SlideShare ist ein Scribd-Unternehmen logo

Hitech Act

ISACA New England
ISACA New England

The Health Information Technology for Economic and Clinical Health (HITECH) Act provides incentives for healthcare providers to adopt electronic health records. It aims to improve healthcare quality, reduce costs, and advance the use of health IT. The HITECH Act strengthens privacy and security protections for patient health information and requires notifications for breaches. It also provides guidelines for implementing electronic health records and exchanging patient information.

Technologie
1 von 24
Downloaden Sie, um offline zu lesen
The Health Information Technology for Economic and Clinical Health (HITECH) Act A Practical Application
Your Presenters Stacey Gutwillig Partner Deloitte & Touche LLP sgutwillig@deloitte.com (617) 437-2637 Mark Steinhoff Director Deloitte & Touche LLP msteinhoff @deloitte.com (617) 437-2614 Dan Hoye Manager Deloitte & Touche LLP dhoye@deloitte.com (617) 437-3528 Copyright © 2010 Deloitte Development LLC. All rights reserved. 1
Contents • The American Recovery and Reinvestment Act (ARRA) of 2009 and HITECH overview • Overview of HITECH goals • Ways to address HITECH provisions • Implementation Dates • Case studies • Penalties and Enforcement • Potential Business Impacts of the HITECH Act • Security and privacy overlaps Copyright © 2010 Deloitte Development LLC. All rights reserved. 2
The American Recovery and Reinvestment Act of 2009 and HITECH $38 billion total HITECH expenditures 2008 US (5% of Stimulus) ARRA Stimulus Federal $787 billion Budget $2.9 trillion (27%) $$$$ Federal Spending for ARRA includes federal tax cuts, expansion of unemployment benefits and other social welfare provisions, and domestic spending in education, health care, and infrastructure, including the energy sector. Copyright © 2010 Deloitte Development LLC. All rights reserved. 3
Health Information Technology for Economic and Clinical Health Act or HITECH Act Four major goals of the HITECH bill intended to advance the use of health information technology (Health IT or HIT): 1. Government leadership in developing standards by 2010 that allow for the nationwide electronic exchange and use of health information 2. Investing $20 billion in health information technology infrastructure and Medicare and Medicaid incentives to encourage doctors and hospitals to use HIT to electronically exchange patients’ health information. 3. Strengthening Federal privacy and security law to protect identifiable health information from misuse as the health care sector increases use of Health IT. 4. Saving the government $10 billion, and generating additional savings throughout the health sector, through improvements in quality of care/errors and care coordination As a result of this legislation, the Congressional Budget Office estimates that approximately 90 percent of doctors and 70 percent of hospitals will be using comprehensive electronic health records within the next decade Copyright © 2010 Deloitte Development LLC. All rights reserved. 4
Why the HITECH Act is Getting Such Attention? “….the American Recovery and Reinvestment Act (ARRA)…puts into law new privacy requirements that experts have called ‘the biggest change to the healthcare privacy and security environment since the original HIPAA privacy rule. ….According to a 2009 study by the Ponemon Institutea, the healthcare industry is among the top three industries most frequently victimized by data breaches, risking the medical and financial well being of breach victims and the credibility and future business of the healthcare provider’” – Over 44% of all cases in the 2009 year study involved third-party mistakes or flubs. Data breaches involving outsourced data to third parties are the most costly. aFourth Annual US Cost of Data Breach Study, Benchmark Study of Companies By Dr. Larry Ponemon Sponsored by PGP Corporation Independently conducted by Ponemon Institute LLC Publication Date: January 2009 Copyright © 2010 Deloitte Development LLC. All rights reserved. 5
Current state — Patient information network *Each color represents a unique encounter Various organizations access this networked Web on a national scale, gathering similar information about many patients Collective Medical Information Consuming Organizations Copyright © 2010 Deloitte Development LLC. All rights reserved. 6
Future state — The National Health Information Network (NHIN) In the mature state of the NHIN, geography will no longer be a consideration, as health care entities will have access to each other, creating a flux of health information. Future state fully developed and interoperable NHIN Value of the NHIN • Electronic Health Records (EHRs) will be the basis of information exchanges on the NHIN, with different entities accessing different components of EHRs. • Health care system entities and public health institutions will be able to access the NHIN, utilizing the full power of the availability of national health information. • Administrative, clinical, and public health costs will be reduced nationally, as health information may be accessed from and shared with other entities. • Interoperability between existing health systems will be the cornerstone to the NHIN in achieving goals. Copyright © 2010 Deloitte Development LLC. All rights reserved. 7
Recent New England Journal of Medicine survey finds very low use of EHR in U.S. hospitals1 • Survey of acute care hospitals that are American Hospital Method Association (AHA) members. The study received responses from 3,049 hospitals (63%) • 1.5% have a comprehensive electronic records system present in all clinical units (i.e., present in all clinical units), Results • 7.6% have at least a basic system present in at least one unit (i.e., present in at least one clinical unit). Significant findings related to barriers to EHR adoption in hospitals Among hospitals without a Record (EHR): • Inadequate capital for purchase (74%) was the most cited barrier, and EHR maintenance cost was 2nd most frequently cited barrier (44%) • Additional barriers cited in study include: – Physician resistance (36%) – Unclear Return on Investment (ROI) (32%) – Lack of staff with expertise in Health Information Technology (HIT) (30%) • For hospitals with an existing EHR, the above barriers were less likely to be cited except for physician resistance. 1 New England Journal of Medicine (NEJM) Volume 360:1628-1638 April 16, 2009 Copyright © 2010 Deloitte Development LLC. All rights reserved. 8
Some differences between HITECH and HIPAA General HIPAA HITECH Act • CEs included PHI custodians • CEs include PHI custodians as well as business • CEs were not actively audited associates (e.g. suppliers, outreach organizations, • No defined penalty structure for neglectful and other organizations doing business with the privacy practices primary CE) • Allows 10 years for compliance – Contracts are required with business associates defining use of PHI • DHHS to conduct periodic audits within first 12 months after new rules enacted • Increased, tiered penalty structure with fines ranging from $25K to $1.5M including mandatory penalties for cases of “willful neglect” – Proof of harm no longer required to levy penalties – Interpretation of breach cases and penalties will be made by state Attorneys General • Compliance required within 12 – 18 months Copyright © 2010 Deloitte Development LLC. All rights reserved. 9
Some differences between HITECH and HIPAA Breach Notification HIPAA HITECH Act • State security breach laws mandated • Applies to breaches on or after September 23, notification only for electronic PHI 2009 • Burden of notification fell on “data owners”, • CE must provide notification within 60 days excluding any organization that did not after PHI in any form is breached “own” the data – Starts from first day breach is known to • If data owner determined that it had an the CE/business associate or should obligation to notify of data breach, it was reasonably have been known required only to send letters to the affected – Requirements are specific for content, individuals within “a reasonable amount of timing, and obligations time” • Obligation to notify falls on CE and/or business associates • Breach impacting more than 500 individuals requires “immediate” notification to DHHS, making the breach public – If more than 500 individuals and affecting a single state or jurisdiction, notice must be made to prominent media outlets • In cases affecting less than 500 individuals, the CE must maintain a log of breaches and submit annually to DHHS, which will be posted on a public website Copyright © 2010 Deloitte Development LLC. All rights reserved. 10
HITECH Act — Key Implementation Dates2 Provision Guidance/Regulations Effective Date Health Insurance Health and Human Services (HHS) issued an initial set of February 17, 2010 Portability and standards for implementation and certification criteria for Accountability Act (HIPAA) the electronic exchange and use of health information on security and privacy January 13, 2010 provisions to business Associates Annual guidance on appropriate technical safeguards from Department of Health and Human Services (DHHS) Breach Notification DHHS and Federal Trade Commission (FTC ) issued No later than September 23, 2009 interim final regulations on August 24, 2009 Disclosure Restrictions DHHS to issue guidance on what constitutes “minimum February 17, 2010 necessary” no later than August 17, 2010 Accounting of Disclosures DHHS to issue regulations on what information must be January 1, 2014 if EHR acquired before collected about disclosures by June 30, 2010 January 1, 2009 As early as January 1, 2011 if EHR acquired after January 1, 2009 Prohibition on Sale of EHR DHHS to issue regulations by August 17, 2010 No later than February 17, 2011 Marketing and Fundraising None February 17, 2010 Penalties and Enforcement DHHS to issue regulations for penalties as related to willful Penalties as related to willful neglect by neglect no later than August 17, 2010 February 17, 2011 Government Accountability office (GAO) to submit a report Tiered increase in civil penalties and to DHHS detailing individual remuneration for civil penalty state attorney general enforcement or settlement amounts no later than February 17, 2012 effective February 17, 2009 2 As of January 26, 2010 Copyright © 2010 Deloitte Development LLC. All rights reserved. 11
Some ways to address the provisions of the act… Provision of the Act Action Steps: Investment in Health IT Implementation of electronic health records systems and Infrastructure infrastructure HIPAA Privacy & Security Assessment HIPAA Security and Privacy HIPAA Strategy & Program Development Provisions to Business Associates Business Associate Assessments Incident Response Program Development Breach Notification Data Protection Technology Implementation Update current policies, procedures, and controls to support: • the requirement of specific authorization from patients Marketing and Fundraising to use PHI for marketing/fundraising • the patient’s right to opt-out of any communication that relates to fundraising. Copyright © 2010 Deloitte Development LLC. All rights reserved. 12
