A new security risk assessment (SRA) tool to help guide health care providers in small to medium sized offices conduct risk assessments of their organizations is now available from HHS.
The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). The tool is designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The application, available for downloading at www.HealthIT.gov/security-risk-assessment also produces a report that can be provided to auditors.
HIPAA requires organizations that handle protected health information to regularly review the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, health care providers can uncover potential weaknesses in their security policies, processes and systems. Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data.
Guest post by Andy Nieto, health IT strategist, DataMotion.
The HITECH Act’s goal of improving clinical outcomes for patients using technology through meaningful use is admirable and quite overdue. However, where the Office of the National Coordinator for Health Information Technology (ONC), and to a much greater extent, electronic health records (EHR), have missed the mark is in the deployment and execution.
The stated goal of meaningful use Stage 1 (MU1) was to deploy, integrate and use EHRs to gather and document “structured and coded” healthcare data. Rather than take ONC’s directives as a framework to improve provider care tools, they viewed it as a “minimum requirement” and missed the spirit of the initiative. EHRs remain cumbersome, challenging and inefficient.
Providers now spend more time clicking boxes and typing than they do speaking to their patients. To make matters worse, the data gathered is maintained in the EHR’s “unique” way, making exchange and interaction challenging and interfaces costly.
It is no surprise many hospitals and eligible professionals are “heads down” on meaningful use Stage 2 preparations. EHR upgrades, evaluating performance against increased thresholds for carry-over objectives from Stage 1, and delving into the technical, procedural and workflow complexities of many new objectives has caught many providers off guard, particularly those for whom meeting Stage 1 was a relatively easy goal.
Two very challenging areas for Stage 2 for most eligible hospitals (EHs) and eligible professionals (EPs) are the objective “Summary of Care Record at Transitions of Care (ToC)” and those that relate to Public Health reporting.
For these objectives, it is not necessarily the performance thresholds that present the challenge, rather the EHR functional requirements, the requirements-behind-the-requirements, or the workflows that are the cause of consternation. These objectives and their unique challenges are described below:
Summary of Care Record at Transitions of Care (ToC).
This objective is challenging on two fronts. First, the population and generation of the Summary of Care Record (the “Record”), and second, the actual transmission of that document at transitions of care to intended recipients.
According to the latest Centers for Disease Control and Preventions’ National Center for Health Statistics survey of 2011 EHR adoption trends, released on July 17, use of EHRs is up to 55 percent of practicing physicians. That’s a 5 percent increase from 2010, also according to a CDC survey.
The survey of 3,180 physicians was funded by the Health and Human Services Department’s Office of the National Coordinator for Health Information Technology. More than 55 percent of all physicians use and EHR (and more than 86 percent of physicians in practices with 11 or more physicians use an EHR). Physicians also value their current EHRs more compared to past iterations of the systems and, finally, respondents said the care they provide to patients is better than in the past because of the EHRs.
Problem: there’s no data in the survey to support this final claim.
Obviously, EHRs are intended to improve care, whether at the individual level or at the practice level. However, physicians accessing patient data through the records should be tracked and made quantifiable.
Practices using EHRs have the power to change lives for the better, manage care and ensure proper care is provided throughout a patient’s care plan. Practices can and should track how care initiatives have changed with the implementation of an electronic health record and how their patient populations’ health benefits.
Simply stating that patient care has improved when a practice uses an EHR is an immeasurable statement. Innovative practices find ways to track these outcomes whether it means there are fewer chronic conditions among their patients or that their patient populations’ life expectancy actually increased over a period of time (as can be measured and in some cases has been done).
The ONC needs to do more to encourage physicians to move beyond meaningful use stimulus, which is driving the increased use of EHRs. And while the data collected from surveys such as this are important, as I continue to say, they don’t tell the whole story of how technology can improve healthcare.
And throwaway statements indicating immeasurable “facts” does nothing more than generate misleading headlines.