Meaningful Use Webcast

Transcription

1 MU Security Objectives Direct Messaging Questions

2 MU Security Objective Security s Importance to Meaningful Use The Security Objective Satisfying the Objective Security Mechanisms in the EHR Software

3 MU Security Objective How Important is Security? Patient s Privacy Trustworthiness Interoperability Goals Core Objective EH / CAH -> 42 CFR 495.6(l)(15) EP -> 42 CFR 495.6(j)(16)

4 MU Security Objective The Objective Protect electronic health information created or maintained by the CEHRT through implementation of appropriate technical capabilities. Items to Note Not Percentage-based Satisfied through attestation

5 MU Security Objective The Measure Conduct or review a security Risk Analysis in accordance with the requirements under 45 CFR (a)(1) including addressing the encryption / security of data stored in the Certified EHR Technology in accordance with requirements under 45 CFR (a)(2)(iv) and 45 CFR (d)(3), and implement security updates as necessary and correct any identified security deficiencies as part of the EH s, CAH s or EP s Risk Management process

6 MU Security Objective What is being asked by CMS? All EHs, EPs, and CAHs must conduct (or review a previous SRA) per HIPAA Security Administrative standard during the attestation period. Address the Security / Encryption of Data stored and in use in accordance with HIPPA Technical Standards. Implement security updates as necessary Correct any identified security deficiencies as a part of the risk management process.

7 MU Security Objective Questions Frequently Asked of CPSI When should the SRA be conducted? We already perform one yearly as a part of our hospital policy, do we have to do another or does that one count? Do all findings need to be mitigated by the end of the attestation perioed? How do you conduct a security risk analysis?

8 MU Security Objective How to conduct a Security Risk Analysis National Institute of Standards and Technology (NIST) Assessing Risk A Path to Action

9 MU Security Objective The Assessment Process Data Gathering Monitoring Control Assessment Risk Management Risk Analysis Implementation Risk Identification Planning Source: Assessing Risk: A Path to Action

10 MU Security Objective Implementation Monitoring System Screen Employee Log Rule Based Security Patient Log Data Encryption

11 MU Security Objective Where can I find out more? CPSI Meaningful Use Security Roadmap ONC s Guide to Privacy Security and Security of Health Information Chapter 2 specifically addresses MU

12 MU Security Objectives Direct Messaging Questions

13 Direct Messaging What is Direct Messaging Objectives that Incorporate the use of Direct Messaging

14 Direct Messaging Direct Messaging Requires a HISP (Health Information Service Provider). Allows sharing of information in a secure way

15 Direct Messaging Direct Messaging Simple Secure Scalable Standards-Based

16 What is a HISP? Diagram of HISP (Health Information Service Provider) Sender to Sender HISP Sender s HISP to Receiver s HISP Routing Information Directory Receiver's HISP to Receiver Locate the Servers Push the Message Push the Message Sender s HISP Receiver s HISP Get the Message

17 Direct Messaging Objectives Using Direct Messaging Transition/Summary of Care View Download Transmit

18 Direct Messaging Transfer/Summary of Care Measure A: The eligible hospital that transitions or refers their patient to another setting of care or referral provides a summary of care record for more than 50% of transitions/referrals.

19 Direct Messaging Transfer/Summary of Care Measure B: The eligible hospital that transitions or refers their patient to another setting of care or referral provides a summary of care record for more than 10% of such transitions and referrals electronically (via Direct)

20 Direct Messaging Transfer/Summary of Care Measure C: The eligible hospital must satisfy one of the following Criteria: Conducts a successful electronic exchange of measure B with a recipient who has EHR technology designed by a different vendor than the senders OR Conducts a successful electronic exchange of measure B with the CMS designated test EHR during the reporting period. (EHR- Randomizer)

21 Direct Messaging How can I Prepare? Contact facilities to obtain Direct Addresses. Determine how your facility will exchange information for Measure C: Exchange with a facility who was designed by a different EHR Vendor Exchange with the CMS designated EHR- Randomizer.

22 Direct Messaging View, Download, Transmit Measure A: More than 50% of all unique patients discharged during the reporting period have their information available online within 36 hours of discharge

23 Direct Messaging View, Download, Transmit Measure B (Stage 2 Only): More than 5% of all patients (or authorized representatives) who are discharged view, download or transmit to a 3 rd party their information during the reporting period.

24 Direct Messaging Future Webcast Set-Up and Registration of Direct Messaging Onboarding and Onboarding Process for an organization. Use of Direct Messaging with Non- Certified EHR s

25 MU Security Objectives Direct Messaging Questions