Home

Customer Readiness

Before getting started, it is important to have some key pieces in place to ensure that your practice will get the maximum
benefit from our services. Here are a few of the essentials:

Practice Resource Engagement

Initial needs/goals
assessment

Initial Needs/Goals Assessment

Determine what the clinics goals for participating in the HIE. Is the clinic participating in an ACO or trying to achieve PCMH status?

Validate requirements
and set expectations

Validate Requirements and Set Expectations

Participation in the HIE requires resources and time. Clinics should validate they have network capability and computers up to date with antivirus software. Clinics should expect 4-5 months for project completion.

Identify champion, super user
and point of contact

Identify Champion, Super User and Point of Contact

Our experience has shown clinics who readily adopt change in workflows and new technology have a Leader/champion in place. Typically a Physician or Office manager will lead the change in office culture. In addition, the clinic should identify a super user. A super user is the go to person for questions about using the HIE Community Portal. Either the champion or super user can serve as the point of contact but for the project we will need a resource engaged throughout the project.

Request EMR vendor resource
be assigned to project

Request EMR vendor Resource be Assigned to Project

4. It is important to engage your EMR vendor early in the project. Contact your EMR vendor and let them know are requesting to connect to your local HIE. Ask for EMR vendor to assign a point of contact for the project.

Take Your First Step

To get started fill out the required information for connecting to the HIE.

HIPAA/Security Policies & Consent Responsibilities

The HIPAA Privacy Rule establishes a national set of standards for the use and disclosure of individually identifiable health information.
Before implementing an HIE, it’s important to complete the following steps:

1. HIPAA/Privacy & Security Policies

Protecting patient health information and meeting your HIPAA privacy and security responsibilities regarding electronic health information exchange is a shared responsibility among all participants of the HIE. Your practice not your EHR developer is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of health information in your EMR.

2. Clinic’s Risk Assessment

Conduct a security risk analysis (or reassessment if you already conducted
an initial risk analysis) that compares your current security measures to
what is legally and pragmatically required to safeguard patient health
information. A risk assessment helps your organization ensure it is compliant
with HIPAA’s administrative, physical, and technical safeguards.

3. HIPAA Training for Staff

To safeguard patient health information, your workforce must know how
to implement your policies, procedures, and security audits. HIPAA requires
you as a covered provider to train your workforce on policies and procedures.
Also, your staff must receive formal training on breach notification.

Resources

1. Guide to privacy & security of electronic health information.
2. Risk assessment Tool: this tool is not required by the HIPAA Security Rule, but is meant to assist providers and professionals as they perform a risk assessment.
3. Security training module uses a game format that requires users to respond to privacy and security challenges often faced in a typical small medical practice.

hipaa-video-screen

Asking Patients for Consent

Providers shall only access data on the RGV HIE for patients who have signed a written consent form. To ensure a high rate of patient consent, the RGV HIE is recommending clinics to use the following script to ensure consistency. Providers must keep a record of the consent.

What to do With Signed Consent Forms

A workflow process for handling signed consent forms should be established to ensure that a record of the patient consent is kept in compliance with Federal and State policy. The workflow may also include marking the patient’s ele tronic or paper record, so that you’ll be able to look up in the future whether the patient has already given consent.

What if a Patient Does Not Give Consent?

Patient will need to complete the OPT OUT FORM. Patients have the right to decline to give consent, and should not be pressured into signing a consent form. If a patient does not wish to grant consent when asked, or is unsure, please ask if the patient has any questions that you may answer. Also please direct the patient to the educational brochure provided by RGV HIE.

How Often Should a Patient Be Asked?

Once a patient gives consent to your organization, that consent is good until the patient revokes it by filling out and signing a revocation form. If a ptient has not given consent yet, or has declined to give consent, it is up to your organization to decide how to handle those situations.

RGV HIE Resources for Clinics

The following resources are made available to support our participating providers. Provide educational and promotional material about participation in the HIE. Provide recommended language to comply with HIPAA. Provide access to the RGV HIE policies.

