Clarifying the Confusion Part IV: Safeguarding the Electronic Communication of PHI

Posted on May 13, 2013 | Leave a comment

By Terry Edwards and Don Dally

Secure ePHIHIPAA provisions emphasize the risk management process, rather than the technologies used to manage risk – so for hospitals and health systems, the pathway to safeguarding electronic communication of PHI lies in the creation of an overall risk management strategy. Ideally, leaders of the covered entity (CE) will form an information security committee to develop and execute the strategy, which includes representatives from IT, operations, the medical staff and nursing, as well as legal counsel. Leaders should also consider including an external security firm in the group. Once the committee is formed, the organization should take four essential steps for protecting the security of ePHI.

Continue reading

→ Leave a comment

Posted in Don Dally, Terry Edwards

Tagged , , , , ,

Clarifying the Confusion – Part III: Worst Case HIPAA Security Breaches

Posted on May 7, 2013 | 1 Comment

By Terry Edwards

HIPAA breachCompliance involving PHI is certainly high on the list of stress-inducing issues for healthcare leaders. And who can blame them? HIPAA violations can be extremely expensive, leaving these already-strapped organizations in an even more stressful financial situation.

For example, in 2012 the Massachusetts Eye and Ear Infirmary reached a $1.5 million agreement with HHS and agreed to enact corrective actions after an employee’s laptop containing unencrypted PHI was stolen. In another case, Blue Cross/Blue Shield of Tennessee reached a $1.5 million agreement with HHS after 57 unencrypted computer hard drives containing PHI of more than one million individuals was stolen from a leased facility. The health plan also incurred more than $17 million in direct expenses related to the investigation and remediation of the incident.

When it comes to securing PHI, these are some of the key issues keeping hospital execs up at night:

Continue reading

→ 1 Comment

Posted in Terry Edwards

Tagged , , , ,

Clarifying the Confusion – Part II: Understanding HIPAA and Its Revisions

Posted on April 30, 2013 | 1 Comment

By Terry Edwards

Terry Edwards_blog sizeEnacted in 1996, HIPAA requires the HHS to create standards for the use and dissemination of health care information and addresses the security and privacy of health data. The HIPAA provisions were supplemented in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The omnibus rule released in mid-January 2013 by the HHS Office for Civil Rights (OCR) finalizes the HITECH provisions and clarifies some elements of the original HIPAA legislation. The new rule became effective March 26, 2013, and the deadline for compliance is September 23, 2013.

A notable change between the original Act and the final omnibus rule is that a covered entity (CE) is now required to notify the OCR for any breach, unless the organization conducts a risk analysis and can demonstrate a low probability of compromise. Prior to the January update, notification was required only if a significant risk of harm existed.

Continue reading

→ 1 Comment

Posted in Terry Edwards

Tagged , , , , , ,

Clarifying the Confusion about HIPAA-Compliant Electronic Communications – Part I

Posted on April 15, 2013 | 1 Comment

Texting Is Just One Piece of the Puzzle
By Terry Edwards

securityIn 2012, approximately 184.3 billion text messages were sent in the U.S. each month, an increase from 28.9 billion a month just five years before. And every day an increasing number of physicians and other health care providers are exchanging clinical information through a wide range of modes – including smart phones, pagers, CPOE, emails, texts and messaging features in an EMR. So it’s no surprise that hospital and health system leaders are honing in on securing protected health information in electronic form (ePHI).

At the same time, changes in the HIPAA regulations released earlier this year, as well as misleading hype from vendors, have made HIPAA compliance more important and yet more challenging to achieve. Delays in addressing the issue can result in expensive legal fees and settlements, divert resources and staff from other important activities, tarnish an organization’s reputation, and, most critically, undermine patient trust. But it’s time to set the record straight on secure communications.

Continue reading

→ 1 Comment

Posted in Terry Edwards

Tagged , , , , ,

Look Who’s Talking: Clinical Communications Improves Physician Satisfaction

Posted on April 9, 2013 | Leave a comment

St Rita's picBy Herbert Schumm, M.D., Vice President of Medical Affairs, St. Rita’s Health Partners and President of St. Rita’s Professional Services

Part of the Mercy Health System, St. Rita’s Medical Center, located in Lima, Ohio, is a 383-bed acute care facility with a medical staff of 370 physicians. St. Rita’s Medical Center is the largest hospital within a 70-mile radius of Lima.

I’ve seen the positive impact sophisticated clinical communications systems can have on a healthcare organization. From consults to discharge procedures to safety issues, it plays a key role in every facet of improving patient care. But it’s also a game-changer when it comes to maintaining physician and nurse satisfaction and retention of these clinicians – which is increasingly critical in today’s competitive healthcare environment. Better connecting clinicians benefits them a number of ways, including:

Continue reading

→ Leave a comment

Posted in By Guest Blogger

Tagged , , ,

A Top Five for Clinical Communications

Posted on March 27, 2013 | Leave a comment

Jack Cox 1By Jack L. Cox, M.D., M.M.M., SVP & Chief Quality Officer, Hoag Memorial Hospital Presbyterian.

Clinician-to-clinician communications is the true underpinning of achieving more coordinated and cost-effective care, but it’s an issue that is largely overlooked. As someone who’s tackled this challenge alongside many others, I know how overwhelming it can be to suggest yet another technology implementation project and process change to clinical and IT teams. But here are five reasons why I believe clinician communications should be a top priority for every health system:

Continue reading

→ Leave a comment

Posted in By Guest Blogger

Tagged , , , ,

View from HIMSS13: Sharing of patient data is great, but physicians still need to talk

Posted on March 12, 2013 | 1 Comment

By Terry Edwards

HIMSS show picThis year at HIMSS, the floor buzzed with talk of moving beyond just collecting data with an EMR, to connecting and sharing that data and information across multiple facilities and analyzing that information so that we have a better picture of our unique patient populations. And while I agree that this vision is an exciting one, we’re still neglecting one big piece of the puzzle: making sure all clinicians using all this data have the means to consult, collaborate and actually talk about it. Continue reading

→ 1 Comment

Posted in Terry Edwards

Tagged , , , , ,