A new security risk assessment (SRA) tool to help guide health care providers in small to medium sized offices conduct risk assessments of their organizations is now available from HHS.
The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). The tool is designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The application, available for downloading at www.HealthIT.gov/security-risk-assessment also produces a report that can be provided to auditors.
HIPAA requires organizations that handle protected health information to regularly review the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, health care providers can uncover potential weaknesses in their security policies, processes and systems. Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data.
Garth Graham, M.D., M.P.H., specializing in cardiology, is the current president of the Aetna Foundation and former deputy assistant secretary at the U.S. Department of Health and Human Services (HHS) during both the Bush and Obama administrations. Here he discusses the Aetna Foundation, improving quality of care, how the health IT community continues to change, how can it best be used as a positive tool for better health outcomes, even at the individual level.
Tell me about the Aetna Foundation and your role within the organization? How does the Foundation impact healthcare community?
The Aetna Foundation is the philanthropic arm of Aetna, Inc. funding a number of activities across the country that promote thought-leadership and community-based impact as well as research around improving health outcomes. As the Foundation’s president, I oversee the philanthropic work, including grant-making strategies aimed at improving the health of people from underserved communities.
Overall, at the Aetna Foundation we seek to impact the healthcare community by supporting research and organizations focused on improving the health and wellness of individuals throughout the United States.
How do you go about working to improve the health status and quality of care of the individual and community?
Our Digital Health Initiative is the most recent example of our efforts to fund both national and local programs that are striving to limit healthcare disparities among vulnerable populations, as well as increase positive health and wellness outcomes for individuals. Through this initiative, we are supporting technology that can empower individuals with the convenience and control to meet their personal health and wellness goals.
We hope that by arming individuals with the best possible tools to improve their health, we can ultimately build healthier communities.
Senator John Thune (R-S.D.), Chairman of the Senate Republican Conference, and Senator Lamar Alexander (R-Tenn.), Ranking Member of the Health, Education, Labor and Pensions Committee, were joined today by several of their colleagues in sending a letter to Health and Human Services (HHS) Secretary Kathleen Sebelius, calling for a one-year extension for health care providers to complete the second stage of the electronic health records (EHR) incentive program, which is increasing the adoption of health information technology by hospitals and physicians across the country.
According a release, “providers who are ready to attest to Stage 2 in 2014 should be able to do so consistent with current policy, and the senators believe the administration must continue to push for interoperability.”
By the end of 2014, more than 500,000 hospitals and physicians will be required to upgrade their existing technology to demonstrate new standards of “meaningful use” to be eligible for the corresponding incentive payments.
Will meaningful use Stage 2 reach patient engagement?
Patient engagement now requires patient action. So says the Department of Health and Human Services in meaningful use stage 2.
As a patient, your physician is counting on you to engage with him or her. It’s up to you, folks, to bring it home. Your physician’s incentive, and ultimately his or her potential non-penalty for Medicare, is on your shoulders.
That’s an awful lot of weight to bear. Can’t you feel it? It’s overwhelming. I’m exhausted just thinking about it.
Seriously, though, I’m confused. Someone please set me straight; seriously.
Meaningful use is now up to the patient? Whether or not I choose to interact with my physician via electronic means determines his/her level of success as gauged by the government?
I’m sure I don’t need to recite the language from the ruling, but I’ll do so for good measure.
In short:
Five percent of more of patients must send secure messages to their physicians (yes, I said “must”)
Five percent or more of patients must access their health information online (yes, I said “must” again)
The language isn’t written in an inviting tone, but one that tries to demand respect. It doesn’t say “may’ or “can,” if says “must.”
Is this a Ray Kinsella moment and HHS’ field of dreams?
“If you build it, he (they) will come,” sounds the whispered voice across the sky.
Cue the sound of rustling corn fields blowing in the wind as each of us imagine memories of our happy places where dreams live on forever.
If this gets built, will we all come and play? How can this be a requirement of our physicians? How can their level of success, the quality of the care they provide, be gauged based on whether or not I choose to interact with them via the web? After all, I want healthcare, not a Facebook friend or a Twitter follower. (I’m using obvious over exaggeration to make a point.)
I am all for patient engagement and believe it will increase given time and effort behind it, but forcing me — as a patient — to do something makes me a little less likely to follow so easily along. I’m not a lemming, and I don’t intend to be.
Sure, five percent seems like a manageable number; not that big of a deal. Surely, it’s just a few people, right?
Until next time, when the number increases to 25 percent of the overall patient population then 50 percent then 75 percent and so on until it’s just mandatory.
What might be the most troubling, though, is how this affects physicians and practices. Engaging patients to receive incentives and keep from being penalized becomes a marketing function, not a care function.
I can see it now: Your doctor will start offering club-type discount cards and try to cajole you with attractive terms like, “Sign up today for the patient portal and after you send just one email to your physician, you’ll be receive a $5 credit to your account.”
Or, perhaps the whole thing will have physicians sounding like to cashiers at Target: “Sign up for your patient portal access today and you’ll not only receive a nifty tote bag for your things, but you’ll get 25 percent off of of your next purchase!”
Lastly, I’m reminded of the lines of credit card pushers lining the student union of every college in the U.S. trying to convince our young and inexperienced that credit is the same as cash, don’t you know.
As noted on HealthWorks Collective, meeting this portion of the stage 2 requirement will take everyone in the practice, not to mention the support of those outside it.
But portals can only facilitate access to patient’s information, but it can’t force the participation of people to do something they don’t want. Requiring physicians and their practices to encourage me to engage with my care providers is up to me, and no matter how useful or entertaining, whether I choose to engage is something I commit to on my own terms.
Just because “they” build (read as “require”) it doesn’t mean I’ll come.