EHR and Health IT Consulting
35.0K views | +0 today
Follow
EHR and Health IT Consulting
Technical Doctor's insights and information collated from various sources on EHR selection, EHR implementation, EMR relevance for providers and decision makers
Your new post is loading...
Your new post is loading...
Scoop.it!

EHR certification provides a baseline security safety net

EHR certification provides a baseline security safety net | EHR and Health IT Consulting | Scoop.it

EHR certification and security is always top of mind in choosing a healthcare software application. Not only does a software application have to prove its clinical or infrastructure value, but if it cannot do so in a secure way it will never be the product of choice.

The security questions asked of software vendors can vary in nature. Generally they revolve around meeting HIPAA requirements for access, authentication, and encryption. In addition, having a product tested against a threat model, such as OWASP, or some other type of security audit provides an extra sense of security for potential buyers. However, the healthcare industry already has a certain level of security standards provided in EHR certification testing.

EHR certification is normally linked to EHR vendors helping their customers meet Meaningful Use requirements. Within the EHR certification, there are a set of security criteria. And any software vendor can test to these security measures as a health IT module, without testing all the other requirements related to Meaningful Use. In this way, healthcare software products can ensure that they meet the same security requirements as an EHR and give their customers peace of mind that they at least meet a certain level of security standards as defined by the ONC.

The security measures included in the 2015 Edition EHR certification include:

  • 315.d.1 Authentication, Access, Authorization
  • 315.d.2 Auditable Events and Tamper Resistance
  • 315.d.3 Audit Reports
  • 315.d.4 Amendments
  • 315.d.5 Automatic Access Time-out
  • 315.d.6 Emergency Access
  • 315.d.7 End User Device Encryption
  • 315.d.8 Integrity
  • 315.d.9 Trusted Connection
  • 315.d.10 Auditing Actions On Healthcare Information

User access

The criteria in d.1, d.5 and d.6 have to do with validating the user seeking access to electronic health information. The software application is tested in a number of different ways to ensure that unauthorized users are not allowed to authenticate or access the system. This includes having automatic time-outs to help ensure that a malicious user cannot follow behind an unsuspecting valid user. These criteria do include an option for emergency access if the need arises.

Encryption

The criteria in d.7, d.8, and d.9 focus on encryption of data, both at rest and in transport. The software application must have a way to either encrypt data at rest, or show that no personal health date is left behind once the application is closed. And for data in transit, encryption and hashing must be used to protect the data, or the use of a standard secure transport such as TLS.

Audit logging

The criteria in d.2, d.3, and d.10 focus on logging and reporting when PHI is handled. This handling of PHI can include a variety of actions such as querying, changing, deleting, adding, printing, or copying. Other related actions are logged as well, such as changing user privileges, disabling the audit log itself, or turning off encryption. All of the logging is required to be included in a report that can be run over a given date range.

These three key areas of security (user access, encryption, and audit logging) provide a baseline that all software applications can meet. Certainly, any EHR is going to meet these security requirements because of Meaningful Use, but other software vendors can also test to these requirements to ensure the industry that they are on par with EHRs when it comes to security. This helps give providers the peace of mind they want, while setting the same baseline for all vendors in healthcare across the board.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Five Ways Healthcare Data Analytics Can Help You 

Five Ways Healthcare Data Analytics Can Help You  | EHR and Health IT Consulting | Scoop.it

A few days ago, the Human Health Services’ (HHS) Office of Inspector General released a report highlighting the 10 biggest management and performance challenges the healthcare industry is facing, and yet again, EHRs and health IT have made it to the list. Healthcare is complex and the challenges we face today might take years to overcome, in the transition from fee-for-service to value-based care, data analytics has a huge role to play as the building block of the healthcare industry.

Data Analytics has efficiently empowered healthcare organizations to thrive in a value-based world, and is not limited to:

  1. Real-time access to patient’s dataImagine having sorted, structured data easily accessible to physicians – this could be a game changer and save a lot of time simultaneously improving health outcomes. According to a post, many Primary Care Physicians (PCPs) see their patients at an interval of 11-15 minutes. With quick access to patients’ data like medical records, clinicians can rely on actionable insights generated after advanced analytics, and research data to treat their patients.A healthcare system based in Washington was facing the challenge of limited access to data. The process they had for obtaining patient information required them to submit a request to the department overlooking information, and after their request was processed it would present a thoroughly checked and validated data which could take two days or even stretch out to as much as a month. By using an analytics application to access real-time data, the wait time for information was reduced by 75-100%.
  2. Data-Driven Decision MakingThe traditional obstacles of compiling and analyzing data persist even with advancing technology. EHR systems are now widespread than they were in the past, with health IT providing interoperability, bigger chunks of data is processed making it convenient for providers to have all of the patient’s vital information compiled into a single record that helps drive improvements with accurate data. The aim is to share data easily.
  • Many providers have reported significant improvements in quality metrics after adopting health IT.
  • As of 2014, about 82.8% of office-based physicians have adopted EHRs, and since 2008, this number has been nearly doubled – from 42% to 83%.
  • The HITECH Act of 2009 grants $19.2 billion to increase the use of EHRs by physicians and hospitals.
  1. Better Care CoordinationData is integral to managing population health, imperative to improving population health and health outcomes. Hospitals are now turning towards data analytics to leverage the massive data and create effective treatment plans. Upcoming payment reforms and the shift to value-based care are serving as the bedrock to the healthcare paradigm shift. A Texas-based health system incorporated analytic tools and saw huge improvements:
  • Depression screenings saw a dramatic increase by 600%.
  • A 75% increment in blood-pressure screenings.
  • More than 700 patient visits were reduced, owing to analytics-empowered nursing.
  • Even though 900 patients every day are managed on an average, clinicians are able to examine the patients through their data and make a well-informed decision.

Analysis of data only takes one so far, after this comes the proper management of data, and the insight to make sense of it to make population health management truly successful.

  1. Improving Quality of Health Care Measuring data with all the quality metrics seems like a daunting task, and many providers are now adopting analytics tool to not only measure data, but to simplify the task of structuring data well enough for reporting. Lots of analytics tools being developed are now equipped with:
  • Analyzing data requirements for pre-defined quality measures
  • Providing initial data assessment and structuring it
  • Calculating quality metrics and payment adjustments
  • Tracking current performance and improving on it through advanced analytics
  • Providing considerable insight into population health

By using health information exchange, a value-focused organization was successful in reducing total office visits by 26.2% and increasing the number of scheduled telephone visits to the hospital by eight times!

  1. Making Way for Further InnovationsHealth IT has created room for innovation and focused development in healthcare, with healthcare companies inspired to adopt advanced technology, the focus is to develop something that makes the healthcare industry future-proof and focused on quality care. Some examples of innovations in the healthcare space.
  • A San Francisco-based company focused on asthma uses a GPS-enabled tracker in inhalers, that uses their location, analyzes the potential catalysts and provides them with personalized treatment plans.
  • A Silicon Valley-based company has created customizable ACO dashboards, which help providers improve their performance in healthcare services delivery using their claims data and aligning it with their goals.

As the healthcare industry moves from fee-for-services to fee-for-value, much has been done to gain the momentum, but to sustain it and grow with it demands healthcare members to tap the massive potential of data analytics. It can transform the current landscape of healthcare, and the future is dotted with several possibilities. Data analytics is still at a relatively early stage of development, but the rate at which advancements are going on, a revolution is underway. It could be the best thing since sliced bread.

Technical Dr. Inc.'s insight:
 Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.