You are browsing the archive for Medical Technology.

DoD awards Cerner, Leidos, Accenture EHR contract

July 29, 2015 in Medical Technology

The US Department of Defense handed down the largest and most-anticipated electronic health record system contract in history late Wednesday.

And the winner is (drumroll, please) … Cerner, Leidos and Accenture. The contract’s initial piece, valued at $4.3 billion, calls for the team to provide “an electronic health record off-the-shelf solution, integration activities and deployment across the Military Health System,” a DoD spokesperson told Healthcare IT News

DoD’s choice, in the end, came down to three teams: Epic Systems and IBM; Cerner, Leidos and Accenture; and Allscripts aligned with Computer Sciences Corp. and Hewlett-Packard.

“Market share was not a consideration,” said DoD Under Secretary for Acquisition, Technology and Logistics Frank Kendall. “We wanted minimum modifications.”

Being able to select a commercial-off-the-shelf software package and customize it as little as possible for a project this massive is the reason that DoD has given all along for not opting to use the U.S. Department of Veterans Affairs’ proprietary and open source VistA EHR.

“A commercial product gives us the opportunity to take advantage of private sector innovation,” said Assistant Secretary of Defense for Health Affairs Jonathan Woodson, MD. He added that during the process of choosing a vendor, DoD officials visited with many health systems to learn how they transition from proprietary to commercial EHR systems. 

[Related: DoD EHR modernization set to rock marketplace.]

Part of DoD’s requirement, in fact, was that the EHR interoperate with private sector systems, since somewhere between 60 percent and 70 percent of care takes place outside the DoD.

“This is crucially important,” said Woodson. “What we’re doing today will help advance the public preparedness. The private sector is becoming more prepared, but we’ll accelerate that work.”

The biggest surprise?

No, it’s not the vendor who won. Rather, it’s the adjusted overall price tag for the massive modernization project. Indeed, the figure is down nearly 20 percent.

“We feel comfortable that we made a good source selection,” Kendall explained. “Costs are coming in lower than our estimates.”

Widely reported DoD projections had put the overall price at $11 billion for an 18-year lifecycle.

“We think it will be below $9 billion” over the long haul, Kendall added. “Competition has worked for us.”

Woodson pointed to sunsetting existing systems as a major factor in lowering those costs. Indeed, Military Health System CIO David Bowen said in 2013 that “legacy systems are eating us alive in terms of support and maintenance,” and consuming approximately 95 percent of the IT budget. 

Whether the competition that drove prices downward will also translate to a shorter implementation time remains to be seen, but Kendall said DoD intends to first deploy the software at eight sites in the Pacific Northwest by end of calendar year 2016 – and the current plan is to have it installed at approximately 1,000 sites by 2022, though Kendall said once the contract is awarded they “hope we can go much quicker than that.”

He cautioned, though, that the rollout will be event-driven, and that the DoD won’t take unnecessary risks to meet a preset schedule.

“Today is just the beginning, now the hard part is going to start,” said Chris Miller, program executive officer, DoD Healthcare Management Systems Modernization and Integrated Electronic Health Records. “Our focus now is shifting to testing. You’re going to see an incredible test regime, digging deep into security, workflow, comprehensively testing the product to make sure it’s ready to go before we deploy it.”

Related articles: 

Is DoD EHR modernization destined to fail?

EHR go-live gone wrong

One out, three bids left for DoD EHR

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/dod-names-ehr-contract-winner

Bookmark and Share

CMS Releases FAQs To Clarify Plan To Ease ICD-10 Transition

July 29, 2015 in News

On Monday, CMS released answers to frequently asked questions to help clarify recently announced measures that aim to provide physicians with some flexibility as they transition to the new ICD-10 code sets, EHR Intelligence reports (Murphy, EHR Intelligence, 7/28).

Background

U.S. health care organizations are working to transition from ICD-9 to ICD-10 code sets to accommodate codes for new diseases and procedures by Oct. 1.

On July 6, CMS and the American Medical Association jointly announced measures designed to help ease physicians’ transition.

