ADDING VALUE BY AUDITING HEALTH INFORMATION IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA
|
|
- Dominick Owens
- 6 years ago
- Views:
Transcription
1 1 ADDING VALUE BY AUDITING HEALTH INFORMATION EXCHANGE IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA PROTIVITI AHIA 31 st Annual Conference August 26-29, 2012 Philadelphia PA
2 Speakers Alex Robison Alex is a Managing Director and serves as Protiviti s Western Region Healthcare Practice Leader and is part of the firm s National Healthcare Industry Revenue Assurance and Compliance practice. He has more than 15 years professional experience in providing operational, financial, information technology and regulatory consulting and internal audit services to the healthcare id industry. Pi Prior to entering consulting, li Alex worked for a large multi-regional i l healthcare h system responsible for integrating Managed Care HMO protocols with Federally regulated Medicare guidelines for Health Care delivery. David Zavala David is a Senior Manager in Protiviti s Dallas office. He has 11 years of experience in technology; specializing in design, implementation, and management of healthcare information systems. David has spent the last 6 years working with healthcare organizations undergoing large-scale Health Information Exchange initiatives. Prior to this, David was responsible for overseeing EHR implementations for large multi-hospital systems as well as smaller communitybased ambulatory practices. 2
3 The culture of an industry That it will ever come into general use, notwithstanding its value, is extremely doubtful because its beneficial application requires much time and gives a good bit of trouble, both to the patient and to the practitioner because its hue and character are foreign and opposed to all our habits and associations. i The London Times, in 1834, commenting on... 3
4 The culture of an industry the stethoscope. 4
5 The culture of an industry 5
6 6 Background
7 The ARRA and HITECH The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA). The HITECH Act includes more than $19 billion to help develop a robust IT infrastructure and data exchange capabilities for healthcare, as well as to assist providers and other entities in adopting and using Health Information Technology (Health IT), including the implementation and Meaningful Use of Electronic Health Records (EHR). 7
8 Demonstrating Meaningful Use Under the HITECH Act and the Medicare and Medicaid EHR Incentive Program, federal incentive payments will be available to doctors and hospitals when they adopt EHRs and demonstrate use in ways that can improve the quality, safety, and effectiveness of care. This is commonly referred to as demonstrating Meaningful Use. The three primary components of Meaningful Use are: 1. The use of a certified EHR in a meaningful manner, such as e-prescribing. 2. The use of certified EHR technology for electronic exchange of health information to improve quality of health care. 3. The use of certified EHR technology to submit clinical quality and other measures to CMS. 8
9 Meaningful Use The Road Ahead The criteria for Meaningful Use will be staged over the course of the next several years. Stage 1 (2011 and 2012) sets the baseline for electronic data capture and information sharing using EHRs. Stage 2 (delayed until 2014) will focus on data sharing, patient engagement, and Health Information Exchange. Stage 3 (expected to begin in 2015) and will continue to expand on previous baselines to improve clinical outcomes, presumably with enhanced quality reporting measures. 9
10 What is Health Information Exchange? The ONC defines Health Information Exchange as The electronic exchange of healthcare information across organizations within a region, community or hospital system, according to nationally recognized standards. HIEs provide the capability to electronically move clinical information among disparate health information systems in an effort to facilitate efficient and effective access to a complete patient record. 10
11 Critical Challenges of Health Information Exchange Developing a sustainable business model Addressing government policy and mandates Defining the value-add to the users of HIE Addressing privacy and confidentiality issues (e.g., HIPAA, patient consent) Addressing technical aspects including architecture, applications and connectivity Data Integrity Addressing organization and governance issues Development of the NwHIN 11
12 Providing Value through Health Information Exchange Effective health information exchange brings clinical and administrative benefits: Providers will be able to improve quality of care, increase efficiency of clinical and administrative processes, and reduce costs by improving reimbursement management. Payers will realize significant cost savings by improving administrative efficiency and reducing readmissions, testing and acute care episodes while also helping to create stickiness with providers. Public Health Organizations will be empowered to improve long-term health outcomes. 12
13 13 Implementation Practices
14 Application Implementation Practices 14
15 Understanding Implementation Risk Risk is defined as the possibility of a loss or a diminished level of success. Risk Management is the process of defining, identifying, addressing, and eliminating risk items before the items become threats or require major rework. It can be seen as an advanced preparation p for possible adverse future events, rather than responding as the event happens. This advanced planning provides the project team the opportunity to select an alternative action plan which will still enable project objectives to be achieved successfully. The Goal is to identify project risks and develop strategies that either significantly reduce the risks, provide guidelines in an effort to avoid the risks, or at a minimum minimize the impact of risk results. The Critical Success Factor in this process is to successfully complete the project in a way in which the risks associated with the project are managed
