Childhood Obesity Preventer

Many health centers struggle to reap the benefits of technological advancement and investments in health information technology (health IT), while others embrace them and reap rewards. Interoperability is one such example; requiring health centers assess systems, relationships, and implementation.

There are keys to successful interoperability implementation for which health centers must develop processes, stand up infrastructure (within the system, internally and externally, and organization), and then take action.

Process refers to structured processes, policies, and procedures within the health center.

Infrastructure refers to structural capacity and ability within the health center’s technology and staffing structure.

Action refers to full implementation to the point of active and ongoing use and engagement.

This scorecard encourages health centers to consider their processes, infrastructure, and action in a number of key areas. Each area key to interoperability are to be self-graded on a scale of 1 through 5, where 1 is poorly or not yet developed and 5 is well developed. Health centers can also use this to guide discussions and monitor progress over time.

This webinar discussed the importance and unique considerations for cyberthreats in pediatric health care settings, followed by a Security Risk Assessment (SRA) Tool walkthrough.

A well-done security risk assessment (SRA) will identify security vulnerabilities across the breadth of a healthcare organization's health information systems. Factors will include policy, organizational and technical related requirements to privacy and security measures. ONC, in recognizing the complexity of this task for small to medium healthcare providers developed a toolkit to assist in conducting SRAs.

In order to comply with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), you need to maintain an ongoing security program. The HIPAA Security Rule mandates security standards to safeguard electronic protected health information (ePHI) maintained by electronic health record (EHR) technology, with detailed attention to how ePHI is stored, accessed, transmitted, and audited. This rule is different from the HIPAA Privacy Rule, which requires safeguards to protect the privacy of protected health information (PHI) and sets limits and conditions on the use and disclosure of PHI. 

From the ONC YouTube website:

HIPAA requires practices to assess their PHI as part of their risk management process. Learn more about a risk assessment and how your practice can benefit.

Conducting or reviewing a security risk analysis to meet the standards of Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule is included in the meaningful use requirements of the Medicare and Medicaid EHR Incentive Programs.