Health Centers are made up of many different levels of IT Security & Privacy expertise, both in terms of staff skills and organizational maturity. This resource will help guide both beginners and more advanced staff and leadership to understanding how to best manage and promote security and privacy risk management at their health center.

The outline depicted in the Approach to Health IT-enabled Quality Improvement graphic provides a step-by-step approach to analyzing and enhancing care processes targeted for outcome improvement. Section III provides guidance and tools on addressing each of these steps.

Successful health IT/QI efforts require a firm foundation of people, process, and technology elements.

Origins and Ongoing Refinement of this Guide: The content in this resource is drawn from and builds on widely used CDS/QI tools and strategies that have evolved over the past decade. The HITEQ Center plans to continue refining this Guide based on input from users like you, so please consider sharing your feedback through the comment form.

In this session, participants learned from Harris Health (Texas) and Community Medical Centers Inc. (California) to hear about their expanded services for behavioral health and substance use disorder treatment for justice-involved community members. Attendees learned from these two healthcare providers that have made a commitment to offering care to justice -involved patients, and their journeys to build positive partnerships improving access to service.

In this session, attendees learned from the HITEQ Center and Housing Works about the TelePrEP model. It also showcased the successes and challenges Housing Works faced with regards to their TelePrEP program.

In this session, participants learned about describing one or more quality reporting requirements or programs. Additionally, they will learn how to access measure specifications and value sets, and be able to assess data alignment in the health center setting.

Is your health center currently in the process of implementing or revamping your pre-exposure prophylaxis (PrEP) workflow? This HITEQ webinar taught participants how to use our PrEP Process Mapping Toolkit, which is designed to support team-based learning, reflection, and action on the use of process mapping as a tool to document PrEP clinical and EHR workflows. Your health center team can follow the steps outlined in the toolkit to develop a process map of an existing or planned PrEP service workflow and to identify opportunities to streamline and improve that workflow.

In this HITEQ Highlights webinar, we focused on the intersection of telehealth strategy and operations. One health center's experience of leveraging telehealth as a tool for expanding service delivery and patient access will be a jumping off point from which to consider the benefits (and challenges) of dedicated telehealth resources within an organization. Participants learned how telehealth might benefit recruitment efforts and review relevant resources for ongoing telehealth support.

Copy and paste functionality can support efficiency during clinical documentation, but may promote inaccurate documentation with risks for patient safety. This webinar will discuss three key areas where health centers can consider implementing safe practice recommendations:

• Define copy and paste as a health IT safety issue by identifying the potential patient safety risks
• Review safe practice recommendations and implementation strategies to mitigate health IT-related hazards and safety issues
• Disseminate evidence, tools and practices for implementation

Recent Department of Health and Human Services (HHS) policy is bringing patients unprecedented access to their health information. Join the Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare and Medicaid Services (CMS) in September for an event focused on patient access to health data. The day will bring together patients, providers, payers, and health IT developers to discuss how HHS policies are working in practice and how to maximize the impact of these policies. The event will also highlight educational tools and resources, such as patient-facing apps that enable the availability of patient information and make that health information easier to understand.

Come to the ONC and CMS patient access event to hear more about…

Patients’ experiences accessing their data, including the benefits and challenges they faced along this journey. How the next generation of apps are connecting across new health information sources to bring together patients’ data and preferred tools to act on that data. Clinicians who are at the forefront of helping patients access and understand their data, recognizing patient preferences and privacy concerns. Innovative developers demonstrating how they are making patients’ data actionable, and the implementation challenges they face as they connect sources across the care continuum Health care payers’ their successes and challenges with making data available to patients. Don't miss this opportunity to learn about the latest developments in patient data access and how you can be a part of the path forward.

Registration details to follow soon! Until then, you can find valuable information and resources about the patient’s right to their data on our website. If you would be interested in sharing a patient experience with accessing and using patient data, please share with us at https://www.healthit.gov/feedback.
 

Succeeding with value based care requires using and understanding your health center's clinical and payer data in new and more specific ways. This webinar discussed two key areas where health centers may need to build capability or new processes:

• Managed care payer and payment information to conduct strategic review of health plan contracts.

• The challenge and importance of coding specificity for adequate risk adjustment and quality measurement in value based care arrangements with health plans.

HITEQ will be joined by subject matter experts from Primary Care Development Corporation and Starling Advisors who will share resources for developing these areas within your own health center.

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches, and the risk continues to grow as health centers use new tools and the introduction of artificial intelligence (AI). As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. 

To support health centers in their cybersecurity strategy and implementation, the HITEQ Center offered a free learning collaborative -- Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation, and Response. This learning collaborative involved four structured virtual learning sessions. During the series participants engaged with subject matter experts and their colleagues in peer-to-peer learning and discussion. Topics included: health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, cybersecurity implications of generative artificial intelligence in health centers, and incident response planning from a cybersecurity perspective.

Session 4: Cybersecurity Incident Response Planning for Health Centers

According to IBM's annual Cost of Data Breach Report, the average cost of a data breach for a healthcare organization is more than $10 million. Having a well-documented cybersecurity incident response plan is essential and required for all Health Centers due to the sensitivity of the patient data they are responsible for maintaining. The cost and damage caused by a data breach is often exorbitant, but a strategic incident plan can help to significantly mitigate such effects, and potentially, prevent them from occurring in the first place. This session will provide an overview of incident response planning requirements for health centers and review established workflows for common incident response scenarios such as ransomware attacks.

