HIPAA Implementation Case Study: Disease Management Christine M. Gershtein RN, MSN LifeMasters Supported SelfCare, Inc. Irvine, CA.

Slides:

Advertisements

Similar presentations

December 2005 Presentation to the Vermont Commission on Health Care Reform Kenneth E. Thorpe, Ph.D. Robert W. Woodruff Professor and Chair Department of.

Advertisements

David Assee BBA, MCSE Florida International University

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

Disease State Management The Pharmacist’s Role

EFFECTIVE DELEGATION AND SUPERVISION

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

It’s A Success! Achieving Cost-Effective Disease Management in CHF Sherry Shults, RN BSN CIO South Carolina Heart Center.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Samaritan Select Disease Management Chronic Care Support Program.

2002 Quality Report Presented to the Board of Trustees March 2003.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 5 Personal Health Records Electronic Health Records for Allied.

Presented By: MICHAEL HOFFMAN President & CEO - Bolt Data Systems June 16, 2010 Data Backup for the Shared Platform.

Solution Overview for NIPDEC- CDAP July 15, 2005.

SEC835 Database and Web application security Information Security Architecture.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Florida Medicaid Disease Management: Challenges, Successes and Lessons for the Future Christobel E. Selecky, Chief Executive Officer LifeMasters Supported.

Health Information Technology Basics January 8, 2011 by Leola McNeill adapted from Information Technology Basics by June 2009, Kayla Calhoun & Dr. Frank.

Diabetes Disease Management Results in Hispanic Medicaid Patients Esteban R. López, MD, MBA, FAAP Program Director and Medical Director, McKesson Health.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

INTRODUCTION TO THE ELECTRONIC HEALTH RECORD CHAPTER 1.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.

PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.

1 E-Health Source: Information Systems for Healthcare Management, 6th Edition Authors: Charles J. Austin and Stuart B. Boxerman Health Administration Press.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Copyright © 2003 HealthTrio, Inc. 1 Achieving HIPAA and E-Business Objectives in Less than 90 days Ralph A. Korpman, MD CEO, HealthTrio 6 th Annual HIPAA.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

How to audit the role of the vendor in the conduct of outsourced studies Kristel Van de Voorde Director Global Quality Regulatory Compliance Bristol-Myers.

Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Disease Management National Policy Issues Christobel E. Selecky President, DMAA Executive Chairman, LifeMasters Supported SelfCare The Disease Management.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

System Changes and Interventions: Registry as a Clinical Practice Tool Mike Hindmarsh Improving Chronic Illness Care, a national program of the Robert.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Privacy, Confidentiality, and Security Component 2/Unit 8c.

Working with HIT Systems

Mike Hindmarsh Improving Chronic Illness Care California Chronic Care Learning Communities Initiative Collaborative February 2, 2004 Oakland, CA Clinical.

Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.

The IT Vendor: HIPAA Security Savior for Smaller Health Plans?

May 15, 2001 Achieving a High Degree of Data Reliability PHI Data Reliability.

Chapter 19 Manager of Information Systems. Defining Informatics Process of using cognitive skills and computers to manage information.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

This material was developed by Duke University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 5 Personal Health Records Electronic Health Records for Allied.

Chapter 8 Auditing in an E-commerce Environment

Evolving DM HIT Strategies Health Care Information Technology 2004 Improving Chronic Disease Care In CA November 18-18, 2004 Palace Hotel, San Francisco,

1 Copyright © 2009, 2006, 2003, 2000, 1997, 1994 by Saunders, an imprint of Elsevier Inc. Chapter 15 The Health Care Organization and Patterns of Nursing.

Chapter 1 Introduction to Electronic Health Records Copyright © 2011 by Saunders, an imprint of Elsevier Inc.

EFFECTIVE DELEGATION AND SUPERVISION

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.

Chapter 9 Case Management Copyright © 2015, 2011, 2007, 2001, 1997, 1993 by Saunders, an imprint of Elsevier Inc.

