Archive for EHRs
Medical Records Briefing (MRB) is conducting its benchmarking survey on electronic health record implementation, and we would appreciate your input. Please take a few moments to complete this survey.
To show our thanks, we will select one respondent at random to win a complimentary HCPro webcast of his or her choice. To enter to win, please include your contact information at the end of the survey once you have answered the questions.
Entering your contact information will also enable us to email you the results of the survey along with commentary from industry experts. The results will also be featured in the October 2015 issue of MRB.
The link below will take you to the survey’s website; simply click on the link to answer the survey questions online. If the click-through does not work, please copy and paste the URL below into the address bar of your browser.
Here’s the link to the survey: https://www.surveymonkey.com/s/W5QVJPD
Thank you for your input!
Editor, Medical Records Briefing
The National Cybersecurity Center of Excellence (NCCoE) is publishing a new series of guides to show healthcare professionals and organizations how to improve their cybersecurity measures to protect health information systems with standards-based, commercially available, or open-source tools.
The NCCoE released a draft version of the first guide in the series, “Securing Electronic Records on Mobile Devices,” July 23 for public comment. The step-by-step guide demonstrates how to use smartphones or tablets for patient care without spreading sensitive data across the digital stratosphere.
An Indiana-based EHR vendor and its subsidiary company were the victims of a sophisticated criminal cyber-attack last week that exposed the PHI of some patients at several of the vendor’s clients, according to a notice Medical Informatics Engineering (MIE) posted to its website June 10.
The statement did not say how many patients were affected, but did list the following affected clients, which were each notified of the breach:
- Fort Wayne Neurological Center
- Franciscan St. Francis Health Indianapolis
- Gynecology Center, Inc. Fort Wayne
- Rochester Medical Group
The breach also affected MIE’s subsidiary, NoMoreClipboard, which is also based out of its Fort Wayne offices. A separate notice to those clients and patients was issued.
The Office of the National Coordinator (ONC) released the revised “Guide to Privacy and Security of Electronic Health Information” April 13 to help organizations integrate federal health information privacy and security requirements.
The guide is geared toward HIPAA covered entities and Medicare eligible professionals from smaller organizations. The updated version features information about compliance with the privacy and security requirements of CMS’ Electronic Health Record (EHR) Incentive Programs as well as compliance with HIPAA Privacy, Security, and Breach Notification Rules.
The guide covers such topics as:
- Increasing patient trust through privacy and security
- Provider responsibilities under HIPAA
- Health information rights of patients
- Security patient information in EHRs
- Meaningful Use core objectives that address privacy and security
- A seven-step approach for implementing a security management process
- Breach notification and HIPAA enforcement
The Office of the Inspector General (OIG) recently released its fiscal year (FY) 2015 Work Plan, which addresses EHR compliance with HIPAA.
The OIG plans to review healthcare organizations’ compliance with the contingency planning requirements of HIPAA with regard to EHRs, according to the Work Plan. The HIPAA Security Rule requires covered entities (CE) develop a contingency plan that includes policies and procedures for addressing situations when systems that contain PHI are damaged or compromised. OIG will also compare hospitals’ contingency plans with government and industry practices.
Comparatively, in its FY 2014 Work Plan, OIG focused on reviewing and assessing Office for Civil Rights (OCR) oversight of CEs’ compliance with the HIPAA Privacy Rule. OIG also sought to determine the compliance of Medicare Part B CEs with certain privacy standards. OIG planned to review OCR investigation policies and assess OCR oversight to determine CE compliance with the HIPAA Privacy Rule. In addition, during FY 2014, OIG planned to review OCR oversight of CEs’ compliance with the Breach Notification Rule. OIG planned to review OCR investigations of breaches reported by CEs and will determine Medicare Part B CE compliance with breach standards.