Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.

Published byPhebe Turner Modified over 6 years ago

Similar presentations

Presentation on theme: "Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client."— Presentation transcript:

1 Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016
Today’s presenter: Al Wroblewski, PCMH CCE, Client Services Relationship Manager

2 Disclaimer This presentation was current at the time it was presented, published or uploaded onto the web. This presentation was prepared as a service to the public and is not intended to grant rights or impose obligations. This presentation may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage attendees to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents. Massachusetts eHealth Institute

3 The attestation deadline for Program Year 2015 is August 14, 2016
Reminder The attestation deadline for Program Year 2015 is August 14, 2016 This webinar series has been designed to help you successfully attest for Program Year 2015, so we wanted to remind you of the attestation deadline; we also encourage you to resolve any access issues (DCF, Special Enrollment) ASAP Massachusetts eHealth Institute

4 Agenda What is Meaningful Use (MU) Objective #1 all about?
Steps to meet MU Objective #1 Do the right thing Follow the process Conduct a thorough assessment or review Follow-up with appropriate actions Create and retain supporting documentation Attesting for MU Objective #1 Common Issues Questions and Answers

5 What is MU Objective #1 all about?

6 What is MU Objective #1 all about?

7 What is MU Objective #1 all about?
Protect Patient Health Information Objective Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities. Measure Conduct or review a security risk analysis in accordance with the requirements in 45 CFR (a)(1), including addressing the security (to include encryption) of ePHI created or maintained by CEHRT in accordance with requirements under 45 CFR (a)(2)(iv) and 45 CFR (d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP's risk management process. Exclusion No exclusion.

8 What is MU Objective #1 all about?
Conduct or review a SRA Encryption/security of data Create mitigation plan Implement updates A minimum of once/year Attest to conducting analysis Redo after upgrades Cover entire EHR reporting period Updates/deficiencies addressed demonstrating that corrections were made consistent with risk management process What is MU Objective #1 all about? Protect Patient Health Information - Additional Information

9 What is MU Objective #1 all about?
Conduct during program year and before attestation Does not go beyond HIPAA Security Rule HHS Office for Civil Rights (OCR) has issued guidance on doing a SRA in accordance with HIPAA Free tools are available; no single required format What is MU Objective #1 all about? Protect Patient Health Information - Additional Information

10 Steps to meet MU Objective #1

11 Meeting MU Objective #1 Do the right thing
“Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities.” Conduct or review a security risk analysis in accordance with the requirements in 45 CFR (a)(1), including addressing the security (to include encryption) of ePHI created or maintained by CEHRT in accordance with requirements under 45 CFR (a)(2)(iv) and 45 CFR (d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP's risk management process.

12 Meeting MU Objective #1 Follow the process

13 Meeting MU Objective #1 Conduct a thorough assessment or review covering all five of the key security areas for all locations identifying threats, vulnerabilities, risks and deficiencies: Physical safeguards Administrative safeguard Technical safeguards Policies & procedures Organizational requirements

14 Meeting MU Objective #1 Follow-up and implement appropriate actions Assign responsibility for next steps Create and stick to timeline Document everything Demonstrate decision-maker commitment to and involvement in the process

15 Meeting MU Objective #1 Create and retain supporting documentation For attestation For audit purposes For internal use

16 Attesting for MU Objective #1

17 Attesting for MU Objective #1

18 Attesting for MU Objective #1
Upload supporting documentation SRA/R cover sheet attesting to the truthfulness and accuracy of the SRA/R An SRA/R for every location where EP practiced Name of practice Location Date completed Signed List name and title of person who did SRA/R

19 Common Issues

20 Common Issues: Objective #1
Some common issues encountered with Objective #1

21 Common Issues: Objective #1
Who should do it? Doesn’t the EHR vendor already do this? There is no standardized format or set of questions Our system is totally secure --- we have no issues We can’t afford to do an SRA/R We’re a very small practice, why do we have to do this? We’re a very large practice, why do we have to do this? Isn’t this a duplication of HIPAA? When ePHI is shared electronically, who is liable for breaches? EP works for more than our organization and we cannot get the SRA from the other organization SRA not integrated into a risk management process

22 Questions Questions?

23 Helpful Links CMS 2015 Program Requirements page
MeHI Medicaid EHR Incentive Program page MeHI 2015 Supporting Documentation Requirements Guide HHS OCR HIPAA Guidance Risk Assessment Tool

24 Contact Us Thomas Bennett Client Services Relationship Manager
(508) , ext. 403 Brendan Gallagher Client Services Relationship Manager (508) , ext. 387 Al Wroblewski, PCMH CCE Client Services Relationship Manager (508) , ext. 603

Download ppt "Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.

Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.

CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.
Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.

Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.
1 1 Risk Management: How to Comply with Everything July 11, 2013.

1 1 Risk Management: How to Comply with Everything July 11, 2013.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
CMS Proposals for Quality Reporting Programs Under the 2015 Medicare Physician Fee Schedule Proposed Rule PQRS, EHR Incentive Program, Physician Compare,

CMS Proposals for Quality Reporting Programs Under the 2015 Medicare Physician Fee Schedule Proposed Rule PQRS, EHR Incentive Program, Physician Compare,
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.

Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.
The Auditing Process: Lessons Learned Florida’s Medicaid EHR Incentive Program July 23, 2015.

The Auditing Process: Lessons Learned Florida’s Medicaid EHR Incentive Program July 23, 2015.
Medicaid EHR Incentive Program For Eligible Professionals Overview of the Proposed 2015 Modification Rule Kim Davis-Allen Outreach Coordinator

Medicaid EHR Incentive Program For Eligible Professionals Overview of the Proposed 2015 Modification Rule Kim Davis-Allen Outreach Coordinator
Affordable Healthcare IT Solutions. MU RX Compliance with Meaningful Use Stage 2.

Affordable Healthcare IT Solutions. MU RX Compliance with Meaningful Use Stage 2.
Meaningful Use Security Risk Assessment (SRA): Resources for Eligible Professionals (EPs) Kim Bell, MHA, FACHE, PCMH-CCE Executive Director Georgia Health.

Meaningful Use Security Risk Assessment (SRA): Resources for Eligible Professionals (EPs) Kim Bell, MHA, FACHE, PCMH-CCE Executive Director Georgia Health.
Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN 678.640.4752.

Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN
Meaningful Use Security Risk Analysis Passing Your Audit.

Meaningful Use Security Risk Analysis Passing Your Audit.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Similar presentations

Ads by Google