UCSF Information Technology Update on Key Topics October 2014.

Slides:

Advertisements

Similar presentations

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Advertisements

UCSF Enterprise IT Consolidation

Leading IT through People Sharm Manwani Alistair Russell Colin Thompson Leslie Willcocks.

Data and Analytics Needs

BENEFITS OF SUCCESSFUL IT MODERNIZATION

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

Solutions & Services to ‘Multiply your Business Performance’ 2013.

January 2014 Presenter: Joe Bengfort

Information Security Policies Larry Conrad September 29, 2009.

Customer Care Operations Anxieties: Cost, Quality, Control & the Role of the Outsourcer Presented by Joe Feldkamp Senior Manager, Business Development.

Regents Update New Business Architecture Project 2010 Jan00 meeting notes.doc March 17, 2004 Accelerating the New Business Architecture An Update for the.

UC San Diego EH&S Staff Meeting Project 2010 Jan00 meeting notes.doc May 5, 2004 Update on the New Business Architecture EH&S Staff Meeting.

Faculty Group Practice Clinical Strategy FGP Board July 09, 2009 Attachment D.

1 Implementing the New Business Architecture University of California, San Diego January 18, 2006.

University of California New Business Architecture Project 2010 Jan00 meeting notes.doc April 15, 2004 Accelerating the New Business Architecture UC Employment.

Role, Function and Future of Medical Scribes Peter Reilly President & CEO American Healthcare Documentation Professionals Group.

Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.

1 MAIS & ITSS FY09 Priorities Joint UL Meeting October 27, 2008.

Human Resources Update Academic Senate Coordinating Committee February 2, 2015.

SCC EHR Workshop for Contractors: Implementation Considerations May 25, 2011.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

Getting Smarter with Information An Information Agenda Approach

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Revenue Cycle Management Medical Technology Acquisition and Assessment Team Members: Joseph Dixon, Michael Morotti, Mari Pirie-St. Pierre, David Robbins.

Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

History of Health IT Unit 3 Lesson 1

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

UCSF IT Update November 2013 Presenter: Joe Bengfort.

Duke Medicine IT Strategy Jeffrey Ferranti, MD Chief Information Officer / VP Medical Informatics Duke Medicine April 17, 2015.

Certification & Training Assessment Group History & Current Activity North Central Region Pesticide Education & Certification Workshop June 2002.

South Carolina Association for Healthcare Quality Using Data to Drive Organizational Improvement July 11, 2008 Bryan Bowles, Client Executive Premier Healthcare.

Practice Management: Tips for a Successful GI Practice James J. Weber, MD President & CEO of Texas Digestive Disease Consultants.

UCSF Information Security Risk Briefing November 2014.

The analyses upon which this publication is based were performed under Contract Number HHSM C sponsored by the Center for Medicare and Medicaid.

Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Community Connectivity The MA Experience John D. Halamka MD CIO, Harvard Medical School CIO, CareGroup Chairman, NEHEN.

STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.

Clinical Computing Secure, reliable technology that improves clinical workflow at the point of care.

The Second Annual Medical Device Regulatory, Reimbursement and Compliance Congress Presented by J. Glenn George Thursday, March 29, 2007 Day II – Track.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Using Data To Drive Practice Faith Muigai Jacaranda Health.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Jonathan P. DeShazo, Laishy Williams-Carlson, Rich Pollack.

A Leader’s Guide to Resiliency Case Examples Roadmap Dashboard.

Internal Communications Overview: Acquisition Model and Considerations A tool from HFMA’s Value Project Toolkit: hfma.org/valueprojecthfma.org/valueproject.

The Medical College of Georgia HIPAA Privacy Rule Orientation.

Strategic Approaches to HIPAA Access & Audit HIPAA Summit West II March 15, 2002 San Francisco, CA Mariann Yeager tel cel

Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.

Internal Communications Overview: Affiliation Models and Considerations A tool from HFMA’s Value Project Toolkit: hfma.org/valueprojecthfma.org/valueproject.

REDESIGNING ORGANIZATION & MANAGEMENT SYSTEMS (IHSDNs Attributes # 7, 8, 9,10, 11, 12, 13) (IHSDNs Attributes # 7, 8, 9,10, 11, 12, 13) July , 2015.

Diane Trimble, MSN, RN-BC Saint Luke’s Health System.

University IT Strategy

What is the Best Way to Select an EHR

Segmap Solutions Mapping segments.

January 2014 Presenter: Joe Bengfort

Managing Technology at Plantronics

UCSF Information Technology

Drew Hunt Network Security Analyst Valley Medical Center

Presentation to Project Certification Committee, DoIT August 24, 2008

Pam Matthews, FHIMSS Director of Business Information Systems Business Information Systems is focused around administrative and financial information.

Community Connectivity The MA Experience

KEY INITIATIVE Financial Data and Analytics

National Hospice and Palliative Care Organization’s Palliative Care Resource Series Best Practices for Using Telehealth in Palliative Care Vicki Wildman,

Presentation transcript:

UCSF Information Technology Update on Key Topics October 2014

HIPAA Security Compliance 2 Note: Includes central services such as IT, HR, Legal, & Privacy which are shared across all control points The lack of a comprehensive data security risk management program has resulted in insufficient HIPAA compliance posture across UCSF.

