X
GO
Privacy & Security Resources

Sensitive Information and the Electronic Patient Record

HITEQ Center, June 2023

Molly Rafferty 0 1933

With nearly 100% of community health centers utilizing electronic health records (EHR) to care for patients, focus has pivoted from implementation and new workflow development to enhancement in order to drive value and reflect patient needs and population trends. EHR technology presents potential opportunities and significant constraints. Providers frequently document and share potentially sensitive information in the EHR, such as risk for intimate partner violence (IPV), consistent offers of pre-exposure prophylaxis (PrEP), or patient sexual orientation and gender identity (SOGI). Capturing such information can be immensely helpful in providing care tailored to individuals’ needs, but additionally challenges teams to develop workflows that keep the data private rather than risk harm to patients through improper or unintended disclosure.

Navigating Compliance Challenges with the Information Blocking Rule: A Collection of Case Studies

HITEQ Center and Feldesman Tucker Leifer Fidell LLP, September 2023

Molly Rafferty 0 472

The Office of the National Coordinator for Health Information Technology’s (ONC) 21st Century Cures Act Information Blocking Rule (Info Blocking Rule) prohibits covered actors – including health care providers, health IT developers of certified health IT, and health information exchanges/health information networks– from engaging in practices likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information (EHI). The Info Blocking Rule includes eight exceptions that provide actors with certainty that, when their practice interferes with the access, exchange, or use of EHI and meets the conditions of one or more exception, such practice will not be considered information blocking. An actor’s practice that does not meet all the conditions of an exception will be evaluated on a case-by-case basis to determine whether information blocking has occurred.

A Guide to Essential Cybersecurity Tasks for Health Centers

For health centers with limited resources, developed in June 2023

HITEQ Center 0 1314

In an increasingly connected healthcare landscape, health centers face a dual challenge: the rising tide of cyber threats and the need to comply with stringent data protection regulations, all while managing limited resources. The ever-evolving nature of cyberattacks and the complexity of compliance requirements make it essential for health centers to prioritize cybersecurity tasks effectively.
Many Health Center leaders, IT Managers, and Compliance Directors are trying to ensure that they are properly addressing the ongoing tasks related to compliance and security. This guide provides the baseline of day-to-day tasks that health center IT and Compliance staff should consider to protect their systems and comply with regulatory requirements.

Office of the National Coordinator for Health IT (ONC’s) Cures Act Final Rule Webinar

March 2020 Webinar from ONC

Alyssa Carlisle 0 9984
HHS recently released the Office of the National Coordinator for Health IT (ONC’s) Cures Act Final Rule that will help give patients safe, secure access to their health data, spur innovation, and address industry-wide information blocking practices. The final rule implements interoperability provisions of the bipartisan 21st Century Cures Act and promotes patient access to their health record. Putting patients in charge of their health records is a key piece of patient control in health care, and patient control is at the center of our work toward a value-based health care system.

Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation, and Response - Session 4 Cybersecurity Incident Response Planning for Health Centers

HITEQ Learning Collaborative Series

Jodie Albert 0 4730

 

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative addressed health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

 

This series will equip health centers and their staff to:  

 

  1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
  2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
  3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
  4. Adopt cybersecurity risk management paradigms and incident response planning templates.

 

This learning collaborative will provide participating health centers a series of four structured virtual learning sessions where they will engage with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

 

Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation and Response - Session 3 Mitigating Cybersecurity Risk for RPM and Telehealth Programs

HITEQ Learning Collaborative Series

Jodie Albert 0 4949

 

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative addressed health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

 

This series will equip health centers and their staff to:  

 

  1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
  2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
  3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
  4. Adopt cybersecurity risk management paradigms and incident response planning templates.

 

This learning collaborative will provide participating health centers a series of four structured virtual learning sessions where they will engage with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

 

Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation and Response - Session 2 Health Center Hacking Combat and Breach Response Strategies

HITEQ Learning Collaborative Series

Jodie Albert 0 4245

 

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative addressed health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

 

This series equipped health centers and their staff to:  

 

  1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
  2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
  3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
  4. Adopt cybersecurity risk management paradigms and incident response planning templates.

 

This learning collaborative provided participating health centers a series of four structured virtual learning sessions where they engaged with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

 

Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation and Response - Session 1 Identifying and Assessing Cybersecurity Risks at Your Health Center

HITEQ Learning Collaborative Series

Jodie Albert 0 4357

 

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative will address health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

 

This series will equip health centers and their staff to:  

 

  1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
  2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
  3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
  4. Adopt cybersecurity risk management paradigms and incident response planning templates.

 

This learning collaborative will provide participating health centers a series of four structured virtual learning sessions where they will engage with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

 

RSS

Acknowledgements

This resource collection was cultivated and developed by the HITEQ team with valuable suggestions and contributions from HITEQ Project collaborators.

Looking for something different or have something you think could assist?

HITEQ works to provide top quality resources, but know your needs can be specific. If you are just not finding the right resource or have a highly explicit need then please use the Request a Resource button below so that we can try to better understand your requirements.

If on the other hand you know of a great resource already or have one that you have developed then please get in touch with us by clicking on the Share a Resource button below. We are always on the hunt for tools that can better server Health Centers.

Request a Resource  Share a Resource
Search
Highlighted Resources & Events
Need Assistance?
Would you like more assistance regarding Privacy & Security strategies or support in using any of the include resource sets?

  Request Support

 

The Quadruple Aim
Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More >

Quick Feedback Request