Some ways to address the provisions of the act… Provision of the Act Action Steps: Update current policies, procedures, and controls to support: • the ability for a patient to request PHI not be disclosed when Disclosure Restrictions paying for the service fully out-of-pocket. • the collection and disclosure of the minimum set of PHI practicable to perform business operations Develop policies, procedures, and controls to support the following requirements: • Covered Entities (CEs) and business associates to produce an accounting of all disclosures of a patient’s PHI, upon request Accounting of Disclosures • CEs must either account for PHI disclosures made by business associates or provide a list of all business associates acting on behalf of the CE Update current policies, procedures, and controls to support: Prohibition on Sale of EHR • the requirement of specific authorization from patients prior to receiving direct or indirect remuneration for sale of PHI Copyright © 2010 Deloitte Development LLC. All rights reserved. 13
Case Study Major U.S. - Based Medical Devices Company Implementation of Data Privacy Program Background The company determined that a review of current data privacy practices and controls was needed due to a combination of data privacy inquiries from customers and a global ERP deployment including European operations. The key drivers were: § Compliance with Federal, state and international regulatory requirements § Risk of breach of contractual agreements with customers § Business operations interruption in EU Outcome § Addressed privacy and related business risk (including HITECH considerations) § Registered as Safe Harbor compliant for both Customer and HR § Global employee and customer privacy policies deployed (including HITECH considerations) § Data Protection strategy influenced by data privacy rollout § Options for de-identification of patient data developed for R&D § Strategies for movement of Test Data (ERP) developed via Model Contracts § Information Security strategy informed by Data Privacy initiative Copyright © 2010 Deloitte Development LLC. All rights reserved. 14
Case Study Global Life Sciences and Medical Device Company Current State Assessment and Gap Analysis Background Following a lost, unencrypted laptop containing PHI resulting in breach notification in conjunction with the passage of the HITECH Act, the company determined they needed a better understanding of their data privacy policies and practices. A current state assessment was performed a special focus on: § compliance with HIPAA privacy and security rules § Business Associate Agreements with organizations Lessons Learned Outcome § PHI was used for secondary uses in their R&D § Identified significant areas of exposure to the division that were not permitted per customer company based on non-compliance with HIPAA contracts and BAAs. privacy rule § BAAs were not in place with a number of their customers and customer that did have BAAs were § Updated BAAs template contracts to address not consistent. HIPAA/HITECH requirements § Assessment findings exposed more significant § Revised privacy policies and standards (e.g. issues with the company’s vendor management notice language) process and procedures. § Developed a working relationship between the § The underlying information security program did information security and privacy functions. not support the privacy policies and as a result the company was not in compliance with the § Revised and expanded their information security HIPAA privacy and security rules. policy Copyright © 2010 Deloitte Development LLC. All rights reserved. 15
Case Study Major Network of Teaching Hospitals Current State Assessment and Gap Analysis Background Faced with multiple and evolving healthcare regulatory requirements, the company decided to assess and prioritize information security risks and to determine current state capability to comply with the regulations and to manage identified risks. Outcome § An information security risk management roadmap was developed to address key risk and capability gaps in order to align with healthcare regulatory requirements. § A matrix comprised of a rationalized set of 86 legal and regulatory requirements, was organized into 12 functional risk areas to serve as the baseline for the assessment. Ø The matrix included requirements from HIPAA/HITECH, the Red Flag Rules, statutory requirements, etc. § In summary, the company identified and initiated procedures and tools to secure EPHI and PII. As a result, the company can now demonstrate progress with the outlined remediation activities in preparation for the implementation of HITECH related requirements, reviews and audits. Copyright © 2010 Deloitte Development LLC. All rights reserved. 16
Case Study Global Telecommunications Company Current State Assessment and Gap Analysis Background Faced with multiple and evolving regulatory requirements, including HIPAA/HITECH, the company performed a current state assessment of its information security policies to determine if the current state of the policies complied with HIPAA/HITECH requirements. Lessons Learned § The company had not updated information security policies and procedures since the Privacy Act of 2003. § Policies were developed by Legal Departments to comply with the Privacy Act ,however, only consisted of a recital of the provisions within the Privacy Act. § The client was out of compliance with its outdated policies and therefore was out of compliance with HIPAA/HITECH requirements. § The company identified that the existing breach notification policy/process was: Ø focused on technological risks and did not address privacy risks throughout the organization Ø did not include up to date escalation procedures § The company overhauled all information security and privacy policies to address current practices and regulatory requirements. Copyright © 2010 Deloitte Development LLC. All rights reserved. 17
Case Study Multi-institutional Network of Hospitals across the Northeast Implementation of Data Privacy Program Background The company faced several immediate and long-term regulatory, security and personnel challenges including: § vacant Chief Information Security Officer position due to personnel changes § minimal progress in managing system wide enterprise security risks § management and regulatory pressure to comply with security requirements Solution The company developed a plan to meet these challenges by creating a prioritized roadmap for FY2010 and: § performed information security risk assessment to define current and future state across information security domains and capabilities. § defined short/medium term focus, including prioritized security implementation plan. § developed organizational redesign for Information Security Office, including governance model, roles and responsibilities across health system. § established structured security program management and reporting of key risks. § provided subject matter experience to key initiatives across the system, including HITECH response. § executed Information Security plan and strategy for 2009 and identified priorities for 2010. Copyright © 2010 Deloitte Development LLC. All rights reserved. 18
Penalties & Enforcement • Expanded resources and significant funding for Penalties DHHS enforcement Department of • State Attorneys General Health & authorized to pursue Human actions on behalf of state Services • New penalty tiers per citizens HIPAA violation (max/year) • Vendor breaches enforced • Unknowing ($25K) by the Federal Trade • Reasonable cause Commission as an unfair Federal State Trade Attorneys ($100K) and deceptive act or practice Commission General • Willful Neglect ($250K) • Uncorrected willful neglect ($1.5M) • Civil and criminal liability for HIPAA violations extended to business associates • Mandatory investigations and civil penalties for violations due to willful Enforcement neglect Copyright © 2010 Deloitte Development LLC. All rights reserved. 19
Potential Business Impacts of the HITECH Act Positives: • Improved individual patient data availability • Stimulus funding for early EHR adoption • Improved tracking of chronic disease management • Evaluation of health care based on value enabled by the collection of de- identified price and quality information that can be compared. Challenges: • Creates additional needs to monitor controls to mitigate the risks due to heightened oversight and enforcement • Process re-engineering, system changes, and logical/physical security mechanisms changes required • Create new legal processes for Breach notification, data storage, etc. • Expanded needs for contractual language to include written requirements • Assessment/Re-engineering of how PHI is exchanged between parties Copyright © 2010 Deloitte Development LLC. All rights reserved. 20
Security/Privacy OVERLAP with HITECH COMPLIANCE • The following are the TOP1 Security/Privacy Issues within Healthcare/Lifesciences Organizations: 1. Lack of visibility into third parties/business associate privacy practices (esp. older agreements) 2. Lack of adequate training to the organization including specific trainings to those who handle personal healthcare information (PHI) 3. Lack of adequate privacy program 4. Lack of formal privacy risk assessment process 5. Large number of records are stored in hardcopy format (i.e. Lack of EHR) 6. Inappropriate use and/or collection of information and information leakage 7. Inadequate segregation of duties (access to information) 8. Inappropriate encryption techniques/technologies 9. Lack of process to identify and classify PHI 10. Lack of compliance with Records Management/Retention Policy 11. Inappropriate conduct of internal employees 12. Exposure to external threats All with impacts to HITECH compliance 1 Based on respondent results set forth in the Deloitte* 2009 Life Sciences & Health Care Security Study * As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Copyright © 2010 Deloitte Development LLC. All rights reserved. 21
Contact Info Stacey Gutwillig Partner Deloitte & Touche LLP sgutwillig@deloitte.com (617) 437-2637 Mark Steinhoff Director Deloitte & Touche LLP msteinhoff@deloitte.com (617) 437-2614 Dan Hoye Manager Deloitte & Touche LLP dhoye@deloitte.com (617) 437-3528 Copyright © 2010 Deloitte Development LLC. All rights reserved. 22
Disclaimer This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. In addition, this article contains the results of a survey conducted by Deloitte. The information obtained during the survey was taken “as is” and was not validated or confirmed by Deloitte. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright © 2010 Deloitte Development LLC. All rights reserved. 23

