SlideShare a Scribd company logo

eBusinessinHealthcare_Final

Download as DOC, PDF
Heather Tomlin
Heather Tomlin
1 of 7
eBusiness Strategies in Healthcare “Bridging the Enterprise to the Internet” By David Sweigert Medicine is a pioneering industry of technology. Modern medicine is pushing the very limits of technology and discovering new ways to heal. However, the irony of healthcare is that most of the technology resides only within the hospital. When a patient is cured and the recovery is complete, doctors, providers and payers are relegated to a paper system to process claims and wrap-up the details. Healthcare organizations are now looking to the Internet and eBusiness initiatives to solve this technology gap. eBusiness bridges the participants of a business transaction. In essence eBusiness provides the technology to establish business relationships and complete transactions via the Internet. Unlike traditional contracts, where parties may meet in person to complete a transaction, eBusiness parties may never meet. Indeed, the power of Internet technologies may bring together parties from either end of the globe to transact business and exchange information. eBusinesses and eMarketplaces use Internet technologies to bring users together in an environment specifically designed to meet their needs. For instance, large HMOs maintain directories that include listings for their suppliers and contractors, as well as authorized purchasing agents for the company. Rather than have representatives search through purchase agents and rummage through paper catalogues to locate suppliers, parts and merchandise might be catalogued in an electronic database. The idea behind eBusiness is to make that database accessible to parties inside and outside the company. With that database connected to the Internet, it now becomes accessible, regardless of location. Even more, this database can be opened up to the suppliers so they can update information and even include merchandise listing with prices. Now this database becomes more than just a directory, it becomes a hub of information. The main motivation for enhancing these “directories” is cost savings. The Internet can literally save companies millions of dollars and thousands of man-hours. Within the healthcare market, some have estimated that the cost of a healthcare claim increases by $50 each time a different individual accesses or makes changes to a healthcare claim. Paper-based claims, whether mailed to a payer, handled by individuals, photocopied, stored, or eventually lost, are extremely inefficient when compared to electronic claims. The business case paints a clear need to move towards an eBusiness environment; however, special circumstances warrant attention with health care organizations. HIPAA HIPAA (the Health Insurance Portability and Accountability Act of 1996) is being called the “Y2K of healthcare.” HIPAA represents the most sweeping national legislation to impact the health care industry in more than 30 years. Although HIPAA appears to be a hurdle for healthcare organizations to jump, it will eventually save the healthcare industry billions of
dollars. HIPAA establishes government-mandated standards for electronic healthcare transactions and mandates practices for privacy and security of electronic patient data. The U.S. Department of Health and Human Services has developed and will enforce standards related to data security in all electronic healthcare transactions. Until now, many organizations have paid little attention to these regulations and proposals However, now that the final rules are being published, healthcare organizations must find ways to become HIPAA compliant within the next 26 months or face stiff penalties. Failure to accommodate HIPAA may subject an employee of a healthcare organization to criminal penalties of up to ten years in jail and fines of up to $250,000.00. The proposed rule applies to health plans, health care clearinghouses and any health care provider that transmits healthcare information in an electronic format. The entity receives health care transactions from health care providers or other entities, translates the data from a given format into one acceptable to the intended payer or payers, and forwards the processed transaction to appropriate payers and clearinghouses. Because the health care system involves complex business relationships involving multiple parties, the proposed rule requires that, with certain exceptions, covered entities enter into contracts with the business partners they hire for assistance and with whom they will share protected information. Those business partners include lawyers, auditors, consultants, third-party administrators, health care clearinghouses, data processing firms, billing firms and other covered entities. Planning the eBusiness initiative Before engaging in an eBusiness initiative, organizations need to identify all of the entities and users of the system and define the roles of how those users may interact with the organization. The organization must fully understand the needs of its users and decide upon what data and privileges to provide amongst the different parties. Issues to be addressed: • Who owns the information- Is this information proprietary to my organization or does it belong to the patient, care provider or supplier? • Who administers this information to the users- Is the IT department responsible for dictating access and delegating authority or does the process remain in the hands of traditional management? (administration) • How many servers connect the system- Will I have to replicate data and access codes on each server and CPU? Will all data be synchronized throughout the network after each change or must it be done manually? (distribution and replication) • Does the information need to be replicated- How will I ensure that I have redundancy in the records and a protected archive of the data? (replication) • Who can modify the information- Can users access and alter their information or will changes need to be made by the IT department. If so, what must their role and level of access be to allow those changes? (user authentication and access controls)
• What tools or protocols are used to transact information in the database- Are my transaction standards universal? Will new technology be easy to integrate into the existing system? (integration) • What are the operations and their performance criteria of the new initiative- How many users will the eBusiness suite be able to handle? How long will each transaction take to perform? What is the upper limit of the system and can it grow with the enterprise? (performance) Individual database administrators and IT managers may justifiably resist the idea of interconnecting sensitive databases to the Internet. The most common fears include that data may become vulnerable to hackers and unauthorized access. Also, with thousands or millions of users accessing a system, if information inadvertently becomes available, the damage can be catastrophic. Even more, patient information is so sensitive that the legal repercussions for unauthorized access would quickly discourage eBusiness initiatives. Any proposed eBusiness solution must provide security features that completely address concerns of every party involved in the initiative. Who is visiting the site? Unlike a face-to-face business encounter, eBusiness transaction parties almost never meet. Therefore, having a means to “authenticate” users is critical. An appropriate system for recognizing and authenticating is the foundation for determining user access and privileges. Implementing commercial-quality protection mechanisms that provide features such as end user authentication and identity-based access controls are recommended not only to protect the organization, but also to satisfy and conform to the HIPAA requirement for authentication. Determining those who are accessing the site not only provides a method for maintaining security, it provides the mechanism by which information and access is delegated to the user. The key to the eBusiness venture is to provide each user with the information they desire and the transactions they need in order to drive them to the site. Now that the organization has determined the identity and roles of those who will use the site, the organization must determine what information and transactions to provide those users. For example, a provider could be given privileges to access his patient’s information, which may include benefits, claims information or even medical records. Patients could be given the ability to view benefits information, claims status and history and view or even change their PPO. Infrastructure The architecture for eBusiness infrastructures typically follows one of two methodologies, Hierarchical or Mesh infrastructure. Both structures have benefits and drawbacks and are typically chosen based on user needs and security requirements. The hierarchical infrastructure (see diagram below) is typically used in highly structured organizations. Most healthcare insurance organizations have clearly defined roles throughout the organization. From insured to provider to plan manager to supervisor, every role is defined and is