16 Common Barriers to Successful HIE Implementations Inadequate executive oversight Insufficient software selection practices Vendor implementation methodologies are only as good as you help make them. Deficiencies with vendor support Lack of involvement/acceptance by physicians and employees Lack of appropriate go-forward decision milestones Staffing and the perception of asking too much from already-taxed employees Employee turnover Disconnects frequently exist in communication between leadership and departmental personnel 16
17 Common Barriers to Successful HIE Implementations An effective mechanism or process is not in place to consistently capture, evaluate, and respond to questions and concerns of personnel Insufficient training and/or advance scheduling along with sufficiency of backfill/agency personnel Insufficient attention is paid to security configuration requirements and appropriate stakeholders are not consistently included Loose interpretation of regulatory requirements Operational workflow designs do not have sufficient detail or appropriately address future-state needs Formal workflow approval checkpoints for appropriate operational representatives are not incorporated Inability to align workflow with the application 17
18 Common Barriers to Successful HIE Implementations Insufficient planning for all processes directly or indirectly affected Post go-live practice deviates from intended design and manual paper processes persist Project plans and issue tracking tools are not effectively utilized to facilitate overall project management/oversight into the validation process Lack of sufficient project manager competence and/or sufficient PMO oversight Insufficient testing performed and insufficient guidance (e.g., test script development) provided to ensure consistency Insufficient change management practices The configuration of application controls is not sufficiently considered (undervalued and underutilized) 18
19 19 HIPAA
20 Hot Topic - Meaningful Use Risk Analysis The Protect Electronic Health Information Core Objective for eligible hospitals and eligible professionals includes the following: Protect Electronic Health Information Objective Measure Exclusion Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities. Conduct or review a security risk analysis in accordance with the requirements under 45 CFR (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. No exclusion. 20
21 Meaningful Use Risk Analysis (cont d) Big picture - certified EHR data is not the only important data, all ephi should be addressed so don t fall into this trap All ephi Required by HIPAA ephi contained in EHR Must attest for Meaningful Use Include in your risk analysis/mgmt 21
22 HIPAA Security now has teeth!
23 HIPAA Security The Health Information Technology for Economic and Clinical Health (HITECH) Act strengthens civil and criminal enforcement of the HIPAA rules. Security Breach Notifications for Covered Entities For breaches affecting >500 individuals within one state, the organization must notify the following without unreasonable delay and no later than 60 days after discovering the breach Local media outlets HHS Secretary The affected individuals Annually required to report all breaches affecting < 500 individuals to the HHS Secretary Accountability HHS is now required to report to Congress on compliance activity and to conduct periodic audits Penalties increased for violations, up to $50,000 for each violation with a maximum fine of $1,500,000 per year + the cost of resolution agreements 23
24 Enforcement is here OCR is committed to compliance and enforcement Reviewing every submitted complaint HIPAA Privacy and Security Compliance review for every entity that has a breach that affects >500 individuals Hired KPMG to conduct audits of up to 150 covered entities in 2012 (pilot process to be expanded) First 20 Covered Entities Selected: 10 Healthcare Providers 8 Health Plans 2 Healthcare Clearinghouses Through investigations, voluntary dispute resolution, enforcement, technical assistance, policy development and information services, OCR will protect the civil rights of all individuals who are subject to discrimination in health and human services programs and protect the health information privacy rights of consumers. ~ OCR Vision Statement 24
25 HIPAA Security Key focus areas Third-party risk management (e.g., Business Associate Agreements) Encryption is becoming more pervasive but you still need to know your ephi inventory State legislation targeted to Healthcare IT innovation and compliance may have advance HIPAA compliance The stimulus package has significantly expanded the scope of existing HIPAA privacy and security rules 25
26 HIPAA Security How can Internal Audit help? Are sufficient programs in place to support compliance and promote consistency? Can your organization clearly identify what it s doing to comply? Have the assets that hold, store, process and transmit ephi been accurately identified? Has unstructured data, such as that contained in Access databases and Excel spreadsheets, been considered? Is action being taken to address the recent changes? 26
27 What should you do today? Define your Breach Response and Notification processes Evaluate the KPMG audit process take action in a timely manner Perform an Evaluation Measure yourself against the regulations, take inventory of your Policies and Procedures, understand your processes, and determine if there are any deficiencies. Perform this minimally on an annual basis, or when major changes occur in your environment. Implement a robust Risk Analysis and Management Program that proactively manages risk versus reactively addresses issues after they ve materialized Educate. Communicate. 27
28 28 Business Continuity Management
29 I cannot imagine any condition which could cause this ship to flounder. I cannot conceive of any vital disaster happening to this vessel. E.J. Smith, Captain of the Titanic 29
30 Business Continuity Management How long must an interruption to day-to-day operations be before it significantly impacts your organization? Continuity of care is typically outside of the BCM scope based on stringent regulations and historical compliance efforts, however Health information management is now relying much more heavily on technology (e.g., electronic medical records, wireless technologies, PDA s) and the line is graying Impact of regulations/standards specifically addressing BCP/DRP (e.g., HIPAA, JCAHO, etc.) 30
