Initial Needs/Goals Assessment
Determine what the clinics goals for participating in the HIE. Is the clinic participating in an ACO or trying to achieve PCMH status?
and set expectations
Validate Requirements and Set Expectations
Participation in the HIE requires resources and time. Clinics should validate they have network capability and computers up to date with antivirus software. Clinics should expect 4-5 months for project completion.
Identify champion, super user
and point of contact
Identify Champion, Super User and Point of Contact
Our experience has shown clinics who readily adopt change in workflows and new technology have a Leader/champion in place. Typically a Physician or Office manager will lead the change in office culture. In addition, the clinic should identify a super user. A super user is the go to person for questions about using the HIE Community Portal. Either the champion or super user can serve as the point of contact but for the project we will need a resource engaged throughout the project.
Request EMR vendor resource
be assigned to project
Request EMR vendor Resource be Assigned to Project
4. It is important to engage your EMR vendor early in the project. Contact your EMR vendor and let them know are requesting to connect to your local HIE. Ask for EMR vendor to assign a point of contact for the project.
1. HIPAA/Privacy & Security Policies
Protecting patient health information and meeting your HIPAA privacy and security responsibilities regarding electronic health information exchange is a shared responsibility among all participants of the HIE. Your practice not your EHR developer is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of health information in your EMR.
2. Clinic’s Risk Assessment
Conduct a security risk analysis (or reassessment if you already conducted
an initial risk analysis) that compares your current security measures to
what is legally and pragmatically required to safeguard patient health
information. A risk assessment helps your organization ensure it is compliant
with HIPAA’s administrative, physical, and technical safeguards.
3. HIPAA Training for Staff
To safeguard patient health information, your workforce must know how
to implement your policies, procedures, and security audits. HIPAA requires
you as a covered provider to train your workforce on policies and procedures.
Also, your staff must receive formal training on breach notification.
An Integrated Solution
As the “data steward” for the community to share patient health information, we have put in place processes and oversight to ensure privacy and security to facilitate the secure exchange of protected health information. Although most Hospitals and Providers have Electronic health record (EHR) systems, most are not able to share information electronically among different EHR vendors. The result by default is most providers still fax copies of health records to each other.
Our solution bridges siloed EHR systems by connecting once to the RGV HIE, we have the technical capabilities to share data with multiple sources while eliminating costly point to point interfaces cost. We make it affordable for clinics and health organizations to meet current legislations such as Meaningful Use, PCMH, MACRA, join a disease registry, or connect to a quality reporting tool. Essentially you connect to the HIE one time and direct your data to any destination required at a reasonable cost.
How to use C-CDA to meet 2014 Edition EHR Certification Criteria
Civil and Criminal Penalties
Civil Monetary Penalties
|1. Covered entity or individual did not know (and by exercising reasonable diligence would not have known) the act was a HIPAA violation.||$100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.|
|2. The HIPAA violation had a reasonable cause and was not due to willful neglect.||$1,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.|
|3. The HIPAA violation was due to willful neglect but the violation was corrected within the required time period.||$10,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.|
|4. The HIPAA violation was due to willful neglect and was not corrected.||$50,000 or more for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.|
|1. Unknowingly or with reasonable cause||Up to one year|
|2. Under false pretenses||Up to five years|
|3. For personal gain or malicious reasons||Up to ten years|