Childhood Obesity Preventer

Many health centers struggle to reap the benefits of technological advancement and investments in health information technology (health IT), while others embrace them and reap rewards. Interoperability is one such example; requiring health centers assess systems, relationships, and implementation.

There are keys to successful interoperability implementation for which health centers must develop processes, stand up infrastructure (within the system, internally and externally, and organization), and then take action.

Process refers to structured processes, policies, and procedures within the health center.

Infrastructure refers to structural capacity and ability within the health center’s technology and staffing structure.

Action refers to full implementation to the point of active and ongoing use and engagement.

This scorecard encourages health centers to consider their processes, infrastructure, and action in a number of key areas. Each area key to interoperability are to be self-graded on a scale of 1 through 5, where 1 is poorly or not yet developed and 5 is well developed. Health centers can also use this to guide discussions and monitor progress over time.

This training guide provides patients with knowledge and awareness about cybersecurity threats to protect their personal health data and to minimize risks from computer viruses and malware.

From the OCR: The Privacy Rule protects individually identifiable health information from unauthorized or impermissible uses and disclosures. The Rule is carefully designed to protect the privacy of health information, while allowing important health care communications to occur. These pages address the release of protected health information for planning or response activities in emergency situations.  In addition, please view the Civil Rights Emergency Preparedness page to learn how nondiscrimination laws apply during an emergency.

From the OCR: Severe disasters – such as Hurricanes Harvey, Irma, and Maria – impose additional challenges on health care providers. Often questions arise about the ability of entities covered by the HIPAA regulations to share information, including with friends and family, public health officials, and emergency personnel. As summarized in more detail below, the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving the care they need. In addition, while the HIPAA Privacy Rule is not suspended during a public health or other emergency, the Secretary of HHS may waive certain provisions of the Privacy Rule under the Project Bioshield Act of 2004 (PL 108-276) and section 1135(b)(7) of the Social Security Act.

The Office for Civil Rights (OCR) has recently announced the release of a new set of FAQs that seeks to address whether business associates of a HIPAA covered entity may block or terminate access by the covered entity to the protected health information maintained by the business associate for or on behalf of the covered entity.

Conducting or reviewing a security risk analysis to meet the standards of Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule is included in the meaningful use requirements of the Medicare and Medicaid EHR Incentive Programs.