31 Business Continuity Management What is business continuity management? the development of strategies, plans and actions which provide protection or alternative modes of operation for those activities or business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging g or potentially fatal loss to the enterprise. 31
32 Business Continuity Management What is a Business Impact Analysis or BIA? A process designed to identify critical business functions and workflow, determine the qualitative and quantitative impacts of a disruption, and to prioritize and establish recovery time objectives The BIA results form the foundation for the all subsequent recovery strategy and planning efforts but this effort is commonly overlooked, undervalued, or insufficiently executed 32
33 Business Continuity Management What activities should we be doing in a BIA? Identify process requirements personnel/skills, facilities, equipment, external relationships, applications and technology, as well as telecommunications Determine impacts (operational, financial, i customer, legal l and regulatory) Identify Interdependencies and single points of failure Define Recovery Point Objectives (RPO), as well as capacity requirements Define Recovery Time Objectives (RTO) Evaluate the process capacity at the RTO Identify the current capability to recover and operate in a manual mode 33
34 Business Continuity Management In the past, the Internal Auditor Checked to see if a plan was in place Reviewed the IT Disaster Recovery plan for timeliness but only if they were truly IT Auditors Asked if tests were performed but didn t review the results Very rarely owned the process 34
35 Business Continuity Management How can Internal Audit add value to BCM? Serve as the internal sales person - make the case for Business Continuity Participate in the Risk Assessment and Business Impact Analysis, don t just audit the results Implement project management standards Assist in defining key business functions Help craft capability maturity levels and definitions Define controls and guide towards process, not just a plan Audit the process - before, during and after (ongoing) g) Assist with lessons learned Keep management informed of progress 35
36 Business Continuity Management What should you look for during an audit? Are all plans up to date? Are all critical business functions and systems covered? Are the plans based on the risks and potential consequences of business interruptions? Are the plans fully documented? Have functional responsibilities been assigned? Is the organization capable of and prepared to implement the plans? 36
37 Business Continuity Management What should you look for during an audit? (cont.) Are the plans tested and revised based on the results? Are the plans stored properly and safely? Is the storage location known? Are the locations of alternate facilities (backup sites) known to employees? Do the plans call for coordination with local emergency services? 37
38 In closing Don t lose sight of the true intent of Health Information Exchange improving patient care. Don t wait to dust off your HIPAA Security practices, when the auditors come knocking it may be too late. Remember that no HIE implementations are exactly alike, and all contain risk. Focus on managing risk versus reacting to problems. Communication is key! 38
39 A little like HIE Implementation 39
40 Please feel free to contact us if you have additional questions. Thank you again for your time! Alex Robison, Protiviti Managing Director Direct: David Zavala, Protiviti Senior Manager Direct:
41 Save the Date: August 25-28, nd Annual Conference Chicago, IL 41
a physicians guide to security risk assessment
PAGE//1 a physicians guide to security risk assessment isalus healthcare isalus healthcare a physicians guide to security risk assessment table of contents INTRO 1 DO I NEED TO OUTSOURCE MY SECURITY RISK
More informationHow to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment
How to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment Caroline Hamilton caroline.r.hamilton@gmail.com Risk & Security LLC As channeled by Dr. HIPAA Meaningful Use was the Hottest
More informationMeaningful Use Audit Process: Focus on Outcomes and Security
Meaningful Use Audit Process: Focus on Outcomes and Security Phyllis A. Patrick, MBA, FACHE, CHC The 22nd National HIPAA Summit February 6, 2014 Phyllis A. Patrick & Associates LLC Topics Meaningful Use
More informationTop 5 Must Do IT Audits
Top 5 Must Do IT Audits Mike Fabrizius, Sharp HealthCare, VP, Internal Audit DJ Wilkins, KPMG, Partner, IT Advisory 2011 AHIA Annual Conference www.ahia.org Background on Sharp HealthCare Sharp s Co-sourcing
More informationDelivered by Sandra Fuller, MA, RHIA, FAHIMA. April 29, 2009
A Statement by the American Health Information Management Association on Determining the Definition of Meaningful Use to the National Committee on Vital and Health Statistics, April 2009 Delivered by Sandra
More informationTaking the HITECH Ground. Understanding Meaningful Use, Health Information Exchange and the Future of Lab Outreach
Taking the HITECH Ground Understanding Meaningful Use, Health Information Exchange and the Future of Lab Outreach Rob Atlas CEO & President and Bob Gregory SVP, Corporate Strategy April 27, 2010 1 Tsunami
More informationPreparing for an OCR Audit: What is Expected of You
Preparing for an OCR Audit: What is Expected of You Speakers Chuck Burbank CISO and Director of Managed Privacy Services FairWarning Robert Mireles, CIPM Sr. Healthcare Privacy Specialist for Managed Privacy
More informationUnified SaaS Solution for Cybersecurity and Risk. Curran Data Technologies
Unified SaaS Solution for Cybersecurity and Risk Curran Data Technologies 317-974-1009 www.currandata.com Solution Discover the effective simplicity of a unified RSC solution Discover Solution Diagnose
More informationThese seminars are a collaborative work of NIATx, SAAS and The National Council supported by SAMHSA.