Among other things, CMS said it would:

  • Appoint an ICD-10 ombudsman to help oversee the transition;
  • Establish a one-year grace period in which it will reimburse physicians under Medicare Part B for claims with incorrect ICD-10 diagnosis codes;
  • Extend the flexibility for quality code errors to the Physician Quality Reporting System, Value-Based Payment Modifier program and meaningful use program so physicians and other eligible professionals are not penalized; and
  • Provide a range of online resources — including Web conferences and training documents — to aid providers in the transition (iHealthBeat, 7/7).

FAQ Details

CMS posted a list of 13 FAQs to clarify several aspects of the measures. For example, the agency noted that:

  • The ICD-10 ombudsman will be in place by Oct. 1;
  • The measures do not signify an ICD-10 delay;
  • Submitters whose claims are denied will be notified with an explanation of the rejection;
  • Submitters should follow existing processes for correcting and resubmitting rejected claims (Goedert, Health Data Management, 7/28);
  • The measures only apply to Medicare fee-for-service claims;
  • The guidance does not apply to Medicaid claims, but each state will be “required to process submitted claims that include ICD-10 codes for services furnished on or after Oct. 1 in a timely manner” (EHR Intelligence, 7/28); and
  • The measures do not apply to commercial payers, which “will have to determine whether [to] offer similar audit flexibilities” (Health Data Management, 7/28).
Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/w4qf_Rix9o0/cms-releases-faqs-to-clarify-plan-to-ease-icd-10-transition

Bookmark and Share

4 takeaways from Ponemon’s 2015 healthcare security report

July 29, 2015 in Medical Technology

Ponemon’s recently published 2015 Study on Privacy Data Security of Healthcare Data makes one point crystal clear: healthcare organizations must do more to protect sensitive patient information from the wide variety of data breach threats.

A shockingly high 91 percent of respondents reported falling victim to at least one data breach in the last two years. The majority of respondents had suffered 11 or more incidents. Healthcare IT teams understand that these percentages are unacceptable, but until now have largely failed to effectively mitigate data breach threats.

Healthcare organizations could view Ponemon’s report as a document that paints IT security in their industry as a failure. I have a slightly different view. This report is one of the most useful resources for helping healthcare organizations start taking the necessary steps to defend themselves more capably against data breaches. With this in mind, here are four takeaways from this report that each and every healthcare organization should consider:

Pay attention to security trends and plan accordingly
Healthcare IT leadership needs to keep a pragmatic, data-driven view of the types of attacks they’re facing, and allocate their IT security budgets accordingly.

Looking at the last five years of Ponemon’s healthcare report, the only category of attacks that has consistently risen is “criminal attack,” which is now the number one cause of data breaches.  In 2014, criminal attacks were the number one root cause of data breaches cited by 45 percent of respondents. Other data breach root causes, including lost devices, employee negligence, and system glitches, have remained relatively consistent over the past five years.

Interestingly, when asked what they believed to be the largest security threat, 70 percent of respondents chose employee negligence, which is not at all in line with reality. Criminal attacks are the number one cause of data loss. If healthcare organizations are ever going to get in front of the relentless assault upon their critical, protected health information, a shift in the focus of priorities has to take place.

Implement strong processes and procedures
While over half of the respondents stated they had good IT policies and procedures in place, this percentage should be much closer to 100 than it is currently. With a vast array of regulatory and compliance issues to deal with, as well as the impending threat of criminals trying to steal data, healthcare organizations need to put the appropriate policies and procedures in place for all areas of their security program.

It’s also important to note that some healthcare organizations are placing too much faith in the ability of policies and procedures to prevent data loss. 58 percent of organizations stated that their policies and procedures alone can prevent or quickly detect breaches. This line of thinking is dangerous for the industry.

Make the most out of technology and automation
Strong policies and procedures are fundamental to any good security program, but they cannot be the only line of defense to stop data breaches from happening. Healthcare organizations must marry policies and procedures with technical controls that allow business to continue with minimal hindrance, while still providing the necessary levels of protection.