assigned a position in the “chain of command.” These positions can then be translated into the electronic structure of the organization. In this type of implementation, the eBusiness would cascade down from a central, restricted access server. This structure allows the system to control directory requests based on user identification or class. The structure also provides a moderate level of protection against compromise of protected information. Configurations like this can provide an incremental approach to directory protection. That is, data could be divided into different compartments based on how access to the data should be controlled. Figure 1. Hierarchical Infrastructure End User End User End User End User DirectoryDirectory Directory Provider Supplier The second and less highly structured method is a mesh infrastructure (see diagram below). This type of implementation is better suited to organizations where the emphasis is not on structure and security but more on promoting access and information sharing. This type of implementation is seen in eCommerce and business-to-business (B2B) exchange sites. The idea is to spread the information across the most users, where users will not be restricted to information but will instead focus themselves on the information they need. In this way, some data could be provided directly to Intranet/Internet users, while other data could require authentication for access. This approach might apply to an organization where the directory is maintained to provide Intranet access to directory information for employees or participants in an online exchange. Unfortunately, if any confidential information is shared across this system, security becomes more of an issue. With relationships spanning across the Internet, this type of organization may need to establish individual “chain of trust” agreements (a HIPAA requirement), which will place an administrative burden across the organization.
Figure 2. Mesh Infrastructure End User End User End User End User End User Directory Directory Directory Directory eBusiness Partner Agreements It is necessary for an eBusiness organization to establish chain-of-trust agreements with all third parties who may have access to patient health information. Such agreements are necessary to not only satisfy HIPAA requirements, but also to provide the organization with accountability of its users. Such agreements should outline that the third party will: • Keep the information in strict confidence. • Use the information only for the purpose of providing services under the contract. • Disclose the information only to those employees who need access to the information in order to provide services under the work contract, and that those employees have signed an agreement requiring them to hold the information in confidence. • Return the information in usable form upon request or at the end of the work contract. • Indemnify the organization for all breaches of these obligations. A business domain may consist of a closed corporate Intranet or be expanded to include a community of interest of healthcare institutions, providers, payers and even patients. While all these participants are part of a community of interest with an objective to communicate and share information, they are not bound by any one corporate entity that can vouch for their identities while conducting business-like transactions. The management difficulty faced by chief information officers is how to effectively manage thousands of “trust” relationships with eBusiness partners. Not only must “chain of trust” agreements be in writing but, these agreements must be maintained and enforced by covered entities. The business goal is to have a system that can support a wide community of users, all of whom maintain trust relationships with the main organization, which in turn, administers those trust relationships.
Implementation Checklist HIPAA Concerns HIPAA is not merely an IT problem, it is a concern for the entire organization. As a department prepares to rollout a new eBusiness initiative, it can expect “push-back” from those forces within the company concerned with HIPAA compliance. The IT manager versed in HIPAA regulations will be well prepared to deal with other organizational members concerning HIPAA security and privacy issues. In a sense, the IT manager will be prudent to demonstrate to non-IT executives that HIPAA security and privacy features are embedded within the planned eBusiness initiative. Be prepared to give an accounting of how HIPAA security and privacy concerns are being addressed in the eBusiness initiative; authentication, access control, role-based access control (RBAC), auditing, back-up of data and chain of trust agreements. 1. Web site access control • Plan for a centralized portal to enterprise information; using reduced or single sign-on authentication with User ID and passwords as required by HIPAA (authentication). Plans to use digital certificates or hardware tokens should be thoroughly considered as these technologies are still maturing and are not mandated by HIPAA. • Utilize role-based access control to present users with a customized HTML menu for easier navigation, and ensure that only the right people see the right information from Web-servers and applications located across the enterprise, a HIPAA requirement (RBAC). • Plan for administrators to centrally define, monitor, enforce and audit information security policies while delegating control back to departmental, branch or help-desk administrators, a HIPAA requirement (auditing). 2. Decide on Standards-based Directory HIPAA compliance is easier to demonstrate with a centralized managed directory for Web site authentication, access control, RBAC and auditing. Additionally, increased savings and efficiencies will be realized when establishing user accounts, changing permissions, allocating storage for eBusiness trading partners. One of the easiest ways to establish the directory is by integrating systems using the Lightweight Directory Access Protocol (LDAP). This standard is being widely adopted by enterprises both in and out of the healthcare industry and should make for higher compatibility and easier integration. LDAP: • Provides a mechanism for passing text-based queries from an LDAP client to an LDAP server over the TCP/IP network protocol;
• LDAP is a specification of a protocol to allow users access to a directory; • LDAPv3 implements Secure Sockets Layer (SSL) between an LDAP client and LDAP server. Required under present Internet policy of the Health Care Financing Administration (HCFA). Organizations should also begin to define appropriate user metrics for the eBusiness application. In the case of accommodating millions of new users, it will be especially important to address capacity planning, back-up, response time and scalability. User roles should be defined, for example; insured, physician claims administrator and auditor would be common roles. These roles will be required to effectively enforce role-based access control at runtime. Summary Productivity will be increased and user perceptions of IT will be improved if information lookup is faster and consistent and if the information is accessible, secure and accurate. A unified directory service will streamline the process of finding the appropriate information regarding network devices, locations, customers and clients faster and more reliably. With a high availability of systems and using open standards for interoperability, directory services will be easier to maintain and operate. Standardized schema and tree information will enable developers to design optimized search paths that will significantly reduce searching and retrieval of relevant data. The deployment of a corporate directory service will address operational improvements in workflow and processes by allowing centralized administration of multiple client interfaces. This technology will facilitate improvement of synchronization of multiple directories, extensibility of new organization specific attributes and communications and interoperability between applications. This flexibility reduces the complexity of enterprise-wide directory services and promotes the use of interoperable (standards-based) applications and systems, as well as the design and deployment of a scaleable infrastructure that will support enterprise-wide needs into the future. The path to an effective eBusiness site requires a very complicated and detailed assessment of wants and needs on behalf of the organization and its users. Careful planning and strategy will allow organizations to create the most effective eBusiness possible with the least amount of headaches. Technology initiatives will always require a major investment of money and time in the development and implementation. However, creating an eBusiness will reward the organization with cost savings and reduced man-hours. The time to bridge the technology gap is now. David Sweigert is the Director of HIPAA Programs for OpenNetwork Technologies. OpenNetwork is a leading developer of eBusiness and directory services software that is providing solutions to Blue Cross Blue Shield organizations across the country.