Behavioral Health providers are being challenged to adopt health information technology with very limited resources. There is a need to prepare for increased numbers of patients receiving health insurance
More informationOCR Audits: 2012 Results Overview
April 4 th, 2013 OCR Audits: 2012 Results Overview Presented by: Mac McMillan FHIMSS, CISM Name of Presentation CEO, CynergisTek www.cynergistek.com Advancing the Standard of Care Through Healthcare IT
More informationFrom the Front Lines: Navigating the OCR Phase 2 HIPAA Audits
View the Replay From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits June 16, 2016 Executive Series Webinar Today s Speakers Carla Wagner, HCISPP Privacy Officer Beacon Health System Trish A.
More informationOur comments include three recommendations and the associated rationale:
June 26, 2009 Dr. David Blumenthal Office of the National Coordinator for Health Information Technology Department of Health and Human Services 200 Independence Avenue, SW Washington, DC 20201 Dear Dr.
More informationCiti Institutional Clients Group - Business Continuity Management
Citi Institutional Clients Group - Business Continuity Management Enterprise Risk Management Establishing a Risk Control-based Continuity Program, CBCP, CBCP Senior Vice President, Citi Institutional Clients
More informationLeveraging Internal Audit and Corporate Compliance for Effective Risk Management
Leveraging Internal Audit and Corporate Compliance for Effective Risk Management April 18, 2016 Don Sinko Chief Integrity Officer Cleveland Clinic Agenda Cleveland Clinic Integrity Office Model The 3 Lines
More informationDecember 2015 THE STATUS OF GOVERNMENT S GENERAL COMPUTING CONTROLS:
December 2015 THE STATUS OF GOVERNMENT S GENERAL COMPUTING CONTROLS: 2014 www.bcauditor.com CONTENTS Auditor General s Comments 3 623 Fort Street Victoria, British Columbia Canada V8W 1G1 P: 250.419.6100
More informationIndustry Planning for Implementation of HIPAA Modifications: Versions 5010, D.0, 3.0 and the ICD-10 code sets
Industry Planning for Implementation of HIPAA Modifications: Versions 5010, D.0, 3.0 and the ICD-10 code sets Centers for Medicare & Medicaid Services Final Report February 2010 Engagement: 222895110 Environmental
More informationBig Data, Security and Privacy: The EHR Vendor View
Taking a step towards Big Data, Security and Privacy: proactive health + care The EHR Vendor View Bob Harmon, MD Physician Executive, Cerner Corporation Presented to Preventive Medicine 2016 Washington,
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationOperational Recovery in Healthcare Using Virtual Technologies. CareTech Solutions
Operational Recovery in Healthcare Using Virtual Technologies Eric Foote Chief Technical Architect Eric Foote, Chief Technical Architect, CareTech Solutions Overview/Background CareTech Solutions is an
More informationClearwater and Encompass Case Study Creating an OCR-Quality Risk Management Plan
Clearwater and Encompass Case Study Creating an OCR-Quality Risk Management Plan Shane Eaker Director, Information Security Encompass Health Rich Curtiss Managing Consultant Clearwater June 12, 2018 About
More informationPhysician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program
Case Study Physician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program This presentation is intended to provide a brief overview of compliance and should not to be
More informationCompliance Plans. Kelly S. McIntosh July 20, 2017
Compliance Plans Kelly S. McIntosh July 20, 2017 Roadmap The importance of compliance and compliance programs Common compliance issues know your risk areas! Guidance for drafting or updating your compliance
More informationHITRUST CSF Assurance Program. The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance
The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance February 2017 Contents Background and Challenges.... 3 Improving Risk Management While Reducing Cost and Complexity...
More informationMeaningful Use: Compliance Management Best Practices. David Morton, Adventist Health Jay Fisher, Meaningful Use Monitor May 20, 2015
Meaningful Use: Compliance Management Best Practices David Morton, Adventist Health Jay Fisher, Meaningful Use Monitor May 20, 2015 Theme 1. The risks associated with Meaningful Use are largely in the
More informationCOMMUNICATING WITH THE AUDIT & COMPLIANCE COMMITTEE OF THE BOARD: LEADING PRACTICES
COMMUNICATING WITH THE AUDIT & COMPLIANCE COMMITTEE OF THE BOARD: LEADING PRACTICES KELLY J. SAUDERS PARTNER DELOITTE & TOUCHE LLP AHIA 31 st Annual Conference August 26-29, 2012 Philadelphia PA www.ahia.org
More informationProven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations
Proven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations Kathy Lee Patterson, CBCP Business Continuity & Disaster Recovery Manager Children's Hospital of Philadelphia
More informationPractice Transformation Readiness Assessment
Practice Transformation Readiness Assessment Patients, payers, and government agencies are requiring all medical professionals to improve their patients' health and experience of care while reducing costs.
