Presentation is loading. Please wait.

Presentation is loading. Please wait.

Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.

Similar presentations


Presentation on theme: "Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security."— Presentation transcript:

1

2 Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security and 42 CFR Part 2 (Confidentiality)

3 Overview Differences between privacy, security and confidentiality Meaningful Use and HIPAA Privacy and Security Understanding and applying 42 CFR Part 2 in Meaningful Use Resources for implementation

4 HIPAA and 42 CFR Part 2 are intended to support (not impede) the appropriate exchange of patient information Exchange of patient information is central to Meaningful Use Ensure understanding of the data sets to be exchanged (Module 9) and what the rules REALLY say about when and how personal health information may be shared among providers What HIPAA really says: usesanddisclosuresfortpo.html What 42 CFR Part 2 really says: A Note on Sharing Patient Information

5 Privacy, Security and Confidentiality Privacy and Security Health Information Protection and Accountability Act (HIPAA) Privacy rules identify national standards (45 CFR Part 160 and Subparts A and E of Part 164)Part 160Part 164 Security rules operationalize these standards (Subparts A and C of Part 164)Part 164 Patient information protected by HIPAA can be exchanged between covered entities in the coordination of patient care without additional consent Protected by DHS Office of Civil Rights, increased penalties in Stage 1 Confidentiality Confidentiality of Alcohol and Drug Abuse Patient Records Act (42 CFR Part 2)42 CFR Part 2 Identifies and operationalizes standards Patient information cannot be exchanged without patient consent Protected be federal law, otherwise, no penalties

6 Core Objective/Measure #15 More about this Objective

7 When Conducted CMS Guidance says “EPs must conduct or review a security risk analysis of certified EHR technology and implement updates as necessary at least once prior to the end of the EHR reporting period and attest to that conduct or review Stage 1, Year 1 “Acquire, Implement, Use” for 90 days – conduct during this 90 days To meet the grant requirement – prior to health information exchange

8 Starting Points – HIPAA and Meaningful Use “ Core Measure 15 - Protect Electronic Health Information” comprehensive ONC resource (National Learning Consortium) measures/protect-electronic-health-information Health Information Privacy and Security 10 Step Plan Nationwide Privacy and Security Framework ty_frame-work/1173 Workflow redesign templates professionals/workflow-redesign-templateshttp://www.healthit.gov/providers- professionals/workflow-redesign-templates

9 Confidentiality Ensure HIPAA Privacy and Security Objective has been met Apply 42 CFR Part 2 only to patient information that emerges from a “treatment provider” (record should be flagged in EHR) To meet the Meaningful Use standard for the grant, apply strategy to PBHCI enrollees Majority of states cannot use state HIEs to exchange patient record that contains confidential information Almost all states are using Nationwide Health Information Network Direct as part of their statewide HIE plan

10 SAMHSA- Federal Initiatives Related to Data Sharing Office of the National Coordinator for Health Information Technology – Behavioral Health Roundtable report_0.pdf Center for Integrated Health Solutions (includes links to SAMHSA 42 CFR Part 2 FAQs) Starting Points – 42 CFR Part 2 and Meaningful Use

11 Summary Privacy, Security and Confidentiality mean different things, especially in Behavioral Health Meet the Objective 15 Measure sooner rather than later to ensure a baseline of quality in the exchange of patient information Privacy and Security allow the exchange of patient information for the coordination of care between HIPAA covered entities without additional consent – check state regulations and then policies and procedures to ensure this barrier to integration are not in place For the exchange of confidential patient health information use Nationwide Health Information Network (NwHIN) Direct NwHIN Direct can be used to meet all HIT-related grant requirements (see Module 8)

12 We Have Solutions for Integrating Primary and Behavioral Healthcare Contact CIHS for all types of primary and behavioral health care integration technical assistance and training needs 1701 K Street NW, Ste 400 Washington DC Web: Phone: Prepared and presented by Colleen O’Donnell, MSW, PMP, CHTS-IM for the Center for Integrated Health Solutions


Download ppt "Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security."

Similar presentations


Ads by Google