Recommended

Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtney
courtneyquinlan
 
Aetna Case Study
Aetna Case StudyAetna Case Study
Aetna Case Study
Mark Bergen
 
The Future of RCM in Healthcare Organizations
The Future of RCM in Healthcare OrganizationsThe Future of RCM in Healthcare Organizations
The Future of RCM in Healthcare Organizations
CitiusTech
 
Healthcare Exchange Interoperability
Healthcare Exchange InteroperabilityHealthcare Exchange Interoperability
Healthcare Exchange Interoperability
Tomislav Milinović
 
HIMSS GSA e-Authentication whitepaper June 2007
HIMSS GSA e-Authentication whitepaper June 2007HIMSS GSA e-Authentication whitepaper June 2007
HIMSS GSA e-Authentication whitepaper June 2007
Richard Moore
 
Unstructured Data into EHR Systems: Challenges and Solutions
Unstructured Data into EHR Systems: Challenges and SolutionsUnstructured Data into EHR Systems: Challenges and Solutions
Unstructured Data into EHR Systems: Challenges and Solutions
DATAMARK
 
ONR Blog 1
ONR Blog 1ONR Blog 1
ONR Blog 1
Charles (Mac) Hamilton M.A., M.F.A., C.P.C.
 
Health insurance information platform (hiip)
Health insurance information platform (hiip)Health insurance information platform (hiip)
Health insurance information platform (hiip)
ACCESS Health Digital
 

Recommended

Cost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, CourtneyCost of Data Breah in Healthcare_Quinlan, Courtney
Cost of Data Breah in Healthcare_Quinlan, Courtney
courtneyquinlan
 
Aetna Case Study
Aetna Case StudyAetna Case Study
Aetna Case Study
Mark Bergen
 
The Future of RCM in Healthcare Organizations
The Future of RCM in Healthcare OrganizationsThe Future of RCM in Healthcare Organizations
The Future of RCM in Healthcare Organizations
CitiusTech
 
Healthcare Exchange Interoperability
Healthcare Exchange InteroperabilityHealthcare Exchange Interoperability
Healthcare Exchange Interoperability
Tomislav Milinović
 
HIMSS GSA e-Authentication whitepaper June 2007
HIMSS GSA e-Authentication whitepaper June 2007HIMSS GSA e-Authentication whitepaper June 2007
HIMSS GSA e-Authentication whitepaper June 2007
Richard Moore
 
Unstructured Data into EHR Systems: Challenges and Solutions
Unstructured Data into EHR Systems: Challenges and SolutionsUnstructured Data into EHR Systems: Challenges and Solutions
Unstructured Data into EHR Systems: Challenges and Solutions
DATAMARK
 
ONR Blog 1
ONR Blog 1ONR Blog 1
ONR Blog 1
Charles (Mac) Hamilton M.A., M.F.A., C.P.C.
 
