|
EHRs Are Barrier to Patient Safety - GAO
The Government Accountability Office (GAO) released a report last week that there are three key challenges to effective implementation to successful Electronic Health Records (EHR). They are: obtaining data to identify adverse events in their own hospitals, determining which patient safety practices should be implemented, and ensuring that staff consistently implement the practices over time. Gaps were found in certain areas and subsequently plugged by participating hospitals. In commenting on the draft of the report, Health and Human Services (HHS) agreed with GAO’s findings in principle.
|
|
|
ONC Drops New Rules at HIMSS
National Coordinator for Health Information Technology Karen DeSalvo spoke on the newly proposed rules out Tuesday. She said that the proposed rule should help create a "feedback loop for the system". As Electronic Health Record data is utilized vendors will need to correct flaws based on that information, or face punishment, with decertification as a last resort. This is causing buzz from all sides.
|
|
|
|
ONC Focuses on Interoperability with New Lab
Adding onto 2015’s release of the Nationwide Interoperability Roadmap, the Office of National Coordinator for Health Information Technology (ONC) announced the creation of the new ONC Tech Lab. In order to encourage health data interoperability and guide the industry’s long-term strategy towards seamless, effective Health Information Exchange (HIE), the new lab will work in conjunction with the ONC Health Information Technology (IT) Certification Program. Inside the lab is the Interoperability Proving Ground, an open platform where developers can interact and innovate in interoperability projects from across the nation. The blog post by ONC is available here and the Tech Lab is located here.
|
|
|
|
|
|
|
OCR Program Connects HIPAA Security Rule with NIST Framework
In an effort to help identify the overlap between the Health Insurace Portability and Accountatbility Act (HIPAA) security rule and the National Institute of Standards and Technology framework (NIST), Office of Civil Rights (OCR) at Health and Human Services promulgated their crosswalk. Many healthcare organizations may already possess an aligned security program; the crosswalk also helps identify gaps. “This crosswalk maps each administrative, physical and technical safeguard standard and implementation specification in the HIPAA Security Rule to a relevant NIST Cybersecurity Framework Subcategory,” OCR revealed in their release. The strength of the crosswalk is how OCR believes that the security rule can coexist with the NIST Framework. In addition, the crosswalk complies with the recent Cybersecurity National Action Plan put forth by President Obama in February.
|
|
|
PHEMI Delivers Panel on Big Data at eHI Annual ConferenceLast month at the eHI Annual Conference and Member meeting, technology services provider PHEMI presented the “Privacy and Analytics in the Era of Big Data” panel on day two. Charles Boicey, Chief Innovation Officer, Clearsense and Dr. Paul Terry, Chief Executive Officer, PHEMI Systems served as panelists with Andrew Truscott from Accenture serving as moderator. The hour long panel featured presentations from Dr. Terry and Mr. Boicey followed by Q&A. You can listen to the audio here.
|
|
|
|
Rhode Island Discusses Medical Identity Theft LegislationRhode Island is the latest state to tackle the issue of medical identity theft. The new Rhode Island Identity Theft Protection Act requires organizations of all sizes to establish and maintain a risk-based information security program. The act requires state businesses to refrain from keeping personal information for longer than is reasonably required to provide services. Additionally, the data must be destroyed in a secure manner. Examples of critical information under the law include, but are not limited to, social security number, driver’s license number, and medical and health insurance information. “The intent of this legislation is to set standards and to protect that vital information from those who wish to do harm or profit from the most personal details of our lives,” one of the bill’s sponsors, State Senator Louis DiPalma (D), said in a statement.
|
|
|
MEMBER SPOTLIGHT:
Coordinated Care Oklahoma, GE Healthcare, Kno2, Netsmart and OneRecord Advance Health Data Sharing
FACES OF EHI:
Brian Kelly, President, Payer & Provider Solutions, Quintiles
UPCOMING EVENTS:
Policy Steering Committee: March 9, 3 – 4pm ET
eHI Member Breakfast: March 15, 8am ET
Interoperability Workgroup: March 15, 3 – 4pm ET
Business and Clinical Motivators Workgroup: March 16, 2 – 3pm ET
Policy Working Group: March 22, 3 – 4pm ET
Data Analytics Workgroup: March 29, 3 – 4pm ET
|
|
|
Interoperability: March 15, 3 – 4pm ET
The March Interoperability Work Group call will have presentations on solutions that Health Information Exchanges (HIEs) have implemented to address the consent and data protection requirements of 42 CFR Part 2. We will also have an update on outreach to identify examples of consent and privacy data sharing practices.
|
|
|
 HHS Releases Joint US/UK Report on Adoption of EHRs
On Thursday, Heath and Human Services (HHS) announced a joint report they conducted with the United Kingdom Ministry of Health. The report highlights findings regarding the successful adoption and utilization of digital care records in the United States and the United Kingdom. The authors pay particular attention to human and behavior factors regarding adoption in order to determine “what good looks like.” The report is a result of a bilateral international agreement between the US and the UK signed in January of 2014. |
|
HLC’s Solutions to Transform Healthcare
The Healthcare Leadership Council (HLC) has released a report that proposes six viable solutions to transform healthcare. The Council is a collaboration of senior leaders from all health sectors, including vendors, providers, payers and patient advocates representing over 100 different organizations. The HLC report was prepared by the National Opinion Research Center (NORC) at the University of Chicago and was the final product of a year-long effort to produce implementable recommendations that can be accepted in a partisan election year. The solutions presented in the report addressed the issues of improving Centers for Medicare and Medicaid Services' Medication Therapy Management Model, achieving data interoperability in two years, speeding up the Food and Drug Administration (FDA)’s regulatory process, privacy laws and access to patient data, reforming outdated physician self-referral and anti-kickback statute, and implementing best practices to improve care for chronically ill patients.
Study Finds Healthcare at Risk from Poor Cyberthreat Prep
A new study from the Baltimore-based firm, Independent Security Evaluators, calls healthcare an “industry in turmoil” regarding patient health being “extremely vulnerable” from insufficient cybersecurity preparations. The two-year study examined 20 firms from across healthcare from January 2014 to January 2016. They found two major flaws in preparations: that most measures only address “unsophisticated adversaries” (individuals and small groups) rather than sophisticated state-actors, and a sole focus on protection of patient records at the exclusion of other patient data. The authors make may suggestions including creating effective regulations, arguing that the Health Insurance Portability and Accountability Act (HIPAA) has failed to protect patient data.
Internet of Things Devices Lack Catchall Regulatory Response, According to New Report
Despite talk of insecurity in the emerging Internet of Things (IoT) and how best to protect the numerous devices being released, there is not much on the books to accomplish that. Experts from the Center for Strategic and International Studies found that the situation is much more complicated than just locking down every device. The report estimates that 21 billion devices will be connected by 2020. These devices include anything from refrigerators, to cars, to patient care equipment like monitors, respirators, and Inter-venous (IV)-pumps. With these devices come much more data that will need to be secured. All of these disparate devices make a catchall policy impractical, if not impossible.
|
|
|
|
|
|