More informationThe Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be
Enterprise Risk Management The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be 2 Enterprise Risk Management Table of content 1. Introduction...05 2. Takeaways...07 3. Key
More informationImpact of the Stimulus Package on Health IT Marketplace
Impact of the Stimulus Package on Health IT Marketplace Eric G. Brown Vice President, Research Director Forrester Research June 30, 2009 The American Recovery & Reinvestment Act $790 Billion 3 Entire contents
More informationGE Healthcare. Centricity Advance for Regional Extension Centers
GE Healthcare Centricity Advance for Regional Extension Centers GE Healthcare supports the mission of Healthcare IT Regional Extension Centers as they guide providers through the transformative process
More informationHIPAA Compliance. Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant!
1 HIPAA compliance Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant! HITECH/EHR incentive requires: Stage 1. Risk Assessment for Meaningful Use
More informationEmerging Technology and Security Update
Emerging Technology and Security Update February 13, 2015 Jordan Reed Managing Director Agenda 2015 Internal Audit Capabilities and Needs Survey 2014 IT Priorities Survey Results 2014 IT Security and Privacy
More informationYou Might Have a HIPAA Breach. Now What?
You Might Have a HIPAA Breach. Now What? Ann M. Curran O Connor & Thomas, PC Phuong D. Nguyen Compliance Manager HealthTexas Provider Network Introductions Phuong D. Nguyen Compliance Manager, HealthTexas
More informationYou Might Have a HIPAA Breach. Now What?
You Might Have a HIPAA Breach. Now What? Ann M. Curran O Connor & Thomas, PC Phuong D. Nguyen Compliance Manager HealthTexas Provider Network Introductions Phuong D. Nguyen Compliance Manager, HealthTexas
More informationCreate interoperability in a MEDITECH environment
Create interoperability in a MEDITECH environment Create real connections with your medical community Corepoint Health solutions are transforming the way hospitals and clinics meet their interoperability
More informationWelcome and Introductions and Update on Implementation Timeline for ICD-10 and Transactions and Code Sets
Welcome and Introductions and Update on Implementation Timeline for ICD-10 and Transactions and Code Sets STEVEN S. LAZARUS, PHD, CPEHR, CPHIE, CPHIT, FHIMSS PRESIDENT, BOUNDARY INFORMATION GROUP CO-FOUNDER,
More informationReal World Experiences in Achieving "Meaningful Use" Mark D. Sugrue, RN-BC
www.pwc.com Real World Experiences in Achieving "Meaningful Use" Mark D. Sugrue, RN-BC Our Approach: Meaningful Use Transform Methodology Identify Assess Design Construct Implement Operate & review Delivering
More informationLabour Evaluating Occupational Health and Safety Systems Follow-up
Labour Evaluating Occupational Health and Safety Systems Follow-up SUMMARY Virtually all occupational injuries, diseases and fatalities are preventable. The Occupational Health and Safety Act, Regulation
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Common healthcare industry approach for assessing security and reporting compliance Background and challenges Compliance requirements for healthcare organizations and their
More informationEGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi
Created for mike elfassi Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service
More informationASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016
ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016 Charles J. Brennan Chief Information Officer Office of Innovation and Technology 1234 Market
More informationThe Art of Putting It Together STANDARDIZE PROCESSES BEFORE CONSOLIDATING REVENUE CYCLE OPERATIONS
STANDARDIZE PROCESSES BEFORE CONSOLIDATING REVENUE CYCLE OPERATIONS STANDARDIZE PROCESSES BEFORE CONSOLIDATING REVENUE CYCLE OPERATIONS By Robert Parris, managing director, and Melanie Schoenvogel, senior
More informationLab Outreach Connectivity
By Don Burt, Sales Services Advisor - Interfacing Sunquest Information Systems 2012 Sunquest Information Systems. All Rights Reserved. Laboratory testing affects up to 80% of the clinical decisions made
More informationContents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule
BEST PRACTICES Iron Mountain Document Conversion Services HEALTHCARE HIPAA Omnibus and the Implications for Document Conversion Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule Contents
More informationBHS CCD Exchange Success Story
BHS CCD Exchange Success Story BENEDICTINE HEALTH SYSTEM, ALLINA AND THE STATE OF MINNESOTA A STUDY IN SUCCESSFUL COLLABORATION INTRODUCTION Everyone agrees that it is in the best interest of residents
More informationWe know doctors. isalus.
