Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving Patient Outcomes through Secure Data Exchanges Michael L. Nelson, DPM VP of Healthcare Strategy, Equifax.

Published byJuliet Mayes Modified over 9 years ago

Similar presentations

Presentation on theme: "Improving Patient Outcomes through Secure Data Exchanges Michael L. Nelson, DPM VP of Healthcare Strategy, Equifax."— Presentation transcript:

1 Improving Patient Outcomes through Secure Data Exchanges Michael L. Nelson, DPM VP of Healthcare Strategy, Equifax

2 Learning Objectives 1.Review HIPAA privacy rule and ways to implement the ruling in patient portals and information exchanges 2.How to prevent inappropriate access to PHI and PII 3.Explore identity-proofing processes

3 Institute for Healthcare Improvement Triple Aim 1.Improve the health of the population 2.Enhance patient experience and outcomes 3.Reduce per capita cost of care Achieving the Triple Aim will require coordination of care driven by secure, private, interoperable health information exchange which in turn relies upon: Unambiguous Patient Identification Encrypted Internet Communications Trust Hierarchy and Authentication

4 1996 HIPAA Administrative Simplification Improve the efficiency and effectiveness of the health care system by standardizing the electronic data interchange of certain administrative and financial transactions. Protect the security and privacy of transmitted information. Title II - Subtitle F – Administrative Simplification

5 Unambiguous Patient Identification Patient records are dispersed across multiple treatment facilities and geographies that have disparate technologies False positive medical record matches co-mingle information from 2 or more different people – safety issue False negative medical record matches fail to link multiple records for the same person resulting in a fragmented, incomplete EHR which can compromise outcomes Although a unique patient identifier is written into the HIPAA law, the federal govt. refuses to fund its creation due to privacy concerns of consumer groups

6 Unambiguous Patient Identification The current state of patient matching is unacceptable ONC, CHIME, AHIMA, AHA, and other industry groups have prioritized improving match accuracy in light of the digitization of medical records and meaningful use requirements Master Patient Index match accuracy is limited by the quality of the data being fed into the matching algorithms Address changes and name changes due to marriage and divorce are the biggest culprits when it comes to matching Reliable 3 rd party data solution company is a great solution for improving patient matching

7 Unambiguous Patient Identification Each yr., 200K-300K counterfeit driver’s licenses are introduced in the U.S. – Registrars are not trained to detect counterfeit driver’s licenses – Many patients do not have driver’s licenses All other patient information is self-reported on a registration form – Can be falsely reported – Fat finger errors Increased patient payment responsibility due to high deductibles and co-payments creates an environment ripe for fraud – Medical identity theft is the fastest growing fraud in the U.S. Biometrics? – You had best identity-proof the patient before linking a biometric to him

8 Evolution of the Healthcare Paradigm Quality Reports to Clinicians, Payers, And Public AHRQ Best Practice Rules Lab Pharmacy Lab Pharmacy External Data Sources Public Health Patient Electronic Health Record System Paper Records Clinical Decision Support System Complete the Feedback Loop Clinicians Secure HIE Network

9 Future for Healthcare Goal: Best Care at Lower Cost. Means: Clinician/Patient direct interaction with Clinical Decision Support System (CDSS) (“Meaningful Use”), Evidence-Based Medicine (EBM) Drivers: HIE + EHR + CDSS + EBM => SAVES LIVES and $$$ – Interoperable HIE is KEY to Meaningful Use of HIT which, in turn, is KEY to continuously learning healthcare system! Requires: EHR (with CDSS, EBM, and HIE) and: – Interoperability with sources of clinical data and sources of computable rules for best clinical practices (Standards). – Incentives to incorporate into healthcare practice (Resources and Regulations). – Investigations of systemic failures to enable systems that detect and prevent errors through best practices at the point of decision making (Research). – Trust through interoperable security and privacy (including patient consent).

10 Future for Healthcare Health Information Exchange – Verb – Noun Physician Engagement Patient Engagement Must prevent inappropriate access to PHI – Is the doctor who he says he is? – Does the doctor have an active license at that point in time? – Is the doctor sanctioned federally or in any state? – Is the patient or the patient’s representative who he says he is?

11 TRUST Requires Assurance of Identity High level of assurance that the person who is sending information is who say they are. High level of assurance that the person who is receiving information is who we think they are. High level of assurance that the patient identified in the information is who we think they are. These mechanisms are dependent on high assurance identity proofing and multi-factor authentication. – Certified NIST Level 3 compliant assurance now available commercially at reasonable prices.

12 HIPAA Security Rule of Thumb Assess risk. – Identify & assess risks/threats to electronic information: Availability, Integrity, and Confidentiality – Consider the probability and criticality of each potential risk. Manage risk. – Consider size, complexity, technical infrastructure, hardware, and software security capabilities, and costs. – Implement reasonable and appropriate administrative, physical, and technical security safeguards. Educate/Train. Document and Monitor. Repeat cycle periodically … forever! – “Reasonable and appropriate” used 75 times in 75 page reg.

13 Identity Assurance is the Backbone of Trust Risk Analysis determines the level of identity authentication required under HIPAA. – Clinical environments require frequent, repetitive logons by staff from relatively secure locations where other factors limit access by unknown persons. Username and password are often considered adequate here. If not, the controlled environment allows other factors to be used. – ID cards, RFID chips, tokens, fingerprints. – Unsecured environments require stronger authentication. Home, hotel, Starbucks, … Cannot use additional hardware or software. Cannot scale expensive mechanisms such as portable devices (tokens) to consumers.

14 Conclusions Improving Patient Outcomes – Unambiguous Patient Identification Back End – Cleanse MPI leveraging 3 rd party reliable data to link all of a patient’s historical records into a complete EHR Front End Registration/Enrollment – Identity proof patients and their representatives to prevent false positive matches – Security Risk Assessments – Encrypted Internet Communications Desk tops, laptops, flash drives, medical devices – Trust Hierarchy and Authentication Access management and prevention of inappropriate access to PHI and PII

Download ppt "Improving Patient Outcomes through Secure Data Exchanges Michael L. Nelson, DPM VP of Healthcare Strategy, Equifax."

Similar presentations

A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.

A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.
Adoption of Electronic Healthcare Records

Adoption of Electronic Healthcare Records
Community of Interest for Patient Identifiers AGENDA 1.NHII’s Unique Health Information Identification Requirements - Soloman I. Appavu, SIG Leader 2.Identification.

Community of Interest for Patient Identifiers AGENDA 1.NHII’s Unique Health Information Identification Requirements - Soloman I. Appavu, SIG Leader 2.Identification.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.

Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Security Controls – What Works

Security Controls – What Works
Bringing Technology to the Rural Hospital Rural Telecon ‘07 October 17, 2007.

Bringing Technology to the Rural Hospital Rural Telecon ‘07 October 17, 2007.
2 The Use of Health Information Technology in Physician Practices.

2 The Use of Health Information Technology in Physician Practices.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Copyright 2012 Delmar, a part of Cengage Learning. All Rights Reserved. Chapter 13 Health Information Systems and Strategy.

Copyright 2012 Delmar, a part of Cengage Learning. All Rights Reserved. Chapter 13 Health Information Systems and Strategy.
Risk management planning related to Health Information Technology

Risk management planning related to Health Information Technology

Similar presentations

Ads by Google