do not wish to ask a question, please press * 6 to mute your phone.

Meaningful Use & Physician Quality Reporting System (PQRS) Wednesday, November 9 th Presenter: Sandra Pogones Program Manager Primaris

 Contact MO HIT Assistance Center for details and pricing

 Website:  ◦  Phone: ◦

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.