We know doctors. isalus. H I P A A Allowing physicians across the country to be more efficient and more profitable. Headquartered in Indianapolis, isalus provides industry-leading EMR and Practice Management
More informationGleim CIA Review Updates to Part Edition, 1st Printing June 2018
Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the
More informationThe Path to Clinical Enterprise Maturity DEVELOPING A CLINICALLY INTEGRATED NETWORK
The Path to Clinical Enterprise Maturity DEVELOPING A CLINICALLY INTEGRATED NETWORK dhgllp.com/healthcare Kevin Locke PRINCIPAL Kevin.Locke@dhgllp.com 330.606.4699 Michael Strilesky SENIOR MANAGER Michael.Strilesky@dhgllp.com
More informationDriving healthy growth
Health Care Of special interest to Boards of directors The C-suite Health care executives 5Insights for executives Driving healthy growth The value of a proactive stance to compliance Organizations throughout
More information2013 HIMSS Leadership Survey Senior IT Executive Results
2013 HIMSS Leadership Survey Senior IT Executive Results March 4, 2013 Sponsored by: www.himss.org transforming healthcare through IT 24 th Annual HIMSS Leadership Survey Final Report: Healthcare Senior
More informationHigh Value Revenue Cycle Audits
High Value Revenue Cycle Audits AHIA 2009 Annual Conference September 1, 2009 Speakers Richard Williams Richard is a Director in Protiviti s Dallas office and a key leader in Protiviti s Healthcare Revenue
More informationProject Risk Management (PRM)
Project Risk Management (PRM) Course Agenda Project Management Overview The Role of Project Risk Management Monitoring Projects Project Risk Assessments 2 Famous Last Words I cannot imagine any condition
More informationIT S TIME! PRIMARIS OPERATIONAL EFFICIENCY SOLUTION. Using Lean Thinking to Save Time & Money. Benefits of Operational Efficiency. Why Primaris?
IT S TIME! PRIMARIS OPERATIONAL EFFICIENCY SOLUTION Using Lean Thinking to Save Time & Money Healthcare executives are well aware that both government agencies and private insurers are moving away from
More informationPREPARING A RISK BASED AUDIT WORK PROGRAM
1 PREPARING A RISK BASED AUDIT WORK PROGRAM BAILEY JORDAN PARTNER, GRC PRACTICE LEADER GRANT THORNTON, LLP DAVID TYLER PRINCIPAL, HEALTH CARE ADVISORY GRANT THORNTON, LLP AHIA 32 nd Annual Conference August
More informationClaim (and other) Attachment Standards and Operating Rules: Current Developments and Future Directions
Claim (and other) Attachment Standards and Operating Rules: Current Developments and Future Directions Testimony Provided to the Subcommittee on Standards National Committee on Vital and Health Statistics
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 2007-2016 1 What is HIPAA? HIPAA / HITECH Protect patient confidentiality while furthering innovation and patient care Omnibus (September
More informationHCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.
Enterprise Risk Management in Healthcare Deloitte & Touche LLP Heather Hagan, Senior Manager Nancy Perilstein, Senior Manager February 29, 2016 Discussion Items Drivers of Enterprise Risk Management (ERM)
More informationImproving Your Revenue Cycle Health: Why Continual Check-ups Are More Crucial than Ever
Optimizing the business of healthcare Improving Your Revenue Cycle Health: If change is constant and it seems to be the case in healthcare, then the one consistency would be the ongoing need for financial
More informationText. What the Heck is a HIPAA AUDIT? Presented by Sue Miller
Text What the Heck is a HIPAA AUDIT? Presented by Sue Miller What to do before you are Audited? What to do after you are Audited? AGENDA Types of Enforcement Review 2016 OCR HIPAA Audits, Phase 2 Effective
More informationW207: How should you leverage internal audit? October 26, 2016
W207: How should you leverage internal audit? October 26, 2016 Agenda Internal Audit Framework 3 Lines of Defense Value Enhancement Work Internal Audit vs. Compliance Areas of Focus Key takeaways 2 What
More informationVIRTUA DATE OF LAST REVIEW 5/11; 4/14, 8/16
8/16 POLICY Virtua is committed to helping the people of our region be well, get well, and stay well. Part of our commitment to the communities we serve is to provide services of the highest quality to
More informationACA Operating Rules Update and Implementation Plans. Gwendolyn Lohse, CAQH Priscilla Holland, NACHA
ACA Operating Rules Update and Implementation Plans Gwendolyn Lohse, CAQH Priscilla Holland, NACHA March 11, 2011 Today s Administrative Data Exchange Environment Challenge Beginning with the mandated
More informationDo I Have to Attest? What Actions Are Required?