Health insurance information platform (hiip)
Health insurance information platform (hiip)Health insurance information platform (hiip)
Health insurance information platform (hiip)
ACCESS Health Digital
 
Perspectives in Commercial Health Insurance: Leveraging Information-as-a-Serv...
Perspectives in Commercial Health Insurance: Leveraging Information-as-a-Serv...Perspectives in Commercial Health Insurance: Leveraging Information-as-a-Serv...
Perspectives in Commercial Health Insurance: Leveraging Information-as-a-Serv...
Salus One Ed
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)
Gord Reynolds
 
Pros and cons of denials management software
Pros and cons of denials management softwarePros and cons of denials management software
Pros and cons of denials management software
Waynegill14
 
Cscchealthcare110512
Cscchealthcare110512Cscchealthcare110512
Cscchealthcare110512
Accenture
 
Data Management - a top Priority for Healthcare Practices
Data Management - a top Priority for Healthcare PracticesData Management - a top Priority for Healthcare Practices
Data Management - a top Priority for Healthcare Practices
Data Dynamics Inc
 
TheFutureofOnline_WP
TheFutureofOnline_WPTheFutureofOnline_WP
TheFutureofOnline_WP
Paul Benson
 
Google Cloud Platform in Lifesciences and Healthcare by soniya ahuja
Google Cloud Platform in Lifesciences and Healthcare by soniya ahujaGoogle Cloud Platform in Lifesciences and Healthcare by soniya ahuja
Google Cloud Platform in Lifesciences and Healthcare by soniya ahuja
Soniya Ahuja
 
Enterprise Content Management for Regulatory Compliance in Healthcare and Cre...
Enterprise Content Management for Regulatory Compliance in Healthcare and Cre...Enterprise Content Management for Regulatory Compliance in Healthcare and Cre...
Enterprise Content Management for Regulatory Compliance in Healthcare and Cre...
Kishore Jethanandani, MBA, MA, MPhil,
 
4 collaborating with players
4 collaborating with players4 collaborating with players
4 collaborating with players
Pivotal CRM
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_to
Anne ndolo
 
#Infographic DIGITAL HEALTH TECH VISION 2018 Intelligent Enterprise Unleashed
#Infographic DIGITAL HEALTH TECH VISION 2018 Intelligent Enterprise Unleashed#Infographic DIGITAL HEALTH TECH VISION 2018 Intelligent Enterprise Unleashed
#Infographic DIGITAL HEALTH TECH VISION 2018 Intelligent Enterprise Unleashed
eraser Juan José Calderón
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's Context
Nawanan Theera-Ampornpunt
 
Towards a fair (My)Data economy
Towards a fair (My)Data economyTowards a fair (My)Data economy
Towards a fair (My)Data economy
Alexandros Nousias
 
Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...
Shruti Sk S K
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Novell
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
EMC
 
Digital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdoxDigital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdox
Christopher Wynder
 
11 ways blockchain can improve the healthcare industry
11 ways blockchain can improve the healthcare industry11 ways blockchain can improve the healthcare industry
11 ways blockchain can improve the healthcare industry
JohnsMike1
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for Researchers
Jason Karn
 
Health delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVPHealth delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVP
ACCESS Health Digital
 
Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOsHealthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
Nicholas Christiano Jr.
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare System
Amanda Gray
 

More Related Content

What's hot

Cscchealthcare110512
Cscchealthcare110512Cscchealthcare110512
Cscchealthcare110512
Accenture
 
Data Management - a top Priority for Healthcare Practices
Data Management - a top Priority for Healthcare PracticesData Management - a top Priority for Healthcare Practices
Data Management - a top Priority for Healthcare Practices
Data Dynamics Inc
 
TheFutureofOnline_WP
TheFutureofOnline_WPTheFutureofOnline_WP
TheFutureofOnline_WP
Paul Benson
 
4 collaborating with players
4 collaborating with players4 collaborating with players
4 collaborating with players
Pivotal CRM
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's Context
Nawanan Theera-Ampornpunt
 
Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...
Shruti Sk S K
 

What's hot (20)

Perspectives in Commercial Health Insurance: Leveraging Information-as-a-Serv...
Perspectives in Commercial Health Insurance: Leveraging Information-as-a-Serv...Perspectives in Commercial Health Insurance: Leveraging Information-as-a-Serv...
Perspectives in Commercial Health Insurance: Leveraging Information-as-a-Serv...
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)
 
Pros and cons of denials management software
Pros and cons of denials management softwarePros and cons of denials management software
Pros and cons of denials management software
 
Cscchealthcare110512
Cscchealthcare110512Cscchealthcare110512
Cscchealthcare110512
 
Data Management - a top Priority for Healthcare Practices
Data Management - a top Priority for Healthcare PracticesData Management - a top Priority for Healthcare Practices
Data Management - a top Priority for Healthcare Practices
 
TheFutureofOnline_WP
TheFutureofOnline_WPTheFutureofOnline_WP
TheFutureofOnline_WP
 
Google Cloud Platform in Lifesciences and Healthcare by soniya ahuja
Google Cloud Platform in Lifesciences and Healthcare by soniya ahujaGoogle Cloud Platform in Lifesciences and Healthcare by soniya ahuja
Google Cloud Platform in Lifesciences and Healthcare by soniya ahuja
 
Enterprise Content Management for Regulatory Compliance in Healthcare and Cre...
Enterprise Content Management for Regulatory Compliance in Healthcare and Cre...Enterprise Content Management for Regulatory Compliance in Healthcare and Cre...
Enterprise Content Management for Regulatory Compliance in Healthcare and Cre...
 