Empfohlen

Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
hitech act
hitech acthitech act
hitech actpadler01
 
Health information system security
Health information system securityHealth information system security
Health information system securitykristinleighclark
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
Powerpoint presentation on EHR
Powerpoint presentation on EHRPowerpoint presentation on EHR
Powerpoint presentation on EHRinformatics-jacqueline
 
Week 9 emr implementation final project
Week 9 emr implementation final projectWeek 9 emr implementation final project
Week 9 emr implementation final projectprdolfin
 
Health Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptxHealth Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptxArti Parab Academics
 

Empfohlen

Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
hitech act
hitech acthitech act
hitech actpadler01
 
Health information system security
Health information system securityHealth information system security
Health information system securitykristinleighclark
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
Powerpoint presentation on EHR
Powerpoint presentation on EHRPowerpoint presentation on EHR
Powerpoint presentation on EHRinformatics-jacqueline
 
Week 9 emr implementation final project
Week 9 emr implementation final projectWeek 9 emr implementation final project
Week 9 emr implementation final projectprdolfin
 
Health Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptxHealth Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptxArti Parab Academics
 
Electronic medical record for Doctors
Electronic medical record for DoctorsElectronic medical record for Doctors
Electronic medical record for DoctorsRailwire
 
Health Information Exchange (HIE)
Health Information Exchange (HIE)Health Information Exchange (HIE)
Health Information Exchange (HIE)Greenway Health
 
EHR Chapter 1
EHR Chapter 1EHR Chapter 1
EHR Chapter 1cindynivens
 
Pros and cons of ehr
Pros and cons of ehrPros and cons of ehr
Pros and cons of ehrNortec Ehr
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummieshipaacompliance
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & SecurityNational Pharmacy Technician Association
 
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealth Catalyst
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
Electronic health record
Electronic health recordElectronic health record
Electronic health recordPS Deb
 
Big data analytics in healthcare industry
Big data analytics in healthcare industryBig data analytics in healthcare industry
Big data analytics in healthcare industryBhagath Gopinath
 