The Merit-based Incentive Payment System (MIPS) Promoting Interoperability Prevention of Information Blocking Attestation: Making Sure EHR Information is Shared 2018 Performance Year To prevent actions
More informationEnsuring the health of endpoints in healthcare IT
Ensuring the health of endpoints in healthcare IT Highlights Secure and manage endpoints across highly distributed environments, both on and off the network Automated continuous compliance against policies,
More informationANSI What providers need to know. ANSI 5010 What providers need to know
ANSI 5010 What providers need to know. 1 What does ANSI 5010 mean to your practice or facility? The new transaction set means there will be less ambiguity in the implementation guides. You will have one
More informationTHE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM
WHITEPAPER THE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM ANDREW HICKS MBA, CISA, CCM, CRISC, HCISSP, HITRUST CSF PRACTITIONER PRINCIPAL, HEALTHCARE AND LIFE SCIENCES TABLE OF CONTENTS
More informationVenn Health Partners. Venn Health Partners, 906 Oak Tree Ave, Suite R, South Plainfield New Jersey, 07080,
Venn Health Partners Venn Health Partners, 906 Oak Tree Ave, Suite R, South Plainfield New Jersey, 07080, 732-992-8366 visit vennhp.com About Us We connect the dots Provide Best in Class project/program
More informationThe Rye Ambulatory Surgery Center, LLC Compliance Plan
The Rye Ambulatory Surgery Center, LLC Compliance Plan Approved By Board of Managers October 27, 2010 INTRODUCTION The Rye Ambulatory Surgery Center ( Rye ASC ) is committed to conducting its operations
More informationBest Practices in EHR Implementations
WHITE PAPERS FOR REAL PEOPLE Best Practices in EHR Implementations by TIM LIDDELL VICE PRESIDENT, PROVIDER DEPLOYMENT BETSY CROSS DIRECTOR, PROVIDER DEPLOYMENT CONTENTS The SaaS Delivery Model... 1 January
More informationNavigating the New Health Economy
Navigating the New Health Economy How non-traditional healthcare players are using the HITRUST CSF to drive their security programs forward Speakers Dennis Quandt Risk Assurance Director, PwC Boston, MA
More informationSuccessful healthcare analytics begin with the right data blueprint
IBM Software Information Management Healthcare Successful healthcare analytics begin with the right data blueprint 2 Successful healthcare analytics begin with the right data blueprint Executive summary
More informationPreparing For & Managing a RADV Audit
Preparing For & Managing a RADV Audit Session 607 Dennis P.H. Mihale, MD, MBA Scott Weiner, CMA, CFM, MBA Agenda Assessing Your Risk CMS RADV Process Health Plan Process Preparation Execution Mock Audit
More informationWEDI 2015 Health Information Exchange Value and ROI Survey
Welcome to the Workgroup for Electronic Data Exchange (WEDI) 2015 Health Information Exchange Value and ROI Survey. WEDI is a multi-stakeholder coalition dedicated to solving the most critical problems
More informationImplementing a Compliance Monitoring Program. January 29, 2014
Implementing a Compliance Monitoring Program January 29, 2014 1 Agenda 1. Mission and Purpose 2. Scope 3. Situational Analysis 4. Best Practices 5. Questions Mission and Purpose 3 Mission and Purpose Mission
More informationOffice of Internal Audit. The University of Texas Southwestern Medical Center Business Continuity/Disaster Recovery. Internal Audit Report 16:32
Office of Internal Audit The University of Texas Southwestern Medical Center Business Continuity/Disaster Recovery Internal Audit Report 16:32 December 7, 2016 Table of Contents I. Executive Summary 3
More informationMeaningful Use Audits
Meaningful Use Audits Bruce Wacker Executive Director of Customer and Regulatory Services Adventist Health System Mike Hourigan Director, Regulatory Consulting Cerner Corporation 1 Copyright 2013. All
More informationWill Your Company Pass a Privacy Audit?