4 collaborating with players
4 collaborating with players4 collaborating with players
4 collaborating with players
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_to
 
#Infographic DIGITAL HEALTH TECH VISION 2018 Intelligent Enterprise Unleashed
#Infographic DIGITAL HEALTH TECH VISION 2018 Intelligent Enterprise Unleashed#Infographic DIGITAL HEALTH TECH VISION 2018 Intelligent Enterprise Unleashed
#Infographic DIGITAL HEALTH TECH VISION 2018 Intelligent Enterprise Unleashed
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's Context
 
Towards a fair (My)Data economy
Towards a fair (My)Data economyTowards a fair (My)Data economy
Towards a fair (My)Data economy
 
Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
 
Digital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdoxDigital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdox
 
11 ways blockchain can improve the healthcare industry
11 ways blockchain can improve the healthcare industry11 ways blockchain can improve the healthcare industry
11 ways blockchain can improve the healthcare industry
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for Researchers
 
Health delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVPHealth delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVP
 

Similar to eBusinessinHealthcare_Final

Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOsHealthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
Nicholas Christiano Jr.
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare System
Amanda Gray
 
Bringing the HIPAA in use aimed at adding administration simplifi.docx
Bringing the HIPAA in use aimed at adding administration simplifi.docxBringing the HIPAA in use aimed at adding administration simplifi.docx
Bringing the HIPAA in use aimed at adding administration simplifi.docx
AASTHA76
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Cheryl Goldberg
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Cheryl Goldberg
 
Health Information Technology Implementation Challenges and Responsive Soluti...
Health Information Technology Implementation Challenges and Responsive Soluti...Health Information Technology Implementation Challenges and Responsive Soluti...
Health Information Technology Implementation Challenges and Responsive Soluti...
International Journal of Modern Research in Engineering and Technology
 
Running Head Stage 2 Sharing Data1Stage 2 Sharing Data3.docx
Running Head Stage 2 Sharing Data1Stage 2 Sharing Data3.docxRunning Head Stage 2 Sharing Data1Stage 2 Sharing Data3.docx
Running Head Stage 2 Sharing Data1Stage 2 Sharing Data3.docx
jeanettehully
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_article
Lauren Rosen
 
Solutions to Accelerate Compliance with Affordable Care Act (ACA) Mandates an...
Solutions to Accelerate Compliance with Affordable Care Act (ACA) Mandates an...Solutions to Accelerate Compliance with Affordable Care Act (ACA) Mandates an...
Solutions to Accelerate Compliance with Affordable Care Act (ACA) Mandates an...
Lightwell
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
supportc2go
 
OPY-150702_BigData_Healthcare_070915
OPY-150702_BigData_Healthcare_070915OPY-150702_BigData_Healthcare_070915
OPY-150702_BigData_Healthcare_070915
Ravi Sripada
 
HCAD_600_Paper1_Amer
HCAD_600_Paper1_AmerHCAD_600_Paper1_Amer
HCAD_600_Paper1_Amer
Amer Nazar
 

Similar to eBusinessinHealthcare_Final (20)

Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOsHealthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare System
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentation
 
Lightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution GuideLightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution Guide
 
Bringing the HIPAA in use aimed at adding administration simplifi.docx
Bringing the HIPAA in use aimed at adding administration simplifi.docxBringing the HIPAA in use aimed at adding administration simplifi.docx
Bringing the HIPAA in use aimed at adding administration simplifi.docx
 
MEDBLOCK
MEDBLOCKMEDBLOCK
MEDBLOCK
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
 
Health Information Technology Implementation Challenges and Responsive Soluti...
Health Information Technology Implementation Challenges and Responsive Soluti...Health Information Technology Implementation Challenges and Responsive Soluti...
Health Information Technology Implementation Challenges and Responsive Soluti...
 
Running Head Stage 2 Sharing Data1Stage 2 Sharing Data3.docx
Running Head Stage 2 Sharing Data1Stage 2 Sharing Data3.docxRunning Head Stage 2 Sharing Data1Stage 2 Sharing Data3.docx
Running Head Stage 2 Sharing Data1Stage 2 Sharing Data3.docx
 
Data-driven Healthcare for Payers
Data-driven Healthcare for PayersData-driven Healthcare for Payers
Data-driven Healthcare for Payers
 
How a healthcare management system (hms) is improving hospitals and clinics
How a healthcare management system (hms) is improving hospitals and clinicsHow a healthcare management system (hms) is improving hospitals and clinics
How a healthcare management system (hms) is improving hospitals and clinics
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_article
 
Solutions to Accelerate Compliance with Affordable Care Act (ACA) Mandates an...
Solutions to Accelerate Compliance with Affordable Care Act (ACA) Mandates an...Solutions to Accelerate Compliance with Affordable Care Act (ACA) Mandates an...
Solutions to Accelerate Compliance with Affordable Care Act (ACA) Mandates an...
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Modernizing Legacy Systems in Healthcare: A Comprehensive Guide
Modernizing Legacy Systems in Healthcare: A Comprehensive GuideModernizing Legacy Systems in Healthcare: A Comprehensive Guide
Modernizing Legacy Systems in Healthcare: A Comprehensive Guide
 
OpenText Content Services for healthcare
OpenText Content Services for healthcareOpenText Content Services for healthcare
OpenText Content Services for healthcare
 
Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch
 
OPY-150702_BigData_Healthcare_070915
OPY-150702_BigData_Healthcare_070915OPY-150702_BigData_Healthcare_070915
OPY-150702_BigData_Healthcare_070915
 
HCAD_600_Paper1_Amer
HCAD_600_Paper1_AmerHCAD_600_Paper1_Amer
HCAD_600_Paper1_Amer
 

More from Heather Tomlin

Public Relations Plan for Texas Land & Cattle
Public Relations Plan for Texas Land & CattlePublic Relations Plan for Texas Land & Cattle
Public Relations Plan for Texas Land & Cattle
Heather Tomlin
 
New Mexico State Fair Crisis Plan
New Mexico State Fair Crisis PlanNew Mexico State Fair Crisis Plan
New Mexico State Fair Crisis Plan
Heather Tomlin
 
Massage Training VESC_FINAL
Massage Training VESC_FINALMassage Training VESC_FINAL
Massage Training VESC_FINAL
Heather Tomlin
 
G6HospitalityAd8x5-trim[1]
G6HospitalityAd8x5-trim[1]G6HospitalityAd8x5-trim[1]
G6HospitalityAd8x5-trim[1]
Heather Tomlin
 
Trade-Show-Process-Print
Trade-Show-Process-PrintTrade-Show-Process-Print
Trade-Show-Process-Print
Heather Tomlin
 

More from Heather Tomlin (13)

Press Kit
Press KitPress Kit
Press Kit
 
Lone Ranger Press Kit
Lone Ranger Press KitLone Ranger Press Kit
Lone Ranger Press Kit
 
Public Relations Plan for Texas Land & Cattle
Public Relations Plan for Texas Land & CattlePublic Relations Plan for Texas Land & Cattle
Public Relations Plan for Texas Land & Cattle
 
New Mexico State Fair Crisis Plan
New Mexico State Fair Crisis PlanNew Mexico State Fair Crisis Plan
New Mexico State Fair Crisis Plan
 
TMCnet final
TMCnet finalTMCnet final
TMCnet final
 
ADS Mini Case Study1
ADS Mini Case Study1ADS Mini Case Study1
ADS Mini Case Study1
 
4.5 Tech Spec
4.5 Tech Spec4.5 Tech Spec
4.5 Tech Spec
 
AQM 220 CLASSIC.ppt
AQM 220 CLASSIC.pptAQM 220 CLASSIC.ppt
AQM 220 CLASSIC.ppt
 
Leisure
LeisureLeisure
Leisure
 
Massage Training VESC_FINAL
Massage Training VESC_FINALMassage Training VESC_FINAL
Massage Training VESC_FINAL
 
Chiro Sales Training
Chiro Sales TrainingChiro Sales Training
Chiro Sales Training
 
G6HospitalityAd8x5-trim[1]
G6HospitalityAd8x5-trim[1]G6HospitalityAd8x5-trim[1]
G6HospitalityAd8x5-trim[1]
 
Trade-Show-Process-Print
Trade-Show-Process-PrintTrade-Show-Process-Print
Trade-Show-Process-Print
 