Health Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsHealth Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsJil Wright
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Healthcare History Timeline from Annenberg Classroom
Healthcare History Timeline from Annenberg ClassroomHealthcare History Timeline from Annenberg Classroom
Healthcare History Timeline from Annenberg ClassroomHeather Zink
 
Benefits and Challenges of EHR
Benefits and Challenges of EHRBenefits and Challenges of EHR
Benefits and Challenges of EHRMindbowser Inc
 
Electronic health record
Electronic health recordElectronic health record
Electronic health recordEhrecord79
 
Application of data science in healthcare
Application of data science in healthcareApplication of data science in healthcare
Application of data science in healthcareShreyaPai7
 
Clinical Information Systems, Hospital Information Systems & Electronic Healt...
Clinical Information Systems, Hospital Information Systems & Electronic Healt...Clinical Information Systems, Hospital Information Systems & Electronic Healt...
Clinical Information Systems, Hospital Information Systems & Electronic Healt...Nawanan Theera-Ampornpunt
 
Healthcare information technology
Healthcare information technologyHealthcare information technology
Healthcare information technologyDr.Vijay Talla
 
PHR intro
PHR introPHR intro
PHR introChristopher Lamer
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
Blackbaud project kick off summary
Blackbaud project kick off summaryBlackbaud project kick off summary
Blackbaud project kick off summaryTheodore Van Patten, Jr.
 
Mx prospect management and millennium process
Mx prospect management and millennium processMx prospect management and millennium process
Mx prospect management and millennium processTheodore Van Patten, Jr.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Electronic medical record for Doctors
Electronic medical record for DoctorsElectronic medical record for Doctors
Electronic medical record for DoctorsRailwire
 
Health Information Exchange (HIE)
Health Information Exchange (HIE)Health Information Exchange (HIE)
Health Information Exchange (HIE)Greenway Health
 
Pros and cons of ehr
Pros and cons of ehrPros and cons of ehr
Pros and cons of ehrNortec Ehr
 
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealth Catalyst
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
Electronic health record
Electronic health recordElectronic health record
Electronic health recordPS Deb
 
Big data analytics in healthcare industry
Big data analytics in healthcare industryBig data analytics in healthcare industry
Big data analytics in healthcare industryBhagath Gopinath
 
Health Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsHealth Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsJil Wright
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Healthcare History Timeline from Annenberg Classroom
Healthcare History Timeline from Annenberg ClassroomHealthcare History Timeline from Annenberg Classroom
Healthcare History Timeline from Annenberg ClassroomHeather Zink
 
Benefits and Challenges of EHR
Benefits and Challenges of EHRBenefits and Challenges of EHR
Benefits and Challenges of EHRMindbowser Inc
 
Electronic health record
Electronic health recordElectronic health record
Electronic health recordEhrecord79
 
Application of data science in healthcare
Application of data science in healthcareApplication of data science in healthcare
Application of data science in healthcareShreyaPai7
 
Clinical Information Systems, Hospital Information Systems & Electronic Healt...
Clinical Information Systems, Hospital Information Systems & Electronic Healt...Clinical Information Systems, Hospital Information Systems & Electronic Healt...
Clinical Information Systems, Hospital Information Systems & Electronic Healt...Nawanan Theera-Ampornpunt
 
Healthcare information technology
Healthcare information technologyHealthcare information technology
Healthcare information technologyDr.Vijay Talla
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 

Was ist angesagt? (20)

Electronic medical record for Doctors
Electronic medical record for DoctorsElectronic medical record for Doctors
Electronic medical record for Doctors
 
Health Information Exchange (HIE)
Health Information Exchange (HIE)Health Information Exchange (HIE)
Health Information Exchange (HIE)
 
EHR Chapter 1
EHR Chapter 1EHR Chapter 1
EHR Chapter 1
 
Pros and cons of ehr
Pros and cons of ehrPros and cons of ehr
Pros and cons of ehr
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummies
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & Security
 
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
 
Big data analytics in healthcare industry
Big data analytics in healthcare industryBig data analytics in healthcare industry
Big data analytics in healthcare industry
 
Health Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsHealth Information Technology & Nursing Informatics
Health Information Technology & Nursing Informatics
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
Healthcare History Timeline from Annenberg Classroom
Healthcare History Timeline from Annenberg ClassroomHealthcare History Timeline from Annenberg Classroom
Healthcare History Timeline from Annenberg Classroom
 
Benefits and Challenges of EHR
Benefits and Challenges of EHRBenefits and Challenges of EHR
Benefits and Challenges of EHR
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
 
Application of data science in healthcare
Application of data science in healthcareApplication of data science in healthcare
Application of data science in healthcare
 
Clinical Information Systems, Hospital Information Systems & Electronic Healt...
Clinical Information Systems, Hospital Information Systems & Electronic Healt...Clinical Information Systems, Hospital Information Systems & Electronic Healt...
Clinical Information Systems, Hospital Information Systems & Electronic Healt...
 
Healthcare information technology
Healthcare information technologyHealthcare information technology
Healthcare information technology
 
PHR intro
PHR introPHR intro
PHR intro
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
 

Andere mochten auch

Mx prospect management and millennium process
Mx prospect management and millennium processMx prospect management and millennium process
Mx prospect management and millennium processTheodore Van Patten, Jr.
 
Millennium upgrade user kickoff presentation
Millennium upgrade user kickoff presentationMillennium upgrade user kickoff presentation
Millennium upgrade user kickoff presentationTheodore Van Patten, Jr.
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleMichigan Primary Care Association
 
New hope family center strategic plan 2009 2011
New hope family center strategic plan 2009 2011New hope family center strategic plan 2009 2011
New hope family center strategic plan 2009 2011Theodore Van Patten, Jr.
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisCharles McNeil
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 
Project charter and plan document for millennium upgrade
Project charter and plan document for millennium upgradeProject charter and plan document for millennium upgrade
Project charter and plan document for millennium upgradeTheodore Van Patten, Jr.
 
Hipaa hitech requirements
Hipaa hitech requirementsHipaa hitech requirements
Hipaa hitech requirementsDQS Inc.
 
