X
GO
Resource Overview

Conducting an SRA in accordance with HIPAA policy is a complex task, especially for small to medium providers such as community health centers. The HIPAA Security Rule mandates security standards to safeguard electronic Protected Health Information (ePHI) maintained by electronic health record (EHR) technology, with detailed attention to how ePHI is stored, accessed, transmitted, and audited. This rule is different from the HIPAA Privacy Rule, which requires safeguards to protect the privacy of PHI and sets limits and conditions on it use and disclosure. Meaningful Use supports the HIPAA Security Rule. In order to successfully attest to Meaningful Use, providers must conduct a security risk assessment (SRA), implement updates as needed, and correctly identify security deficiencies. By conducting an SRA regularly, providers can identify and document potential threats and vulnerabilities related to data security, and develop a plan of action to mitigate them.

Security vulnerabilities must be addressed before the SRA can be considered complete. Providers must document the process and steps taken to mitigate risks in three main areas: administration, physical environment, and technical hardware and software. The following set of resources provide education, strategies and tools for conducting SRA.

Security Risk Analysis Resources

FAQ: How will the upcoming changes to the Information Blocking and EHR certification requirements impact health centers?

October 2022

Molly Rafferty 0 2734

During the 4th quarter (October to December) of 2022, there are two major health information technology (HIT) requirement changes, with potential for significant implications to health centers. Read this FAQ to find out how your health center can respond.

 

Health Center Case Examples in Coding and Documenting Social Risks: Introduction

Privacy and Data Sharing Considerations | HITEQ Learning Collaborative

HITEQ Center 0 9337

Are you capturing information like immigration or refugee status, intimate partner violence, human trafficking, risk of acquiring HIV through sexual contact or substance use disorder, or other information that brings up questions about how to document or code while respecting the patient’s privacy?

This health center learning collaborative series will present health center case examples that explore the privacy and data sharing considerations of EHR documentation of sensitive patient information, such as social history and social risk, and encourage participants to discuss the implications for health centers and their patients. 

Health Center Case Examples in Coding and Documenting Social Risks

Immigration Case Example | Privacy and Data Sharing Considerations | HITEQ Learning Collaborative

HITEQ Center 0 8409

Are you capturing information like immigration or refugee status, intimate partner violence, human trafficking, risk of acquiring HIV through sexual contact or substance use disorder, or other information that brings up questions about how to document or code while respecting the patient’s privacy?

This health center learning collaborative series presented health center case examples that explore the privacy and data sharing considerations of EHR documentation of sensitive patient information, such as social history and social risk, and encourage participants to discuss the implications for health centers and their patients. 

Health Center Case Examples in Coding and Documenting Social Risks

Privacy and Data Sharing Considerations | HITEQ Learning Collaborative

HITEQ Center 0 8582

Are you capturing information like immigration or refugee status, intimate partner violence, human trafficking, risk of acquiring HIV through sexual contact or substance use disorder, or other information that brings up questions about how to document or code while respecting the patient’s privacy?

This health center learning collaborative series presented health center case examples that explored the privacy and data sharing considerations of EHR documentation of sensitive patient information, such as social history and social risk, and encouraged participants to discuss the implications for health centers and their patients. 

Health Center Case Examples in Coding and Documenting Social Risks

Intimate Partner Violence Case Example | Privacy and Data Sharing Considerations | HITEQ Learning Collaborative

HITEQ Center 0 8120

Are you capturing information like immigration or refugee status, intimate partner violence, human trafficking, risk of acquiring HIV through sexual contact or substance use disorder, or other information that brings up questions about how to document or code while respecting the patient’s privacy?

This health center learning collaborative series presented health center case examples that explored the privacy and data sharing considerations of EHR documentation of sensitive patient information, such as social history and social risk, and encouraged participants to discuss the implications for health centers and their patients. 

Health Center Case Examples in Coding and Documenting Social Risks

Roundup of Final Privacy and Data Sharing Considerations and Takeaways | HITEQ Learning Collaborative

HITEQ Center 0 7672

Are you capturing information like immigration or refugee status, intimate partner violence, human trafficking, risk of acquiring HIV through sexual contact or substance use disorder, or other information that brings up questions about how to document or code while respecting the patient’s privacy?

This health center learning collaborative series presented health center case examples that explored the privacy and data sharing considerations of EHR documentation of sensitive patient information, such as social history and social risk, and encouraged participants to discuss the implications for health centers and their patients. 

Insights from the Field: Key Considerations for Implementing Health Information Exchange

Published August 2021

Molly Rafferty 0 8864

As medical care facilities seek to support patient safety and be responsive to their complete medical needs and histories, health centers also recognize that establishing an infrastructure for data sharing must be a top priority. Better practices for Health Information Exchange (HIE) increase patient wellbeing by giving providers more complete information for clinical decision making, eliminating unnecessary procedures and tests, reducing the burden of paperwork, and lowering costs. In 2020, HITEQ interviewed five groups that implemented clinical data sharing infrastructure in health care settings, including Federally Qualified Health Centers (FQHCs). A set of example use cases were developed from these interviews, and we identified ten themes that may help guide other organizations interested in implementing HIE. Information from 1424 qualified health centers and health center look-alikes from the CY2019 Uniform Data Set also informed the current impact of data sharing, indicating that technology and potential workflows exist to support HIE within FQHCs.

View the key considerations gleaned from this research to identify lessons learned related to establishing HIE within a health center setting. The resource is available in the Documents to Download section below.

Health Center Information Blocking Avenger

A HITEQ Center Training Badge

HITEQ Center 0 15218

In March 2019, the Office of the National Coordinator for Health Information Technology (ONC) issued a Proposed Rule, 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. ONC released a final rule in March 2020, published in the Federal Register on May 1, 2020. The Final Rule on Information Blocking prohibits actors from blocking the exchange of electronic health information and seeks to increase the ease and choices available for patients to access their data

Click Read More below to understand how this impacts health centers.

HITEQ Highlights: Health Centers as Actors (in Information Blocking)!

HITEQ Highlights Webinar

Jodie Albert 0 2199

Join the HITEQ Center to discuss approaches to balance patient confidentiality, sensitive situations, vulnerable populations, and meeting the provisions in CURES act and information blocking. How should health centers best prepare themselves and their staff to meet the information blocking provisions and better serve our patient population?

RSS

Acknowledgements

This resource collection was cultivated and developed by the HITEQ team with valuable suggestions and contributions from HITEQ Project collaborators.

Looking for something different or have something you think could assist?

HITEQ works to provide top quality resources, but know your needs can be specific. If you are just not finding the right resource or have a highly explicit need then please use the Request a Resource button below so that we can try to better understand your requirements.

If on the other hand you know of a great resource already or have one that you have developed then please get in touch with us by clicking on the Share a Resource button below. We are always on the hunt for tools that can better server Health Centers.

Request a Resource  Share a Resource
Learning Progress
Quick Feedback Request
Highlighted Resources & Events
Need Assistance?
Would you like more assistance regarding Privacy and Security strategies or support in using any of the include resource sets?

  Request Support

 

The Quadruple Aim
Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More >