T e h C L C I L Q Q Sy S stem P ASG S A ll l l G rant n ee M M etin i g n

Transcription

1 The CLIQ System PCASG All Grantee Meeting August 20, 2009

2 CLinial InQuiry Web-based clinician portal built in house (March 2003) Single user interface to all electronic clinical data Patient-centric presentation Efficient and easy-to-use Available anywhere, anytime SMaRDI Clinical information available Demographic / registration data Visit history Chronic disease management and preventive health reminders Problem list Allergy list / Home medication list General and reference lab, microbiology and blood bank results Pathology, radiology, cardiology, EKGs, PFTs, EMG and EEG reports Admission H&Ps and discharge summaries Operative notes OP consultation notes OP pharmacy dispensing record

3 Shared Medical Record Data Infrastructure Clinical Data Repository (CDR) > 600,000 patient records > 15,000,000 results and reports Master Patient Index (MPI) SMaRDI Analyzes live registration data to identify potential duplicate records Reconciles verified duplicates to a unique patient identifier Interface Engine (IE) HL7 message standard required Manages multiple simultaneous real-time legacy interface feeds Real-time data interfaces ~ 50,000 messages / day Authentication and access control system

4 Clinical InQuiry (CLIQ) / SMaRDI Patient mgt / demographics CMM MPI Patient Summary and Problem List Lab Results and Path Reports CLIQ IE and CDR Blood Bank Immunizations Radiology Reports Pharmacy Cardiology Reports Clinical Notes

5

6

7

8

9

10

11

12

13 Community Clinics w/ CLIQ Access

14 CLIQ Utilization Logins / hr 6/17/09

15 CLIQ Utilization > 6,000 unique clinician/staff users since 2003 ~ 1500 unique users / day ~ 6,000 logins / day ~ 8,000 unique patient records accessed / day ~ 15,000 total patient record accesses / day External CLIQ (HIE) users 21 CHC locations in New Orleans metro (PATH) 3 CHC locations in St. Mary parish (ByNet) OPH, OMH, DOC

16 Affiliation Agreement The Parties shall coordinate to create and maintain health information exchange systems while observing laws and standards on privacy and confidentiality Develop and maintain formal policies and procedures to govern exchanging health information Attachment A - Information Sharing Attachment B - Policies and procedures for CLIQ Access, Usage and Audit

17 Information Sharing Agreement Purpose to establish standards for sharing PHI among participating Parties that complies with HIPAA regulations Including data shared through CLIQ and other Including data shared through CLIQ and other systems that may be added in the future

18 Information Sharing Agreement All information contained on the Shared Data Systems or maintained in other formats shall be protected by reasonable and appropriate administrative, technical, and physical safeguards to protect against any reasonably anticipated threats or hazards to the privacy, security or integrity of patient information: A. Each person authorized to access the Shared Data Systems must have a unique identification code and password to verify authorization to access. B. Each party shall be responsible for reviewing audit trails and other reports generated by the Shared Data Systems. In the event of a perceived breech, LSU-HSCD will take appropriate action, including but not limited to eliminating Parties access to the Shared Data System. C. Each party shall maintain procedures to ensure the integrity, completeness and continuity of data included in the Shared Data Systems; D. Each Party shall adopt privacy policies and procedures, appoint a privacy officer, and conduct periodic audits of its facility to ensure compliance with the HIPAA privacy regulations E. Each party shall maintain in a secure manner all computers and networks that hold or have access to patient information

19 Information Sharing Agreement Each Party shall Name a Privacy Officer responsible for assuring compliance with the terms and conditions of agreement prior to gaining access to shared patient information Conduct a routine information privacy audit that is consistent with industry standards and in accordance with each Party s procedures Provide training to any person regarding the terms and conditions of the agreement prior to gaining access to PHI

20 Information Sharing Agreement Each party s employees or contractors will complete HIPAA privacy training prior to gaining access to PHI on shared data systems Shared PHI shall be used only for provision of services to the patient whose information is being accessed All uses/disclosures of PHI shall be limited to the minimum necessary to accomplish the purpose for which the information is used or disclosed PHI shall be shared only after the patient has received a Notice of Privacy Practices CLIQ provides access to all patient records but use must be restricted to only those for which services are being delivered Each party s Privacy Notice should contain language that informs patient that PHI from their other providers may be shared