Intorduction to Health information system presentation
Intorduction to Health information system presentation Intorduction to Health information system presentation
Intorduction to Health information system presentationAkumengwa
 
Social Media In Healthcare: Coming of Age
Social Media In Healthcare: Coming of AgeSocial Media In Healthcare: Coming of Age
Social Media In Healthcare: Coming of AgeLee Aase
 
Healthcare Information Systems - Past, Present, and Future
Healthcare Information Systems - Past, Present, and FutureHealthcare Information Systems - Past, Present, and Future
Healthcare Information Systems - Past, Present, and FutureHealth Catalyst
 
How do we see the healthcare's digital future and its impact on our lives?
How do we see the healthcare's digital future and its impact on our lives?How do we see the healthcare's digital future and its impact on our lives?
How do we see the healthcare's digital future and its impact on our lives?Jane Vita
 

Andere mochten auch (15)

Blackbaud project kick off summary
Blackbaud project kick off summaryBlackbaud project kick off summary
Blackbaud project kick off summary
 
Mx prospect management and millennium process
Mx prospect management and millennium processMx prospect management and millennium process
Mx prospect management and millennium process
 
Millennium upgrade user kickoff presentation
Millennium upgrade user kickoff presentationMillennium upgrade user kickoff presentation
Millennium upgrade user kickoff presentation
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
 
New hope family center strategic plan 2009 2011
New hope family center strategic plan 2009 2011New hope family center strategic plan 2009 2011
New hope family center strategic plan 2009 2011
 
Strategic Management Final Presentation
Strategic Management Final PresentationStrategic Management Final Presentation
Strategic Management Final Presentation
 
Course paper hitech act and arra 2010
Course paper hitech act and arra 2010Course paper hitech act and arra 2010
Course paper hitech act and arra 2010
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) Compliance
 
Project charter and plan document for millennium upgrade
Project charter and plan document for millennium upgradeProject charter and plan document for millennium upgrade
Project charter and plan document for millennium upgrade
 
Hipaa hitech requirements
Hipaa hitech requirementsHipaa hitech requirements
Hipaa hitech requirements
 
Intorduction to Health information system presentation
Intorduction to Health information system presentation Intorduction to Health information system presentation
Intorduction to Health information system presentation
 
Social Media In Healthcare: Coming of Age
Social Media In Healthcare: Coming of AgeSocial Media In Healthcare: Coming of Age
Social Media In Healthcare: Coming of Age
 
Healthcare Information Systems - Past, Present, and Future
Healthcare Information Systems - Past, Present, and FutureHealthcare Information Systems - Past, Present, and Future
Healthcare Information Systems - Past, Present, and Future
 
How do we see the healthcare's digital future and its impact on our lives?
How do we see the healthcare's digital future and its impact on our lives?How do we see the healthcare's digital future and its impact on our lives?
How do we see the healthcare's digital future and its impact on our lives?
 

Ähnlich wie Hitech Act

Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Pa...
Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Pa...Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Pa...
Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Pa...Health IT Conference – iHT2
 
JHIM Winter Issue 2010
JHIM Winter Issue 2010JHIM Winter Issue 2010
JHIM Winter Issue 2010Kim Klein
 
HLTH606 Facilitated Discussion - EHR (Oct 2011)
HLTH606 Facilitated Discussion - EHR (Oct 2011)HLTH606 Facilitated Discussion - EHR (Oct 2011)
HLTH606 Facilitated Discussion - EHR (Oct 2011)Katie Seeler Hoskins
 
Moderator_EHR Panel: Thurs ct health tech forum 2011_shs_05.19.11.10final
Moderator_EHR Panel: Thurs ct health tech forum 2011_shs_05.19.11.10finalModerator_EHR Panel: Thurs ct health tech forum 2011_shs_05.19.11.10final
Moderator_EHR Panel: Thurs ct health tech forum 2011_shs_05.19.11.10finalStrategic Healthcare Solutions
 
nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17gail18
 
nursing informatics(jennifer vargas)
nursing informatics(jennifer vargas)nursing informatics(jennifer vargas)
nursing informatics(jennifer vargas)jennvargas5711
 
A discussion of policy options and alternatives for the sustainability of pub...
A discussion of policy options and alternatives for the sustainability of pub...A discussion of policy options and alternatives for the sustainability of pub...
A discussion of policy options and alternatives for the sustainability of pub...Jeff Smith
 
HealthCare Reform - 10 Things You Should Know
HealthCare Reform - 10 Things You Should Know HealthCare Reform - 10 Things You Should Know
HealthCare Reform - 10 Things You Should Know Glenn Roland
 
Shaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submissionShaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submissionCareer Communications Group
 
The Canada Health Infoway - A review of its objectives, accomplishments, and ...
The Canada Health Infoway - A review of its objectives, accomplishments, and ...The Canada Health Infoway - A review of its objectives, accomplishments, and ...
The Canada Health Infoway - A review of its objectives, accomplishments, and ...Sam Gharbi
 
283NURSING ECONOMIC$July-August 2010Vol. 28No. 4IN 20.docx
283NURSING ECONOMIC$July-August 2010Vol. 28No. 4IN 20.docx283NURSING ECONOMIC$July-August 2010Vol. 28No. 4IN 20.docx
283NURSING ECONOMIC$July-August 2010Vol. 28No. 4IN 20.docxtamicawaysmith
 
Personalized Health and Care: IT-enabled Personalized Healthcare
Personalized Health and Care: IT-enabled Personalized HealthcarePersonalized Health and Care: IT-enabled Personalized Healthcare
Personalized Health and Care: IT-enabled Personalized HealthcareIBM HealthCare
 
Future Of Healthcare It August 2010
Future Of Healthcare It August 2010Future Of Healthcare It August 2010
Future Of Healthcare It August 2010Mike Wons
 
Emerose galvez
Emerose galvezEmerose galvez
Emerose galvezemerosegal
 
Tobi_NwHIN Privacy and Security final Paper
Tobi_NwHIN Privacy and Security final PaperTobi_NwHIN Privacy and Security final Paper
Tobi_NwHIN Privacy and Security final PaperOlatunji Oloruntobiloba
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:Mirasolmanginyog
 
What the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkWhat the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkHealth Catalyst
 

Ähnlich wie Hitech Act (20)

Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Pa...
Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Pa...Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Pa...
Case Study “HIE Consumer & Stakeholder Engagement: Privacy and Security of Pa...
 
JHIM Winter Issue 2010
JHIM Winter Issue 2010JHIM Winter Issue 2010
JHIM Winter Issue 2010
 
HLTH606 Facilitated Discussion - EHR (Oct 2011)
HLTH606 Facilitated Discussion - EHR (Oct 2011)HLTH606 Facilitated Discussion - EHR (Oct 2011)
HLTH606 Facilitated Discussion - EHR (Oct 2011)
 
Health IT Beyond Hospitals
Health IT Beyond HospitalsHealth IT Beyond Hospitals
Health IT Beyond Hospitals
 
Moderator_EHR Panel: Thurs ct health tech forum 2011_shs_05.19.11.10final
Moderator_EHR Panel: Thurs ct health tech forum 2011_shs_05.19.11.10finalModerator_EHR Panel: Thurs ct health tech forum 2011_shs_05.19.11.10final
Moderator_EHR Panel: Thurs ct health tech forum 2011_shs_05.19.11.10final
 
nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17
 
nursing informatics(jennifer vargas)
nursing informatics(jennifer vargas)nursing informatics(jennifer vargas)
nursing informatics(jennifer vargas)
 
A discussion of policy options and alternatives for the sustainability of pub...
A discussion of policy options and alternatives for the sustainability of pub...A discussion of policy options and alternatives for the sustainability of pub...
A discussion of policy options and alternatives for the sustainability of pub...
 
