04-18-13 | Blog Post
Online Tech is exhibiting HIPAA hosting solutions at booth #9 at the Indiana Health Information Management Association (IHIMA) 2013 Annual Meeting, Changing Times with IHIMA, held at the Indianapolis Marriott Downtown, in Indianapolis, IN on April 17-19.
The following session covered meaningful use with healthcare professionals:
Meaningful Use
Speaker: Jeff Short, JD, Hall Render, Killian Heath and Lyman
Jeff highlighted the key core objectives that will be coming in every stage of meaningful use. One of the biggest changes to affect healthcare professionals is the change to e-copy and online access found in Stage 1 that will be effective as of 2014.
This change will require that healthcare organizations provide patients with an e-copy of health information upon request. Electronic access to health information must be provided where patients will have the ability to view and download records from online.
Other items in the core set of objectives that Stage 2 will address for eligible hospitals:
The heaviest emphasis for a Stage 2 core objective was for security analysis. Hospitals must conduct and review a security analysis and incorporate it into their risk management process. Jeff could not emphasize enough that you HAVE to have a security analysis and it MUST have some rigor to it.
Every single data breach write-up he has read has stated that the hospitals in question said that they had performed a security risk assessment, when they in fact had not. Simply put, performing a security analysis is the right thing to do because it protects your patients’ data. You’re also protecting yourself from the state attorney general. You have to perform the analysis to comply with HIPAA. They are already beginning to write people up for HIPAA violations. Fines are beginning to seven figures now for even minor breaches.
He mentioned that there is some discrepancy between whether or not you have to use an external auditor or whether you can do an internal audit and attest that you have met the requirements. While it is noted that you can do an internal audit, it is simply smarter and safer to have an outside vendor perform your audit.
Jeffrey W. Short, JD, Hall, Render, Killian, Heath & Lyman, P.C.
Jeffrey W. Short advises large and small companies on legal issues relating to computer hardware, computer software, technology, privacy, copyright, trademark, and the Internet. Mr. Short concentrates his practice on information technology and privacy issues relating to health care entities, including hospitals, physician groups, and pharmaceutical companies. Specifically, Mr. Short assists his clients in the procurement of technology by drafting and negotiating the necessary agreements including software development, software licensing, and IT consulting agreements. In addition, Mr. Short has vast experience in the development of protection policies, not only in the technology arena, but also in the areas of intellectual property and the Internet. Mr. Short routinely assists local and national clients on privacy issues including HIPAA compliance. Mr. Short has made numerous speeches relating to HIPAA and technology procurement in health care, including speaking at the 2001 National HIPAA Summit.
About the Indiana Health Information Management Association
The Indiana Health Information Management Association (IHIMA) is a non-profit healthcare professional association representing over 2,000-credentialed Hoosiers. IHIMA is an affiliate with American Health Information Management Association (AHIMA) as a Component State Association. Our purpose is to commit to excellence in the management of health information for the benefit of patients and providers.
Online Tech is exhibiting HIPAA hosting solutions at booth #9 at the Indiana Health Information Management Association (IHIMA) 2013 Annual Meeting, Changing Times with IHIMA, held at the Indianapolis Marriott Downtown, in Indianapolis, IN on April 17-19.
The following session covered meaningful use with healthcare professionals:
Meaningful Use
Speaker: Jeff Short, JD, Hall Render, Killian Heath and Lyman
Jeff highlighted the key core objectives that will be coming in every stage of meaningful use. One of the biggest changes to affect healthcare professionals is the change to e-copy and online access found in Stage 1 that will be effective as of 2014.
This change will require that healthcare organizations provide patients with an e-copy of health information upon request. Electronic access to health information must be provided where patients will have the ability to view and download records from online.
Other items in the core set of objectives that Stage 2 will address for eligible hospitals:
The heaviest emphasis for a Stage 2 core objective was for security analysis. Hospitals must conduct and review a security analysis and incorporate it into their risk management process. Jeff could not emphasize enough that you HAVE to have a security analysis and it MUST have some rigor to it.
Every single data breach write-up he has read has stated that the hospitals in question said that they had performed a security risk assessment, when they in fact had not. Simply put, performing a security analysis is the right thing to do because it protects your patients’ data. You’re also protecting yourself from the state attorney general. You have to perform the analysis to comply with HIPAA. They are already beginning to write people up for HIPAA violations. Fines are beginning to seven figures now for even minor breaches.
He mentioned that there is some discrepancy between whether or not you have to use an external auditor or whether you can do an internal audit and attest that you have met the requirements. While it is noted that you can do an internal audit, it is simply smarter and safer to have an outside vendor perform your audit.
Jeffrey W. Short, JD, Hall, Render, Killian, Heath & Lyman, P.C.
Jeffrey W. Short advises large and small companies on legal issues relating to computer hardware, computer software, technology, privacy, copyright, trademark, and the Internet. Mr. Short concentrates his practice on information technology and privacy issues relating to health care entities, including hospitals, physician groups, and pharmaceutical companies. Specifically, Mr. Short assists his clients in the procurement of technology by drafting and negotiating the necessary agreements including software development, software licensing, and IT consulting agreements. In addition, Mr. Short has vast experience in the development of protection policies, not only in the technology arena, but also in the areas of intellectual property and the Internet. Mr. Short routinely assists local and national clients on privacy issues including HIPAA compliance. Mr. Short has made numerous speeches relating to HIPAA and technology procurement in health care, including speaking at the 2001 National HIPAA Summit.
About the Indiana Health Information Management Association
The Indiana Health Information Management Association (IHIMA) is a non-profit healthcare professional association representing over 2,000-credentialed Hoosiers. IHIMA is an affiliate with American Health Information Management Association (AHIMA) as a Component State Association. Our purpose is to commit to excellence in the management of health information for the benefit of patients and providers.