Notice of Privacy Policies

It is the providers responsibility to inform patients about their participation in the RGV HIE. We recommend either providers update their existing NPP to include language about participation in HIE or create a separate form and attach to NPP.

RGV HIE Policies

The privacy, security and use of patient information is a high priority with our organization. Our policies are reviewed on an annual basis and revised as needed to accommodate approved services.

Marketing Materials

Brochure English/Spanish

Posters

Door Decal

Proposed Roadmap

These are the steps required in order to successfully implement RGV HIE.

An Integrated Solution

As the “data steward” for the community to share patient health information, we have put in place processes and oversight to ensure privacy and security to facilitate the secure exchange of protected health information. Although most Hospitals and Providers have Electronic health record (EHR) systems, most are not able to share information electronically among different EHR vendors. The result by default is most providers still fax copies of health records to each other.

Our solution bridges siloed EHR systems by connecting once to the RGV HIE, we have the technical capabilities to share data with multiple sources while eliminating costly point to point interfaces cost. We make it affordable for clinics and health organizations to meet current legislations such as Meaningful Use, PCMH, MACRA, join a disease registry, or connect to a quality reporting tool. Essentially you connect to the HIE one time and direct your data to any destination required at a reasonable cost.

HIPAA Training

Providing quality training is an important early step in the implementation process. Early training ensures that your practice will be ready to hit the ground running once implementation is complete, maximizing the benefits of your new system.

Notice of Privacy Practices

This is a required form that illustrates the organization’s duty to protect the patient’s health information. It must explain that your permission is needed before any PHI is shared with other entities. The form must be presented to you or placed in organization in clear view.

Covered Entities

Health Plans
Healthcare Providers
Healthcare Clearinghouses

Permitted Use and Disclosure

Are YOU Compliant?

 

If any member of your staff is engaging in these activities, YOU ARE NOT COMPLIANT!

Customer Support

If you need assistance, please contact Relay Health Customer Support using one of the following methods.

To Find Information or Answer to the Questions You May Have Log Into the Community Portal:

COMMUNITY PORTAL

The quickest and easiest way to find information is by using the search box. Type the key word of what you are looking for.

A great way to stay up to date is by subscribing to forums, knowledge base or blogs that you find helpful. You will receive notifications when new information is posted.

null
For Immediate Assistance Contact Relay Health
Tech Support at 866-735-2963
null
Email for Support:
T1Support@RelayHealth.com

Customer Support Available 24/7

Are you ready to get started?

Contact us today!

Counties We Serve

Brooks
Cameron
Hidalgo
Jim Hogg
Kenedy

Webb
Willacy
Starr
Zapata.

Resources

Brand
Sales Collateral
Documents
Policies

Contact

1816 E Harrison Ste. A, Harlingen, TX 78550

CALL US: 956-622-5801

share with your friends & family twitt-icon fb-icon

© 2015 Rio Grande Valley Health Information Exchange

Sign Up to Our Newsletter

How to use C-CDA to meet 2014 Edition EHR Certification Criteria

Civil and Criminal Penalties

Civil Monetary Penalties

TIER PENALTY
1. Covered entity or individual did not know (and by exercising reasonable diligence would not have known) the act was a HIPAA violation. $100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
2. The HIPAA violation had a reasonable cause and was not due to willful neglect. $1,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
3. The HIPAA violation was due to willful neglect but the violation was corrected within the required time period. $10,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
4. The HIPAA violation was due to willful neglect and was not corrected. $50,000 or more for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.

Criminal Penalties

TIER PENALTY
1. Unknowingly or with reasonable cause Up to one year
2. Under false pretenses Up to five years
3. For personal gain or malicious reasons Up to ten years
Your facility is committed to protecting patient privacy and confidentiality. When you fail to protect patient information and records by not following your organization’s policies, it reflects on your ability to perform your job.