HealthCare Reform - 10 Things You Should Know
HealthCare Reform - 10 Things You Should Know HealthCare Reform - 10 Things You Should Know
HealthCare Reform - 10 Things You Should Know
 
Shaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submissionShaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submission
 
The Canada Health Infoway - A review of its objectives, accomplishments, and ...
The Canada Health Infoway - A review of its objectives, accomplishments, and ...The Canada Health Infoway - A review of its objectives, accomplishments, and ...
The Canada Health Infoway - A review of its objectives, accomplishments, and ...
 
283NURSING ECONOMIC$July-August 2010Vol. 28No. 4IN 20.docx
283NURSING ECONOMIC$July-August 2010Vol. 28No. 4IN 20.docx283NURSING ECONOMIC$July-August 2010Vol. 28No. 4IN 20.docx
283NURSING ECONOMIC$July-August 2010Vol. 28No. 4IN 20.docx
 
Medical informatics report
Medical informatics reportMedical informatics report
Medical informatics report
 
Personalized Health and Care: IT-enabled Personalized Healthcare
Personalized Health and Care: IT-enabled Personalized HealthcarePersonalized Health and Care: IT-enabled Personalized Healthcare
Personalized Health and Care: IT-enabled Personalized Healthcare
 
Future Of Healthcare It August 2010
Future Of Healthcare It August 2010Future Of Healthcare It August 2010
Future Of Healthcare It August 2010
 
Emerose galvez
Emerose galvezEmerose galvez
Emerose galvez
 
Enabling Healthcare Reform Using IT
Enabling Healthcare Reform Using ITEnabling Healthcare Reform Using IT
Enabling Healthcare Reform Using IT
 
Tobi_NwHIN Privacy and Security final Paper
Tobi_NwHIN Privacy and Security final PaperTobi_NwHIN Privacy and Security final Paper
Tobi_NwHIN Privacy and Security final Paper
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:
 
What the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkWhat the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your Work
 

Kürzlich hochgeladen

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Kürzlich hochgeladen (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Hitech Act