Will Your Company Pass a Privacy Audit? by Tammi K. Franke The Issue - Companies that collect personal information are under increasing scrutiny by both consumers and governments in the United States and
More informationCOLORADO MULTI-PAYER COLLABORATIVE
1 COLORADO MULTI-PAYER COLLABORATIVE Charter UPDATED JANUARY 2017 2 Background The Colorado Multi-Payer Collaborative (Collaborative) includes public and private health care payers working to strengthen
More informationTAG Certified Against Fraud Guidelines. Version 1.0 Released May 2016
TAG Certified Against Fraud Guidelines Version 1.0 Released May 2016 About the TAG Certified Against Fraud Program The mission of the TAG Certified Against Fraud Program is to combat fraudulent non-human
More informationThe following topics will be covered in this course: 1) Don t let pressure influence ethics and reasoning 2) Be careful about rationalizations 3)
The following topics will be covered in this course: 1) Don t let pressure influence ethics and reasoning 2) Be careful about rationalizations 3) Enforcement matters 4) Create a flatter organization and
More informationFour Rights Can t Be Wrong:
Four Rights Can t Be Wrong: Why Now is the Right Time to Implement an EHR The information in this document is subject to change without notice. This documentation contains proprietary information, which
More informationDeveloping Staff and Resource Infrastructure to Support Value-Based Reimbursement. NCHICA Annual Conference 2016
Developing Staff and Resource Infrastructure to Support Value-Based Reimbursement NCHICA Annual Conference 2016 1 University Physicians, Inc. (UPI) Faculty Practice Plan for the University of Colorado
More informationDrive Your Business. Four Ways to Improve Your Vendor Risk Program
Drive Your Business Four Ways to Improve Your Vendor Risk Program Introduction Risk-management professionals often find the creation of a vendor risk management (VRM) program to be a challenging task,
More informationPHYSICIAN PRACTICE SOLUTIONS
PHYSICIAN PRACTICE SOLUTIONS www.healthdirections.com PROGRAM OBJECTIVE The objective of the Physician Practice Solutions offering is to provide programs and services to improve the operational and financial
More informationTHE BODY OF KNOWLEDGE FOR MEDICAL PRACTICE MANAGEMENT
THE BODY OF KNOWLEDGE FOR MEDICAL PRACTICE MANAGEMENT OVERVIEW & PERFORMANCE OBJECTIVES THE BODY OF KNOWLEDGE FOR MEDICAL PRACTICE MANAGEMENT 3RD EDITION TABLE OF CONTENTS About the Body of Knowledge..................................................3
More informationThe Road to ICD-10 Readiness Less than One Year to Go
Consulting and Management Services The Road to ICD-10 Readiness Less than One Year to Go Physician Practice Office Staff Meeting October 16, 2013 2 Road Map 1 Review of Background and Timelines for ICD-10
More informationGovernment Relations (GR) Strategic Plan February 2017
Government Relations (GR) Strategic Plan 2017 February 2017 Table of Contents Introduction and Background Page 3 2017 Strategic Goals & Objectives Page 4 2017 Action Plans by Objective Pages 5-9 Report
More informationAn Insider's Perspective: How URAC's New Core 4.0 Accreditation Standards Align with Best Practices in Today's Changing Healthcare Environment
An Insider's Perspective: How URAC's New Core 4.0 Accreditation Standards Align with Best Practices in Today's Changing Healthcare Environment Session Code: MN16 Date: Monday, October 23 Time: 2:45 p.m.
More informationCarequality Governance Charter
Ratified April, 2014 TABLE OF CONTENTS 1 Purpose... 3 2 Governance Principles & Governance Model... 3 3 Steering Committee... 4 4 Carequality Workgroups... 7 5 Advisory Council... 9 2 1 PURPOSE This document
More informationOptimization: The Next Frontier
Optimization: The Next Frontier A White Paper Impact Advisors LLC January 2015 400 E. Diehl Road Suite 190 Naperville IL 60563 1 800 680 7570 Impact Advisors.com Table of Contents Introduction... 3 Optimization
More informationCHHS Master Data Management Strategy
CHHS Master Data Management Strategy Master Data Management (MDM) will provide the California Health and Human Services Agency (CHHS) and its Departments with a 360-degree view of CHHS clients, providers,
More informationHealth Solutions. Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES.
Health Solutions Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES. Expanding Insight. Ensuring Value. Improving Outcomes. Organizations look to experienced solutions
More informationRE: HIT Policy Committee: Recommendations regarding Stage 3 Definition of Meaningful Use of Electronic Health Records (EHRs)
May 30, 2014 Office of the National Coordinator for Health Information Technology Attn: Dr. Karen B. DeSalvo, MD, MPH, MSc U.S. Department of Health and Human Services 200 Independence Avenue SW Suite
More informationInnovative technology. Advancing patient care.
Innovative technology. Advancing patient care. Innovative technology. Advancing patient care. iknowmed Generation 2 SM is a powerful web-based electronic health record (EHR) developed in collaboration
More informationView the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc.
Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update November 17 th, 2011 View the Recording Learning objectives Enforcement update and lessons learned from past HIPAA audits Accounting
More informationOverview of Health Information Exchange (HIE) in the Era of Meaningful Use December, 2010
Overview of Health Information Exchange (HIE) in the Era of Meaningful Use December, 2010 1 What Is HIE? Why Build HIEs? The HIE Environment Benefits of HIE Outline American Reinvestment & Recovery Act
More informationSuccess in Joint Ventures: Sustained Compliance and Audit Oversight
Success in Joint Ventures: Sustained Compliance and Audit Oversight Gene DeLaddy, CIA Senior Vice President, Chief Compliance & Privacy Officer, Chief Audit Executive Dave Pyland, CPA Director, Internal
More informationMODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING
MODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING 2 0 1 4 A Message From Our CEO and Compliance Officer At PacificSource, we pride ourselves on maintaining a culture of compliance and high ethical
More informationSTRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017
STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda
More informationGeorgina Verdugo, JD Office for Civil Rights U.S. Department of Health and Human Services Attention: HIPAA Privacy Rule Accounting for Disclosures
Georgina Verdugo, JD Office for Civil Rights U.S. Department of Health and Human Services Attention: HIPAA Privacy Rule Accounting for Disclosures Submitted electronically at: http://www.regulations.gov
More information