21 Policies / Procedures Four Roles LPHI-PATH COORDINATOR - Primary LPHI contact for each Affiliate to provide information on the Affiliation, Information Sharing and general questions about CLIQ access and audit responsibilities LSU-PATH COORDINATOR - Primary contact for each Affiliate to the LSU Health System. Works in conjunction with the LPHI-PATH Coordinator to assure CLIQ usage and access consistent with agreements LPHI-PATH AFFILIATE COMPLIANCE OFFICERS - Each Party will designate two (2) compliance officers primary and secondary to serve as operational contacts to the LPHI-PATH and LSU-PATH Coordinators LPHI-PATH AFFILIATE SIGNATURE AUTHORITY - Individual defined in the PATH Master Affiliation Agreement and / or Information Sharing Agreement that has the authority to sign for the Affiliate.

22 P/P Responsibilities of Affiliate Compliance Officers Identifying clinicians at their location with a need to access the shared data system Completing and submitting applications for access to the LSU-PATH Coordinator Receiving and performing monthly audit of users and patient records viewed for their location(s), and returning audit reports in compliance with defined timeline Notifying the LPHI-PATH and LSU-PATH Coordinators immediately upon a user s departure from affiliate organization to terminate CLIQ access Providing HIPAA privacy policy for review and filing with the LPHI-PATH Coordinator Maintaining compliance with and assuring that HIPAA regulations are followed at their location(s) Reporting any HIPAA privacy or potential privacy concerns or breaches to the LPHI-PATH Coordinator Attending training sessions scheduled through the LPHI-PATH Coordinator before serving in the role

23 P/P Initial Actions Within 5 days of signing the Information Sharing Agreement: Each partner organization identifies a primary and secondary compliance officer for each location. An individual can be a compliance officer at multiple locations for an organization but each location must have a primary and a secondary designee. Compliance officers shall provide to the LPHI-PATH Coordinator: HIPAA privacy policy for review and filing; Physically secure fax number for exchange of monthly audit reports; Listing of all personnel at their location(s) that currently have access or need access to CLIQ Within 45 days of signing the information sharing agreement: LSU-PATH Coordinator in conjunction with LPHI-PATH Coordinator shall provide all Compliance Officers training on their responsibilities and procedures for: Monthly audits User enrollment and termination Reporting of privacy breaches Other relevant policies from the operating guidelines

24 P/P Monthly Audits LSU-PATH Coordinator (or their designee) will forward the monthly audits via fax or other mutually agreed upon secure electronic communication channel to the Compliance Officers at each location no later than the 5th of the month following the audit period Compliance Officer for each location must return the monthly audit to the LSU-PATH Coordinator (or their designee) via fax or other mutually agreed upon secure electronic communication channel no later than the 15th of each month A failure to receive the completed monthly audit reports by the 15th of each month will set into process actions to temporarily or permanently discontinue access to PHI via CLIQ in an effort to appropriately protect patient privacy Affiliate users identified through monthly auditing process as not using CLIQ for more than 30 consecutive days will have access suspended in an effort to appropriately protect patient privacy

25 P/P Clinician Access For a physician, NP, PA, dentist or nurse not affiliated with LSU to gain access to CLIQ: Complete an LSU Computer Account Application Attend an LSU CLIQ training session prior to accessing the system Completed application must be signed by the LPHI-PATH Affiliate Signatory Authority, and original mailed or hand delivered to LSU-PATH Coordinator, who will submit for approval to LSU. Submitting an application does not guarantee access If approved, and before access can be granted, all new users must attend a LSU CLIQ user training session. Current users may be required to attend a CLIQ training session at the discretion of LSU

26 P/P Non-clinician Access For a non-clinician to gain access to CLIQ, and in addition to the requirements for clinician access, a written justification outlining the need for the nonclinician s access to PHI on CLIQ must be submitted with the application and signed by the LPHI-PATH Affiliate Signatory Authority.

27 LSU HCSD Policy and PHI Monthly audits (or any other forms of PHI) cannot be ed to or from the LSU or LPHI PATH Coordinator

28 Thank You