cooperative aco's must lead to cooperative security measures
Post on 24-Dec-2014
230 Views
Preview:
DESCRIPTION
TRANSCRIPT
8/28/13 1
ACO – Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security “It’s a Team Sport.”
Robby Gulri VP, Product Marketing gulri@echoworx.com
855.85HIPAA www.compliancygroup.com
Industry leading Educa1on
Cer1fied Partner Program
• Please ask ques1ons • For todays Slides h#p://compliancy-‐group.com/slides023/ • Todays & Past webinars go to: h#p://compliancy-‐group.com/webinar/
#CGwebinar
Real Stats in the Field
8/28/13 3
ACO – Accountable Care Organizations Definition
• Accountable Care Organizations (ACOs) are groups of doctors, hospitals, and other health care providers, who come together voluntarily to give coordinated high quality care to their Medicare patients
• Goal of coordinated care is to ensure that patients get the right care at the right time, while avoiding unnecessary duplication of services and preventing medical errors
• Share in the savings it achieves for the Medicare program
8/28/13 4
ACO Illustrated
8/28/13 5
Encryption requirements for ACOs
8/28/13 6
Requirements Scan, Encrypt or Block outbound email
• Compliance (PHI, PAN, etc) • Confidential or Sensitive
information Business Process Enablement for Efficiency
• Replace paper based processes • Loan applications, regulatory filings • Medical records, insurance claims,
and information exchange Automated eDocument Delivery
• Email distribution of documents containing private information
• Bank, mortgage, credit card statements
• Bills and invoices • Insurance policies and claims
The Players within ACOs
• Providers • As networks of providers, ACOs are composed mostly of
hospitals, physicians, and other healthcare professionals.
• Payers • The federal government, in the form of Medicare, will be the
primary payer of an ACO • Other payers include private insurances, or employer-
purchased insurance
• Patients • An ACO’s patient population will primarily consist of
Medicare beneficiaries
8/28/13 7
ACOs and Health Care IT
8/28/13 8
Encryp1on, Security of Data at Rest and in Mo1on
4 Essential Technologies for effective ACOs
• HIEs (Healthcare Information Exchange) • Portal • Secure Email • Push / Pull
• Analytics • Reporting • Dashboards
• Care Management applications • Tele Medicine • Remote Patient Monitoring
• Encryption & Security Applications • Document Encryption • Email Encryption
8/28/13 9
Security Framework for ACOs
• Secure, online environment which allows for controlled access to and sharing of data on a variety of levels between stakeholders
• Access to aggregate cost and quality trends by governance and project teams
• Secure repository for shared aggregate and detailed data
• Sharing of patient-specific clinical data between responsible caregivers
8/28/13 10
Tools required for Secure Communications
8/28/13 11
Source: AT&T Compliance Report 2013
Push / Pull Support
8/28/13 12
Complying to HIPAA for ACOs
• Becomes even more important as information is constantly being exchanged across multiple organizations and providers
• More scrutiny and enforcement of HIPAA Omnibus
• Encryption becomes an important compliance tool and weapon
8/28/13 13
HIPAA Encryption Requirements
• Standard ~ “Transmission Security: Implement technical security measures to guard against unauthorized access to PHI that is being transmitted over an electronic communications network” 45 CFR 164.312 (e)(1)
• Addressable Implementation Feature ~ “implement a mechanism to encrypt electronic protected health information whenever deemed appropriate” 45 CFR 164.312 (e)(2)(ii)
Email containing PHI requires Encryp1on
Addressable Implementation of encryption is not optional
• Addressable implementation features are not optional, they must be addressed; HCO must either: 1 Implement the feature or 2 Document why it’s not “reasonable and
appropriate” to implement feature, and implement an equivalent alternative measure
when “reasonable and appropriate”
Omnibus & Email Encryption
• More enforcement with Omnibus • Direct liability for both Covered
Entities and Business Associates • More parties involved with
PHI exchange • Breach Definition have changed
• Breach is presumed and you have to prove “why breach didn’t occur…”
• Increase Penalties for liability
8/28/13 16
Echoworx Snapshot
8/28/13 17
8/28/13 18
Thank you
Free Demo and 60 Day Evaluation www.compliancy-‐group.com
HIPAA Hotline 855.85HIPAA
855.854.4722
HIPAA Compliance HITECH Attestation
Omnibus Rule Ready Meaningful Use core measure 15
top related