Cebu Normal University College of Nursing - Graduate Studies Clinical Nursing Information System A report by Carmenila S. Inso, RN Submitted to Domino.

Electronic Health Records (EHR)

Chapter 17 Risks, Security and Disaster Recovery

Introduction to the PACS Security

Presentation transcript:

HIPAA Implementation Case Study: Disease Management Christine M. Gershtein RN, MSN LifeMasters Supported SelfCare, Inc. Irvine, CA

Disease Management Association Definition Disease Management is a multi-disciplinary, continuum- based approach to healthcare delivery that proactively identifies populations with, or at risk for established medical conditions, that:  Supports the physician/patient relationship and plan of care  Emphasizes prevention of exacerbations and complications utilizing cost-effective evidence-based practice guidelines and patient empowerment strategies such as self-management  Continuously evaluates clinical, humanistic, and economic outcomes with the goal of improving overall health.

DMAA Definition Disease Management should contain the following:  Population Identification process  Evidence-based practice guidelines  Collaborative practice model - includes MD and other providers  Risk identification and matching of interventions with need  Patient self-management education (eg. primary prevention, behavior modification programs, and compliance/surveillance)  Process and outcomes measurement, evaluation, and mgmt.  Routine reporting/feedback loop (may include communication with patient, physician, health plan and ancillary providers, and practice profiling)  Appropriate use of information technology (may include specialized software, data registries, automated decision support tools, and call- back systems)

Covered Entity? Business Associate? Provider? HC Operations? Treatment? The final regs are still unclear!!

LifeMasters’ Current Position DMOs are Business Associates of Health Plans and other covered entities Individual consents are not required Population activities are protected under Health Care Operations This is very clear in the regs Individual activities are protected under Treatment Although, the preamble states that healthplans do not do treatment Most of our activities under this definition are done by healthcare providers (RNs, etc.) employed by LM

LM Service Model Physician Decision Support Supported SelfCare Identification Stratification Enrollment

Physician Decision Support Components Choice of easy to use methods IVR, Web, Connected device Vital signs and symptoms Customized for co-morbidities Biometric Monitoring Variety of options Video, telephonic, group, in-home Monitoring skills SelfCare concepts Initial patient training Actionable information Early intervention Improved efficiency Trend reports MD Exception reports MD-set thresholds Verified by LM nurse Feedback for behavior change Alert generation

DM requires multiple and ongoing data exchange Sub- contractors

Operations vs. Treatment

LM HIPAA Implementation Plan Appointed Chief Privacy Officer (MD) Established interdisciplinary committee –Operations, technology, clinical, legal Inventory of existing confidentiality P&Ps –Who has access to what data (internally and externally)? –When/how to obtain patient consent for internal/external use of PHI –How to ensure patient access to his/her own data

Contract review –Ensure sub-contractor compliance (data analysts, outsourced call centers, etc.) –Ensure Business Associate relationship clear in customer contracts Internal (and subcontractor) training on privacy P&Ps Ensure appropriate IT data security measures are taken LM HIPAA Implementation Plan

Data Security Measures Encryption of Data over the Internet 128 bit secure sockets layer (SSL) level 3.0 and digital certificates Complex password protection Information Access Control Password protection Ability to access, read, and modify data limited based on job requirements

Data Security Measures Security of Records Several layers of firewalls Intrusion detection Audits by external vendors Disaster Recovery Fault tolerant servers Configured to survive processor, drive or LAN card failure without affecting service Multiple call centers and colocation facility to provide redundancy Nightly backup and offsite storage

Data Security Measures  All applications have full audit trail of who changed what  No patient data transmitted via  Standard processing routines and formats for data processing, patient identification and risking  Centrally performed security configuration  Immediate removal of access for terminated employees  Key card access to buildings and engineering test lab

Website Privacy Preceded HIPAA

Conclusions DM companies/programs new enough that a lot of protections may already have been implemented Regardless of regs DM companies need to be particularly vigilant due to confusion with Marketing entities Best defense is a good offense - act like a covered entity as much as possible