  • 1. The Health Information Technology for Economic and Clinical Health (HITECH) Act A Practical Application
  • 2. Your Presenters Stacey Gutwillig Partner Deloitte & Touche LLP sgutwillig@deloitte.com (617) 437-2637 Mark Steinhoff Director Deloitte & Touche LLP msteinhoff @deloitte.com (617) 437-2614 Dan Hoye Manager Deloitte & Touche LLP dhoye@deloitte.com (617) 437-3528 Copyright © 2010 Deloitte Development LLC. All rights reserved. 1
  • 3. Contents • The American Recovery and Reinvestment Act (ARRA) of 2009 and HITECH overview • Overview of HITECH goals • Ways to address HITECH provisions • Implementation Dates • Case studies • Penalties and Enforcement • Potential Business Impacts of the HITECH Act • Security and privacy overlaps Copyright © 2010 Deloitte Development LLC. All rights reserved. 2
  • 4. The American Recovery and Reinvestment Act of 2009 and HITECH $38 billion total HITECH expenditures 2008 US (5% of Stimulus) ARRA Stimulus Federal $787 billion Budget $2.9 trillion (27%) $$$$ Federal Spending for ARRA includes federal tax cuts, expansion of unemployment benefits and other social welfare provisions, and domestic spending in education, health care, and infrastructure, including the energy sector. Copyright © 2010 Deloitte Development LLC. All rights reserved. 3
  • 5. Health Information Technology for Economic and Clinical Health Act or HITECH Act Four major goals of the HITECH bill intended to advance the use of health information technology (Health IT or HIT): 1. Government leadership in developing standards by 2010 that allow for the nationwide electronic exchange and use of health information 2. Investing $20 billion in health information technology infrastructure and Medicare and Medicaid incentives to encourage doctors and hospitals to use HIT to electronically exchange patients’ health information. 3. Strengthening Federal privacy and security law to protect identifiable health information from misuse as the health care sector increases use of Health IT. 4. Saving the government $10 billion, and generating additional savings throughout the health sector, through improvements in quality of care/errors and care coordination As a result of this legislation, the Congressional Budget Office estimates that approximately 90 percent of doctors and 70 percent of hospitals will be using comprehensive electronic health records within the next decade Copyright © 2010 Deloitte Development LLC. All rights reserved. 4
  • 6. Why the HITECH Act is Getting Such Attention? “….the American Recovery and Reinvestment Act (ARRA)…puts into law new privacy requirements that experts have called ‘the biggest change to the healthcare privacy and security environment since the original HIPAA privacy rule. ….According to a 2009 study by the Ponemon Institutea, the healthcare industry is among the top three industries most frequently victimized by data breaches, risking the medical and financial well being of breach victims and the credibility and future business of the healthcare provider’” – Over 44% of all cases in the 2009 year study involved third-party mistakes or flubs. Data breaches involving outsourced data to third parties are the most costly. aFourth Annual US Cost of Data Breach Study, Benchmark Study of Companies By Dr. Larry Ponemon Sponsored by PGP Corporation Independently conducted by Ponemon Institute LLC Publication Date: January 2009 Copyright © 2010 Deloitte Development LLC. All rights reserved. 5
  • 7. Current state — Patient information network *Each color represents a unique encounter Various organizations access this networked Web on a national scale, gathering similar information about many patients Collective Medical Information Consuming Organizations Copyright © 2010 Deloitte Development LLC. All rights reserved. 6
  • 8. Future state — The National Health Information Network (NHIN) In the mature state of the NHIN, geography will no longer be a consideration, as health care entities will have access to each other, creating a flux of health information. Future state fully developed and interoperable NHIN Value of the NHIN • Electronic Health Records (EHRs) will be the basis of information exchanges on the NHIN, with different entities accessing different components of EHRs. • Health care system entities and public health institutions will be able to access the NHIN, utilizing the full power of the availability of national health information. • Administrative, clinical, and public health costs will be reduced nationally, as health information may be accessed from and shared with other entities. • Interoperability between existing health systems will be the cornerstone to the NHIN in achieving goals. Copyright © 2010 Deloitte Development LLC. All rights reserved. 7
  • 9. Recent New England Journal of Medicine survey finds very low use of EHR in U.S. hospitals1 • Survey of acute care hospitals that are American Hospital Method Association (AHA) members. The study received responses from 3,049 hospitals (63%) • 1.5% have a comprehensive electronic records system present in all clinical units (i.e., present in all clinical units), Results • 7.6% have at least a basic system present in at least one unit (i.e., present in at least one clinical unit). Significant findings related to barriers to EHR adoption in hospitals Among hospitals without a Record (EHR): • Inadequate capital for purchase (74%) was the most cited barrier, and EHR maintenance cost was 2nd most frequently cited barrier (44%) • Additional barriers cited in study include: – Physician resistance (36%) – Unclear Return on Investment (ROI) (32%) – Lack of staff with expertise in Health Information Technology (HIT) (30%) • For hospitals with an existing EHR, the above barriers were less likely to be cited except for physician resistance. 1 New England Journal of Medicine (NEJM) Volume 360:1628-1638 April 16, 2009 Copyright © 2010 Deloitte Development LLC. All rights reserved. 8
  • 10. Some differences between HITECH and HIPAA General HIPAA HITECH Act • CEs included PHI custodians • CEs include PHI custodians as well as business • CEs were not actively audited associates (e.g. suppliers, outreach organizations, • No defined penalty structure for neglectful and other organizations doing business with the privacy practices primary CE) • Allows 10 years for compliance – Contracts are required with business associates defining use of PHI • DHHS to conduct periodic audits within first 12 months after new rules enacted • Increased, tiered penalty structure with fines ranging from $25K to $1.5M including mandatory penalties for cases of “willful neglect” – Proof of harm no longer required to levy penalties – Interpretation of breach cases and penalties will be made by state Attorneys General • Compliance required within 12 – 18 months Copyright © 2010 Deloitte Development LLC. All rights reserved. 9
  • 11. Some differences between HITECH and HIPAA Breach Notification HIPAA HITECH Act • State security breach laws mandated • Applies to breaches on or after September 23, notification only for electronic PHI 2009 • Burden of notification fell on “data owners”, • CE must provide notification within 60 days excluding any organization that did not after PHI in any form is breached “own” the data – Starts from first day breach is known to • If data owner determined that it had an the CE/business associate or should obligation to notify of data breach, it was reasonably have been known required only to send letters to the affected – Requirements are specific for content, individuals within “a reasonable amount of timing, and obligations time” • Obligation to notify falls on CE and/or business associates • Breach impacting more than 500 individuals requires “immediate” notification to DHHS, making the breach public – If more than 500 individuals and affecting a single state or jurisdiction, notice must be made to prominent media outlets • In cases affecting less than 500 individuals, the CE must maintain a log of breaches and submit annually to DHHS, which will be posted on a public website Copyright © 2010 Deloitte Development LLC. All rights reserved. 10
  • 12. HITECH Act — Key Implementation Dates2 Provision Guidance/Regulations Effective Date Health Insurance Health and Human Services (HHS) issued an initial set of February 17, 2010 Portability and standards for implementation and certification criteria for Accountability Act (HIPAA) the electronic exchange and use of health information on security and privacy January 13, 2010 provisions to business Associates Annual guidance on appropriate technical safeguards from Department of Health and Human Services (DHHS) Breach Notification DHHS and Federal Trade Commission (FTC ) issued No later than September 23, 2009 interim final regulations on August 24, 2009 Disclosure Restrictions DHHS to issue guidance on what constitutes “minimum February 17, 2010 necessary” no later than August 17, 2010 Accounting of Disclosures DHHS to issue regulations on what information must be January 1, 2014 if EHR acquired before collected about disclosures by June 30, 2010 January 1, 2009 As early as January 1, 2011 if EHR acquired after January 1, 2009 Prohibition on Sale of EHR DHHS to issue regulations by August 17, 2010 No later than February 17, 2011 Marketing and Fundraising None February 17, 2010 Penalties and Enforcement DHHS to issue regulations for penalties as related to willful Penalties as related to willful neglect by neglect no later than August 17, 2010 February 17, 2011 Government Accountability office (GAO) to submit a report Tiered increase in civil penalties and to DHHS detailing individual remuneration for civil penalty state attorney general enforcement or settlement amounts no later than February 17, 2012 effective February 17, 2009 2 As of January 26, 2010 Copyright © 2010 Deloitte Development LLC. All rights reserved. 11
  • 13. Some ways to address the provisions of the act… Provision of the Act Action Steps: Investment in Health IT Implementation of electronic health records systems and Infrastructure infrastructure HIPAA Privacy & Security Assessment HIPAA Security and Privacy HIPAA Strategy & Program Development Provisions to Business Associates Business Associate Assessments Incident Response Program Development Breach Notification Data Protection Technology Implementation Update current policies, procedures, and controls to support: • the requirement of specific authorization from patients Marketing and Fundraising to use PHI for marketing/fundraising • the patient’s right to opt-out of any communication that relates to fundraising. Copyright © 2010 Deloitte Development LLC. All rights reserved. 12