eBusinessinHealthcare_Final

  • 1. eBusiness Strategies in Healthcare “Bridging the Enterprise to the Internet” By David Sweigert Medicine is a pioneering industry of technology. Modern medicine is pushing the very limits of technology and discovering new ways to heal. However, the irony of healthcare is that most of the technology resides only within the hospital. When a patient is cured and the recovery is complete, doctors, providers and payers are relegated to a paper system to process claims and wrap-up the details. Healthcare organizations are now looking to the Internet and eBusiness initiatives to solve this technology gap. eBusiness bridges the participants of a business transaction. In essence eBusiness provides the technology to establish business relationships and complete transactions via the Internet. Unlike traditional contracts, where parties may meet in person to complete a transaction, eBusiness parties may never meet. Indeed, the power of Internet technologies may bring together parties from either end of the globe to transact business and exchange information. eBusinesses and eMarketplaces use Internet technologies to bring users together in an environment specifically designed to meet their needs. For instance, large HMOs maintain directories that include listings for their suppliers and contractors, as well as authorized purchasing agents for the company. Rather than have representatives search through purchase agents and rummage through paper catalogues to locate suppliers, parts and merchandise might be catalogued in an electronic database. The idea behind eBusiness is to make that database accessible to parties inside and outside the company. With that database connected to the Internet, it now becomes accessible, regardless of location. Even more, this database can be opened up to the suppliers so they can update information and even include merchandise listing with prices. Now this database becomes more than just a directory, it becomes a hub of information. The main motivation for enhancing these “directories” is cost savings. The Internet can literally save companies millions of dollars and thousands of man-hours. Within the healthcare market, some have estimated that the cost of a healthcare claim increases by $50 each time a different individual accesses or makes changes to a healthcare claim. Paper-based claims, whether mailed to a payer, handled by individuals, photocopied, stored, or eventually lost, are extremely inefficient when compared to electronic claims. The business case paints a clear need to move towards an eBusiness environment; however, special circumstances warrant attention with health care organizations. HIPAA HIPAA (the Health Insurance Portability and Accountability Act of 1996) is being called the “Y2K of healthcare.” HIPAA represents the most sweeping national legislation to impact the health care industry in more than 30 years. Although HIPAA appears to be a hurdle for healthcare organizations to jump, it will eventually save the healthcare industry billions of
  • 2. dollars. HIPAA establishes government-mandated standards for electronic healthcare transactions and mandates practices for privacy and security of electronic patient data. The U.S. Department of Health and Human Services has developed and will enforce standards related to data security in all electronic healthcare transactions. Until now, many organizations have paid little attention to these regulations and proposals However, now that the final rules are being published, healthcare organizations must find ways to become HIPAA compliant within the next 26 months or face stiff penalties. Failure to accommodate HIPAA may subject an employee of a healthcare organization to criminal penalties of up to ten years in jail and fines of up to $250,000.00. The proposed rule applies to health plans, health care clearinghouses and any health care provider that transmits healthcare information in an electronic format. The entity receives health care transactions from health care providers or other entities, translates the data from a given format into one acceptable to the intended payer or payers, and forwards the processed transaction to appropriate payers and clearinghouses. Because the health care system involves complex business relationships involving multiple parties, the proposed rule requires that, with certain exceptions, covered entities enter into contracts with the business partners they hire for assistance and with whom they will share protected information. Those business partners include lawyers, auditors, consultants, third-party administrators, health care clearinghouses, data processing firms, billing firms and other covered entities. Planning the eBusiness initiative Before engaging in an eBusiness initiative, organizations need to identify all of the entities and users of the system and define the roles of how those users may interact with the organization. The organization must fully understand the needs of its users and decide upon what data and privileges to provide amongst the different parties. Issues to be addressed: • Who owns the information- Is this information proprietary to my organization or does it belong to the patient, care provider or supplier? • Who administers this information to the users- Is the IT department responsible for dictating access and delegating authority or does the process remain in the hands of traditional management? (administration) • How many servers connect the system- Will I have to replicate data and access codes on each server and CPU? Will all data be synchronized throughout the network after each change or must it be done manually? (distribution and replication) • Does the information need to be replicated- How will I ensure that I have redundancy in the records and a protected archive of the data? (replication) • Who can modify the information- Can users access and alter their information or will changes need to be made by the IT department. If so, what must their role and level of access be to allow those changes? (user authentication and access controls)
  • 3. • What tools or protocols are used to transact information in the database- Are my transaction standards universal? Will new technology be easy to integrate into the existing system? (integration) • What are the operations and their performance criteria of the new initiative- How many users will the eBusiness suite be able to handle? How long will each transaction take to perform? What is the upper limit of the system and can it grow with the enterprise? (performance) Individual database administrators and IT managers may justifiably resist the idea of interconnecting sensitive databases to the Internet. The most common fears include that data may become vulnerable to hackers and unauthorized access. Also, with thousands or millions of users accessing a system, if information inadvertently becomes available, the damage can be catastrophic. Even more, patient information is so sensitive that the legal repercussions for unauthorized access would quickly discourage eBusiness initiatives. Any proposed eBusiness solution must provide security features that completely address concerns of every party involved in the initiative. Who is visiting the site? Unlike a face-to-face business encounter, eBusiness transaction parties almost never meet. Therefore, having a means to “authenticate” users is critical. An appropriate system for recognizing and authenticating is the foundation for determining user access and privileges. Implementing commercial-quality protection mechanisms that provide features such as end user authentication and identity-based access controls are recommended not only to protect the organization, but also to satisfy and conform to the HIPAA requirement for authentication. Determining those who are accessing the site not only provides a method for maintaining security, it provides the mechanism by which information and access is delegated to the user. The key to the eBusiness venture is to provide each user with the information they desire and the transactions they need in order to drive them to the site. Now that the organization has determined the identity and roles of those who will use the site, the organization must determine what information and transactions to provide those users. For example, a provider could be given privileges to access his patient’s information, which may include benefits, claims information or even medical records. Patients could be given the ability to view benefits information, claims status and history and view or even change their PPO. Infrastructure The architecture for eBusiness infrastructures typically follows one of two methodologies, Hierarchical or Mesh infrastructure. Both structures have benefits and drawbacks and are typically chosen based on user needs and security requirements. The hierarchical infrastructure (see diagram below) is typically used in highly structured organizations. Most healthcare insurance organizations have clearly defined roles throughout the organization. From insured to provider to plan manager to supervisor, every role is defined and is
