Customer Readiness

Before getting started, it is important to have some key pieces in place to ensure that your practice will get the maximum
benefit from our services. Here are polish my paper a few of the essentials:

Practice Resource Engagement

Initial needs/goals

Initial Needs/Goals Assessment

Determine what the clinics goals for participating in the HIE. Is the clinic participating in an ACO or trying to achieve PCMH status?

Validate requirements
and set expectations

Validate Requirements and Set Expectations

Participation in the HIE requires resources and time. Clinics should validate they have network capability and computers up to date with antivirus software. Clinics should expect 4-5 months for project completion.

Identify champion, super user
and point of contact

Identify Champion, Super User and Point of Contact

Our experience has shown clinics who readily adopt change in workflows and new technology have a Leader/champion in place. Typically a Physician or Office manager will lead the change in office culture. In addition, the clinic should identify a super user. A super user is the go to person for questions about using the HIE Community Portal. Either the champion or super user can serve as the point of contact but for the project we will need a resource engaged throughout the project.

Request EMR vendor resource
be assigned to project

Request EMR vendor Resource be Assigned to Project

4. It is important to engage your EMR vendor early in the project. Contact your EMR vendor and let them know are requesting to connect to your local HIE. Ask for EMR vendor to assign a point of contact for the project.

Take Your First Step

To get started fill out the required information for connecting to the HIE.

HIPAA/Security Policies & Consent Responsibilities

The HIPAA Privacy Rule establishes a national set of standards for the use and disclosure of individually identifiable health information.
Before implementing an HIE, ita��s important to complete the following steps:

1. HIPAA/Privacy & Security Policies

Protecting patient health information and meeting your HIPAA privacy and security responsibilities regarding electronic health information exchange is a shared responsibility among all participants of the HIE. Your practice not your EHR developer is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of health information in your EMR.

2. Clinica��s Risk Assessment

Conduct a security risk analysis (or reassessment if you already conducted an initial risk analysis) that compares your current security measures to what is legally and pragmatically required to safeguard patient health information. A risk assessment helps your organization ensure it is compliant with HIPAAa��s administrative, physical, and technical safeguards.

3. HIPAA Training for Staff

To safeguard patient health information, your workforce must know how to implement your policies, procedures, and security audits. HIPAA requires you as a covered provider to train your workforce on policies and procedures. Also, your staff must receive formal training on breach notification.



1. Guide to privacy & security of electronic health information.

2. Risk assessment Tool: this tool is not required by the HIPAA Security Rule, but is meant to assist providers and professionals as they perform a risk assessment.

3. Security training module uses a game format that requires users to respond to privacy and security challenges often faced in a typical small medical practice.

Asking Patients for Consent

Providers shall only access data on the RGV HIE for patients who have signed a written consent form. To ensure a high rate of patient consent, the RGV HIE is recommending clinics to use the following script to ensure consistency. Providers must keep a record of the consent.

What to do With Signed Consent Forms

A workflow process for handling signed consent forms should be established to ensure that a record of the patient consent is kept in compliance with Federal and State policy. The workflow may also include marking the patienta��s ele tronic or paper record, so that youa��ll be able to look up in the future whether the patient has already given consent.

What if a Patient Does Not Give Consent?

Patient will need to complete the OPT OUT FORM. Patients have the right to decline to give consent, and should not be pressured into signing a consent form. If a patient does not wish to grant consent when asked, or is unsure, please ask if the patient has any questions that you may answer. Also please direct the patient to the educational brochure provided by RGV HIE.

How Often Should a Patient Be Asked?

Once a patient gives consent to your organization, that consent is good until the patient revokes it by filling out and signing a revocation form. If a ptient has not given consent yet, or has declined to give consent, it is up to your organization to decide how to handle those situations.

RGV HIE Resources for Clinics

The following resources are made available to support our participating providers. Provide educational and promotional material about participation in the HIE. Provide recommended language to comply with HIPAA. Provide access to the RGV HIE policies.

Notice of Privacy Policies

It is the providers responsibility to inform patients about their participation in the RGV HIE. We recommend either providers update their existing NPP to include language about participation in HIE or create a separate form and attach to NPP.

RGV HIE Policies

The privacy, security and use of patient information is a high priority with our organization. Our policies are reviewed on an annual basis and revised as needed to accommodate approved services.

Marketing Materials

Brochure English/Spanish


Door Decal

Proposed Roadmap

These are the steps required in order to successfully implement RGV HIE.

An Integrated Solution

As the a�?data stewarda�? for the community to share patient health information, we haveA�put in place processes and oversight to ensure privacy and security to facilitate theA�secure exchange of protected health information. Although most Hospitals andA�Providers have Electronic health record (EHR) systems, most are not able to shareA�information electronically among different EHR vendors. The result by default is mostA�providers still fax copies of health records to each other.

Our solution bridges siloed EHR systems by connecting once to the RGV HIE, weA�have the technical capabilities to share data with multiple sources while eliminatingA�costly point to point interfaces cost. We make it affordable for clinics and healthA�organizations to meet current legislations such as Meaningful Use, PCMH, MACRA,A�join a disease registry, or connect to a quality reporting tool. Essentially youA�connect to the HIE one time and direct your data to any destination required atA�a reasonable cost.

RGVHIE Training

Providing quality training is an important early step in the implementation
process. Early training ensures that your practice will be ready to hit the
ground running once implementation is complete, maximizing the benefits
of your new system.

Overview of Compliance Guidelines

Before training can begin, users must sign a user access request form and
a HIPAA acknowledgement request form.

How to Use ForCare

We will provide training on how to use ForCare. The features
available in ForCare include:

  • A provider portal
  • Secure messaging for referrals
  • Patient add, update, and merge
  • Role base

Administrative Management Training

We will also provide administrative management training that will
include instructions for managing accounts and super users.

Transition to Customer Support

You will transition to Customer Support at completion of implementation
at which time Support will be your primary contact. If you need assistance,
please contact support@rgvhie.org.

Customer Support

If you need assistance, our team is here to support you. Please contact us
Monday through Friday between the hours of 9 AM to 5 PM using one of
the following methods:
Contact us by phone at 956-609-6677
Contact us by email at support@rgvhie.org

Are you ready to get started?

Contact us today!

1816 E Harrison Ste. A, Harlingen, TX 78550
CALL US: 956-335-0583

How to use C-CDA to meet 2014 Edition EHR Certification Criteria

Civil and Criminal Penalties

Civil Monetary Penalties

1. Covered entity or individual did not know (and by exercising reasonable diligence would not have known) the act was a HIPAA violation. $100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
2. The HIPAA violation had a reasonable cause and was not due to willful neglect. $1,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
3. The HIPAA violation was due to willful neglect but the violation was corrected within the required time period. $10,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
4. The HIPAA violation was due to willful neglect and was not corrected. $50,000 or more for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.

Criminal Penalties

1. Unknowingly or with reasonable cause Up to one year
2. Under false pretenses Up to five years
3. For personal gain or malicious reasons Up to ten years
Your facility is committed to protecting patient privacy and confidentiality. When you fail to protect patient information and records by not following your organization’s policies, it reflects on your ability to perform your job.