What is Driving this Risk Profile 3 Highly variable work practices across our control points, e.g.: Data handling for business workflow. Granting access to data and applications. No IT security compliance oversight to drive progress across control points. The lack of a risk management program was a key factor in OCR’s issuance of a $4.8M fine for New York-Presbyterian and Columbia University for a desktop that exposed data for 18 months. The widespread use of personally owned devices for UCSF work. Lack of technical controls to enforce policy / procedure, e.g: Control what devices can attach to the UCSF network. Ability to monitor where PHI / PII exists and how it is being moved. Limit the ways in which users and data can enter our network: In a 5-day period, there were over 140,000 SSH remote login attempts on the UCSF firewall. 91% of those were “bad” traffic. 74% of all attempts were from China. 20,000 gained access. An IT funding mechanism within Campus that requires individual departments and individuals to make decisions about investing in security controls.

Changes To Expect If your organization operates an IT environment they will need to adhere to standards of operation to improve security. Technical controls that you haven’t seen previously, for example: Enforce encryption on all computers and removable storage (e.g. USB flash drives). Network Access Control to prevent non-conforming computers from attaching to the UCSF network. Require software on computers that identify where PHI exists and enforce controls on how it is used and where it is being shared (e.g. Google & DropBox). Require management software on all computers attached to UCSF network. Password expiration policies. Two-factor authentication for technology system administrators and remote users. 4

Looking Ahead to IT Demand at UCSF year demand projection of IT infrastructure and application projects. Med Center:$70 M: ($13 M – 16 M annually) Campus: $112 M: ($ 18 M - $25 M annually) CESP: $23M(Projected new IT capital projects) IT operating support workload will increase substantially to support this growth which means added operating expense of about $27 M annually. Steps to mitigate: Operational Efficiency projects ( , service desk desktop support, data center) Consolidation of MC and Campus IT to leverage staff and skills. Consolidate core infrastructure (networks, computing systems, data warehousing, integration / interfaces; etc…). Increase IT organization productivity through Lean IT initiatives. Consider alternative sourcing strategies. The next generation of research, patient care and education is only possible with increased use of data and information technology.

UCSF Confidential and Attorney-Client Privileged Materials Key Aspects of the Approach Talking Points for Executives 6 Consider 3 rd party(s) to provide commodity oriented IT services that: Are generally available in the IT services marketplace; Can be provided at the same or greater quality of service; Can be provided at a material cost savings. Retain direct management of IT services that are: Central to UCSF strategic plans; Require intimate knowledge of UCSF clinical, research or education operations; Require close interaction with research, education or clinical operations. Information Security Approach: Data Center facilities: UCSF computing and data resources will remain USA domestic. Personnel / Services: Domestic or internationally where security can be sufficiently attained. Any internationally based services / personnel will have limited access and interaction with sensitive / regulated data (e.g. PHI / PII). Technical controls will be in place to prevent ability to download such data.

UCSF Confidential and Attorney-Client Privileged Materials LSfV: Four Areas Identified within UC Health System 7 Commissioned by the UC Health Leaders Jack Stobo; School of Medicine Deans; CEOs of Medical Centers Revenue Cycle Focus on integrative value and system standardization. It is looking to deliver substantial economic value over the next few years. Supply Chain Focused on hospital and clinic supplies. Development stage with committed $50 M in savings this year, a single executive in an interim role as a leader, and a very active recruitment for a permanent leader. Clinical / anatomic Lab Organized a single administrative group to lead operational improvement efforts for UC Health and is exploring a capability to support utilization review and improvement. Information Technology The latest LSfV area to be targeted and was initiated in August 2014 in a workshop with the 5 Med Center CIOs.

UCSF Confidential and Attorney-Client Privileged Materials General Information About IT LSfV 8 IT LSfV Team: Scott Cebula: Lead and facilitation Tom Andriola: UCOP CIO Edward Babakanian: UCSD Med Center CIO Joe Bengfort: UCSF CIO Michael Minear: UC Davis Med Center CIO Charles Podesta: UCI Med Center CIO Areas of Focus: Business Intelligence and Analytics Electronic Health Records IT Big Buy (related to Supply Chain) Stakeholder Partnerships (e.g. Imaging/Radiology, Pharmacy) IT Cost Transparency Across the Med Centers

Dashboard Status – as of 9/16/14 9 Dashboards - Live NameDescription FlashDash (+ Research)Operational Metrics (LOS, Volume, Cash, Case Mix) w/ Research patient filter QualDash v Metrics (Infection, Core Measures, Safety, Patient Sat) DischDashDischarges before noon metrics Service LineVolumes / Costs by Service Line Research Data BrowserDe-identified research cohort selection tool Dashboards - in Development NameDescription Verbal / Telephone OrdersPerformance w/ order entry Balanced ScorecardQuality, Finance, Operations & Patient Satisfaction IT Problem TicketsInternal IT metrics HB Revenue CycleReplace other report needs Inpatient Flu CompliancePerformance on CMS flu compliance Patient Satisfaction Inpatient / Outpatient satisfaction scores School of Medicine Student Medical student competency scores for students & advisors

10 Team Resources Live Optimized Development Sessions Executive Discharges Service Line Quality Research Reports streamlined Twenty Eight Analyst time saved 18hours/mo New Requests since launch38 Executive Quality Service Line Discharges Research Users Avg days for application development External 33% Internal 67% 550 Data / Metrics Applications Twelve 393 Days team in place 9 9 Sources 923 Accomplishments & Outcomes by 6/26/14

IT Roadmap 12 IT Roadmap projects approved for CFP funds in April 2014 (B&I Committee Update); 3 year total under $15M (FY14 to FY16) 11 Architecture: $4M Business: $0.4M Education: $3.2M EDW: $5.8M Research: $1.5M IT Roadmap- CFP Fund Approval FY14 to FY16