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches, and the risk continues to grow as health centers use new tools and the introduction of artificial intelligence (AI). As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. 

To support health centers in their cybersecurity strategy and implementation, the HITEQ Center is offering a free learning collaborative -- Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation, and Response. This learning collaborative will involve four structured virtual learning sessions. During the series participants engaged with subject matter experts and their colleagues in peer-to-peer learning and discussion. Topics included: health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, cybersecurity implications of generative artificial intelligence in health centers, and incident response planning from a cybersecurity perspective.

Session 3: Cybersecurity Implications of Generative Artificial Intelligence in Health Centers

Generative Artificial Intelligence (AI) technologies (e.g., ChatGPT, Google Bard) has exploded in 2023, catapulting new forms of rapid processing of text, audio, visual data (i.e., large language models and machine learning) to the forefront including in healthcare. The rapid rise forces health centers to grapple with what possibilities AI has to offer and it’s many potential risks. Both in terms of provision of care as well as in management of IT and related services. As these new tools are introduced and integrated to address acute and future needs, it becomes critically important to ensure that patients' data remains secure. This session will discuss recommendations and strategies for assessing risk and improving cybersecurity policies and procedures in relation to AI and it’s attendant technologies.

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches, and the risk continues to grow as health centers use new tools and the introduction of artificial intelligence (AI). As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. 

To support health centers in their cybersecurity strategy and implementation, the HITEQ Center is offering a free learning collaborative -- Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation, and Response. This learning collaborative will involve four structured virtual learning sessions. During the series participants will engage with subject matter experts and their colleagues in peer-to-peer learning and discussion. Topics will include: health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, cybersecurity implications of generative artificial intelligence in health centers, and incident response planning from a cybersecurity perspective.

Session 2: Health Center Hacking Combat and Breach Response Strategies for Awareness, Management, and Training

In this session, we discussed breach mitigation, ways in which to operationalize cybersecurity in order to better mitigate risks, reviewed risk management tools, and methods for defending against cybersecurity attacks. Breach can occur through both internal and external network leaks, through malware such as ransomware and through physical means on site. We covered topics related to general knowledge about breach mitigation, methods for mitigating against breach incidences, and addressing gaps in health center defenses.

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches, and the risk continues to grow as health centers use new tools and the introduction of artificial intelligence (AI). As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department.

To support health centers in their cybersecurity strategy and implementation, the HITEQ Center is offering a free learning collaborative -- Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation, and Response. This learning collaborative will involve four structured virtual learning sessions. During the series participants will engage with subject matter experts and their colleagues in peer-to-peer learning and discussion. Topics will include: health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, cybersecurity implications of generative artificial intelligence in health centers, and incident response planning from a cybersecurity perspective.

Session 1: Identifying and Assessing Cybersecurity Risks at Your Health Center
In the kick-off to our cybersecurity learning collaborative, we sought to build knowledge and increase Health Centers' capacity to effectively prepare for and defend against the current onslaught of malware and ransomware attacks being levied against them. Participants looked at ways to build cybersecurity infrastructure through risk management frameworks and strategic risk assessment, with a focus on protecting information across the whole organization.
 

Since the 21 Century Cures Act Information Blocking Rule went into effect in 2021, electronic health information (EHI) has become more available than ever as it is posted to portals, sent through health information exchanges, and available via health-related apps upon request by patients. As the availability of EHI has increased, so too have concerns about the privacy of EHI. Like other actors, health centers are faced with new compliance challenges, including how to best protect sensitive EHI, how to respond to patient requests to restrict access to their EHI, and how to respond when patients request changes to their EHI. Health centers must navigate complex and, at times, conflicting federal and state laws and regulations. This webinar focused on how to navigate these challenges while complying with the Information Blocking Rule.

Collecting sensitive patient information, including data related to Sexual Orientation and Gender Identity (SOGI), is a critical part of operations for many health centers, especially FQHCs. Though required by many funding and reporting systems, for example, Ryan White HIV/AIDS Program Services, integrating how to capture these data in respectful and consistent ways may be a challenge. Based on  experience from an FQHC in Washington, DC with special expertise in LGBTQ+ and HIV Care, the process of training staff and implementing SOGI data-related workflows will be described, including subsequent measurement and Quality Improvement initiatives. Details include examples of registration forms, staff training materials, EMR workflows, and patient-facing resources. The importance of creating affirming spaces to help support effective medical care was also discussed.

Data standards initiatives and the Uniform Data Set (UDS) Modernization initiative aim to reduce reporting burden through easing data exchange, improve data quality, and better measure services and outcomes. In the coming years, health centers will be expected to use FHIR, a data standard that is becoming more common, to submit UDS+ along with other information (such as public health reporting). Experts involved in preparation for UDS+ and similar initiatives with CMS joined to share their experiences and reflect on what health centers should be aware of as they prepare for the future of UDS and other reporting.

When clinical teams have information on patients' social risks (adverse social determinants of health), they can make care plan adjustments to account for those risks, e.g., by prescribing lower-cost medications. Come hear about a team that worked with stakeholders from primary care community health centers to develop a set of EHR-based tools intended to support making such adjustments in care for patients with hypertension and / or diabetes. This talk described the tool development process, results from pilot testing the tools in three clinic sites, and how the tools were revised in response to pilot process learnings.