  • 14. Some ways to address the provisions of the act… Provision of the Act Action Steps: Update current policies, procedures, and controls to support: • the ability for a patient to request PHI not be disclosed when Disclosure Restrictions paying for the service fully out-of-pocket. • the collection and disclosure of the minimum set of PHI practicable to perform business operations Develop policies, procedures, and controls to support the following requirements: • Covered Entities (CEs) and business associates to produce an accounting of all disclosures of a patient’s PHI, upon request Accounting of Disclosures • CEs must either account for PHI disclosures made by business associates or provide a list of all business associates acting on behalf of the CE Update current policies, procedures, and controls to support: Prohibition on Sale of EHR • the requirement of specific authorization from patients prior to receiving direct or indirect remuneration for sale of PHI Copyright © 2010 Deloitte Development LLC. All rights reserved. 13
  • 15. Case Study Major U.S. - Based Medical Devices Company Implementation of Data Privacy Program Background The company determined that a review of current data privacy practices and controls was needed due to a combination of data privacy inquiries from customers and a global ERP deployment including European operations. The key drivers were: § Compliance with Federal, state and international regulatory requirements § Risk of breach of contractual agreements with customers § Business operations interruption in EU Outcome § Addressed privacy and related business risk (including HITECH considerations) § Registered as Safe Harbor compliant for both Customer and HR § Global employee and customer privacy policies deployed (including HITECH considerations) § Data Protection strategy influenced by data privacy rollout § Options for de-identification of patient data developed for R&D § Strategies for movement of Test Data (ERP) developed via Model Contracts § Information Security strategy informed by Data Privacy initiative Copyright © 2010 Deloitte Development LLC. All rights reserved. 14
  • 16. Case Study Global Life Sciences and Medical Device Company Current State Assessment and Gap Analysis Background Following a lost, unencrypted laptop containing PHI resulting in breach notification in conjunction with the passage of the HITECH Act, the company determined they needed a better understanding of their data privacy policies and practices. A current state assessment was performed a special focus on: § compliance with HIPAA privacy and security rules § Business Associate Agreements with organizations Lessons Learned Outcome § PHI was used for secondary uses in their R&D § Identified significant areas of exposure to the division that were not permitted per customer company based on non-compliance with HIPAA contracts and BAAs. privacy rule § BAAs were not in place with a number of their customers and customer that did have BAAs were § Updated BAAs template contracts to address not consistent. HIPAA/HITECH requirements § Assessment findings exposed more significant § Revised privacy policies and standards (e.g. issues with the company’s vendor management notice language) process and procedures. § Developed a working relationship between the § The underlying information security program did information security and privacy functions. not support the privacy policies and as a result the company was not in compliance with the § Revised and expanded their information security HIPAA privacy and security rules. policy Copyright © 2010 Deloitte Development LLC. All rights reserved. 15
  • 17. Case Study Major Network of Teaching Hospitals Current State Assessment and Gap Analysis Background Faced with multiple and evolving healthcare regulatory requirements, the company decided to assess and prioritize information security risks and to determine current state capability to comply with the regulations and to manage identified risks. Outcome § An information security risk management roadmap was developed to address key risk and capability gaps in order to align with healthcare regulatory requirements. § A matrix comprised of a rationalized set of 86 legal and regulatory requirements, was organized into 12 functional risk areas to serve as the baseline for the assessment. Ø The matrix included requirements from HIPAA/HITECH, the Red Flag Rules, statutory requirements, etc. § In summary, the company identified and initiated procedures and tools to secure EPHI and PII. As a result, the company can now demonstrate progress with the outlined remediation activities in preparation for the implementation of HITECH related requirements, reviews and audits. Copyright © 2010 Deloitte Development LLC. All rights reserved. 16
  • 18. Case Study Global Telecommunications Company Current State Assessment and Gap Analysis Background Faced with multiple and evolving regulatory requirements, including HIPAA/HITECH, the company performed a current state assessment of its information security policies to determine if the current state of the policies complied with HIPAA/HITECH requirements. Lessons Learned § The company had not updated information security policies and procedures since the Privacy Act of 2003. § Policies were developed by Legal Departments to comply with the Privacy Act ,however, only consisted of a recital of the provisions within the Privacy Act. § The client was out of compliance with its outdated policies and therefore was out of compliance with HIPAA/HITECH requirements. § The company identified that the existing breach notification policy/process was: Ø focused on technological risks and did not address privacy risks throughout the organization Ø did not include up to date escalation procedures § The company overhauled all information security and privacy policies to address current practices and regulatory requirements. Copyright © 2010 Deloitte Development LLC. All rights reserved. 17
  • 19. Case Study Multi-institutional Network of Hospitals across the Northeast Implementation of Data Privacy Program Background The company faced several immediate and long-term regulatory, security and personnel challenges including: § vacant Chief Information Security Officer position due to personnel changes § minimal progress in managing system wide enterprise security risks § management and regulatory pressure to comply with security requirements Solution The company developed a plan to meet these challenges by creating a prioritized roadmap for FY2010 and: § performed information security risk assessment to define current and future state across information security domains and capabilities. § defined short/medium term focus, including prioritized security implementation plan. § developed organizational redesign for Information Security Office, including governance model, roles and responsibilities across health system. § established structured security program management and reporting of key risks. § provided subject matter experience to key initiatives across the system, including HITECH response. § executed Information Security plan and strategy for 2009 and identified priorities for 2010. Copyright © 2010 Deloitte Development LLC. All rights reserved. 18
  • 20. Penalties & Enforcement • Expanded resources and significant funding for Penalties DHHS enforcement Department of • State Attorneys General Health & authorized to pursue Human actions on behalf of state Services • New penalty tiers per citizens HIPAA violation (max/year) • Vendor breaches enforced • Unknowing ($25K) by the Federal Trade • Reasonable cause Commission as an unfair Federal State Trade Attorneys ($100K) and deceptive act or practice Commission General • Willful Neglect ($250K) • Uncorrected willful neglect ($1.5M) • Civil and criminal liability for HIPAA violations extended to business associates • Mandatory investigations and civil penalties for violations due to willful Enforcement neglect Copyright © 2010 Deloitte Development LLC. All rights reserved. 19
  • 21. Potential Business Impacts of the HITECH Act Positives: • Improved individual patient data availability • Stimulus funding for early EHR adoption • Improved tracking of chronic disease management • Evaluation of health care based on value enabled by the collection of de- identified price and quality information that can be compared. Challenges: • Creates additional needs to monitor controls to mitigate the risks due to heightened oversight and enforcement • Process re-engineering, system changes, and logical/physical security mechanisms changes required • Create new legal processes for Breach notification, data storage, etc. • Expanded needs for contractual language to include written requirements • Assessment/Re-engineering of how PHI is exchanged between parties Copyright © 2010 Deloitte Development LLC. All rights reserved. 20
  • 22. Security/Privacy OVERLAP with HITECH COMPLIANCE • The following are the TOP1 Security/Privacy Issues within Healthcare/Lifesciences Organizations: 1. Lack of visibility into third parties/business associate privacy practices (esp. older agreements) 2. Lack of adequate training to the organization including specific trainings to those who handle personal healthcare information (PHI) 3. Lack of adequate privacy program 4. Lack of formal privacy risk assessment process 5. Large number of records are stored in hardcopy format (i.e. Lack of EHR) 6. Inappropriate use and/or collection of information and information leakage 7. Inadequate segregation of duties (access to information) 8. Inappropriate encryption techniques/technologies 9. Lack of process to identify and classify PHI 10. Lack of compliance with Records Management/Retention Policy 11. Inappropriate conduct of internal employees 12. Exposure to external threats All with impacts to HITECH compliance 1 Based on respondent results set forth in the Deloitte* 2009 Life Sciences & Health Care Security Study * As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Copyright © 2010 Deloitte Development LLC. All rights reserved. 21
  • 23. Contact Info Stacey Gutwillig Partner Deloitte & Touche LLP sgutwillig@deloitte.com (617) 437-2637 Mark Steinhoff Director Deloitte & Touche LLP msteinhoff@deloitte.com (617) 437-2614 Dan Hoye Manager Deloitte & Touche LLP dhoye@deloitte.com (617) 437-3528 Copyright © 2010 Deloitte Development LLC. All rights reserved. 22
  • 24. Disclaimer This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. In addition, this article contains the results of a survey conducted by Deloitte. The information obtained during the survey was taken “as is” and was not validated or confirmed by Deloitte. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright © 2010 Deloitte Development LLC. All rights reserved. 23