  • 4. assigned a position in the “chain of command.” These positions can then be translated into the electronic structure of the organization. In this type of implementation, the eBusiness would cascade down from a central, restricted access server. This structure allows the system to control directory requests based on user identification or class. The structure also provides a moderate level of protection against compromise of protected information. Configurations like this can provide an incremental approach to directory protection. That is, data could be divided into different compartments based on how access to the data should be controlled. Figure 1. Hierarchical Infrastructure End User End User End User End User DirectoryDirectory Directory Provider Supplier The second and less highly structured method is a mesh infrastructure (see diagram below). This type of implementation is better suited to organizations where the emphasis is not on structure and security but more on promoting access and information sharing. This type of implementation is seen in eCommerce and business-to-business (B2B) exchange sites. The idea is to spread the information across the most users, where users will not be restricted to information but will instead focus themselves on the information they need. In this way, some data could be provided directly to Intranet/Internet users, while other data could require authentication for access. This approach might apply to an organization where the directory is maintained to provide Intranet access to directory information for employees or participants in an online exchange. Unfortunately, if any confidential information is shared across this system, security becomes more of an issue. With relationships spanning across the Internet, this type of organization may need to establish individual “chain of trust” agreements (a HIPAA requirement), which will place an administrative burden across the organization.
  • 5. Figure 2. Mesh Infrastructure End User End User End User End User End User Directory Directory Directory Directory eBusiness Partner Agreements It is necessary for an eBusiness organization to establish chain-of-trust agreements with all third parties who may have access to patient health information. Such agreements are necessary to not only satisfy HIPAA requirements, but also to provide the organization with accountability of its users. Such agreements should outline that the third party will: • Keep the information in strict confidence. • Use the information only for the purpose of providing services under the contract. • Disclose the information only to those employees who need access to the information in order to provide services under the work contract, and that those employees have signed an agreement requiring them to hold the information in confidence. • Return the information in usable form upon request or at the end of the work contract. • Indemnify the organization for all breaches of these obligations. A business domain may consist of a closed corporate Intranet or be expanded to include a community of interest of healthcare institutions, providers, payers and even patients. While all these participants are part of a community of interest with an objective to communicate and share information, they are not bound by any one corporate entity that can vouch for their identities while conducting business-like transactions. The management difficulty faced by chief information officers is how to effectively manage thousands of “trust” relationships with eBusiness partners. Not only must “chain of trust” agreements be in writing but, these agreements must be maintained and enforced by covered entities. The business goal is to have a system that can support a wide community of users, all of whom maintain trust relationships with the main organization, which in turn, administers those trust relationships.
  • 6. Implementation Checklist HIPAA Concerns HIPAA is not merely an IT problem, it is a concern for the entire organization. As a department prepares to rollout a new eBusiness initiative, it can expect “push-back” from those forces within the company concerned with HIPAA compliance. The IT manager versed in HIPAA regulations will be well prepared to deal with other organizational members concerning HIPAA security and privacy issues. In a sense, the IT manager will be prudent to demonstrate to non-IT executives that HIPAA security and privacy features are embedded within the planned eBusiness initiative. Be prepared to give an accounting of how HIPAA security and privacy concerns are being addressed in the eBusiness initiative; authentication, access control, role-based access control (RBAC), auditing, back-up of data and chain of trust agreements. 1. Web site access control • Plan for a centralized portal to enterprise information; using reduced or single sign-on authentication with User ID and passwords as required by HIPAA (authentication). Plans to use digital certificates or hardware tokens should be thoroughly considered as these technologies are still maturing and are not mandated by HIPAA. • Utilize role-based access control to present users with a customized HTML menu for easier navigation, and ensure that only the right people see the right information from Web-servers and applications located across the enterprise, a HIPAA requirement (RBAC). • Plan for administrators to centrally define, monitor, enforce and audit information security policies while delegating control back to departmental, branch or help-desk administrators, a HIPAA requirement (auditing). 2. Decide on Standards-based Directory HIPAA compliance is easier to demonstrate with a centralized managed directory for Web site authentication, access control, RBAC and auditing. Additionally, increased savings and efficiencies will be realized when establishing user accounts, changing permissions, allocating storage for eBusiness trading partners. One of the easiest ways to establish the directory is by integrating systems using the Lightweight Directory Access Protocol (LDAP). This standard is being widely adopted by enterprises both in and out of the healthcare industry and should make for higher compatibility and easier integration. LDAP: • Provides a mechanism for passing text-based queries from an LDAP client to an LDAP server over the TCP/IP network protocol;
  • 7. • LDAP is a specification of a protocol to allow users access to a directory; • LDAPv3 implements Secure Sockets Layer (SSL) between an LDAP client and LDAP server. Required under present Internet policy of the Health Care Financing Administration (HCFA). Organizations should also begin to define appropriate user metrics for the eBusiness application. In the case of accommodating millions of new users, it will be especially important to address capacity planning, back-up, response time and scalability. User roles should be defined, for example; insured, physician claims administrator and auditor would be common roles. These roles will be required to effectively enforce role-based access control at runtime. Summary Productivity will be increased and user perceptions of IT will be improved if information lookup is faster and consistent and if the information is accessible, secure and accurate. A unified directory service will streamline the process of finding the appropriate information regarding network devices, locations, customers and clients faster and more reliably. With a high availability of systems and using open standards for interoperability, directory services will be easier to maintain and operate. Standardized schema and tree information will enable developers to design optimized search paths that will significantly reduce searching and retrieval of relevant data. The deployment of a corporate directory service will address operational improvements in workflow and processes by allowing centralized administration of multiple client interfaces. This technology will facilitate improvement of synchronization of multiple directories, extensibility of new organization specific attributes and communications and interoperability between applications. This flexibility reduces the complexity of enterprise-wide directory services and promotes the use of interoperable (standards-based) applications and systems, as well as the design and deployment of a scaleable infrastructure that will support enterprise-wide needs into the future. The path to an effective eBusiness site requires a very complicated and detailed assessment of wants and needs on behalf of the organization and its users. Careful planning and strategy will allow organizations to create the most effective eBusiness possible with the least amount of headaches. Technology initiatives will always require a major investment of money and time in the development and implementation. However, creating an eBusiness will reward the organization with cost savings and reduced man-hours. The time to bridge the technology gap is now. David Sweigert is the Director of HIPAA Programs for OpenNetwork Technologies. OpenNetwork is a leading developer of eBusiness and directory services software that is providing solutions to Blue Cross Blue Shield organizations across the country.