Only one-third of respondents stated they had sufficient resources to prevent or quickly detect a data breach, and just barely half had the on-staff technical expertise to identify and resolve data breaches. With limited resources available, healthcare organizations need to focus on leveraging technology specifically designed to enforce controls and defensive measures, especially automation tools that can be integrated into systems and processes. Well-implemented technological controls can bolster the effectiveness of the human and financial resources within an organization to better get ahead of attacks.

Build security from the inside out
As part of this effort to mitigate the effectiveness of criminal attacks, healthcare organizations must build IT security from the inside out. Often, healthcare organizations try to harden the perimeter to protect hackers from entering their systems. But as more healthcare organizations utilize cloud-based services, expand their health provider networks over larger physical areas and leverage technologies to allow for more of their employees to work remotely, the perimeter has all but disappeared.

It is far more effective for IT teams to build layers of security closest to the items that require protection. If the loss of laptops is of great concern, encrypting hard drives that contain sensitive information will be more effective than adding new controls to VPN access. If preventing unauthorized access to databases and servers containing sensitive health information is the goal, IT teams should put security and auditing measures in place around privileged account credentials instead of attempting to build more firewall perimeters, which these accounts will likely have access to anyway.

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/blog/4-takeaways-ponemons-2015-healthcare-security-report

Bookmark and Share

Precision Medicine Requires Regulatory Reform, Data Analytics

July 29, 2015 in News

President Obama’s Precision Medicine Initiative will not succeed without a regulatory system that can facilitate big data analytics for genomic research, according to a white paper by the Center for Data Innovation and Health IT Now Coalition, Health Data Management reports (Slabodkin, Health Data Management, 7/27).

Background

In February, Obama in his fiscal year 2016 budget proposal asked Congress for $215 million in funding for a precision medicine initiative that centers on the creation of a massive database containing the genetic data of at least one million volunteer participants. Of the funding:

  • $131 million would go toward NIH to recruit at least one million volunteers and analyze their full genetic makeups, as well as expand clinical trials for possible cancer medications;
  • $70 million would go toward NIH’s National Cancer Institute to further study genetic causes of cancers and use study findings to assist with drug development;
  • $10 million would go toward FDA to develop databases to help the agency create the regulatory structure for evaluating precision medicine advances; and
  • $5 million would go toward ONC to help develop interoperability standards and policies to address privacy issues and help with secure data exchange across various systems (iHealthBeat, 2/3).

An implementation plan from NIH is due in September.

White Paper Recommendations

The white paper makes several recommendations to ensure a successful precision medicine program, stressing the importance of public-private partnerships. Specifically, the two organizations recommend that stakeholders:

  • Encourage patient and private-sector engagement because of their shared interest in the way big-data applications can shape health care innovation;
  • Implement strong federal requirements to improve interoperability and data sharing so that genomic and other health data can be accessed and sent across different systems; and
  • Re-evaluate existing privacy and consent laws to account for advances in science and technology.

Joel White, executive director of the Health IT Now Coalition, said, “In order to make full use of [the genomic and clinical] information and taxpayer dollars that are funding the initiative, we need a functional and broad-based data-sharing model that can only be reached through cooperation of both private and public sectors” (Health Data Management, 7/27).

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/zMtZO_mBzMw/precision-medicine-requires-regulatory-reform-data-analytics

Bookmark and Share

Can the Health IT Safety Center succeed?

July 28, 2015 in Medical Technology

When ONC released its Health IT Safety Center Roadmap earlier this month, it touted the envisioned center as way to create a “culture of safety.”

Writing in Health Affairs, two experts offer some tips to help it meet that “monumental, sociotechnical challenge.”

ONC wants to use the safety center as a convener for stakeholders from across healthcare to accomplish two interrelated goals: “using health IT to make care safer, and continuously improving the safety of health IT.”

[See also: ONC unveils patient safety roadmap]

That will take work, and lasting commitment from a broad array of different players, according to Dean Sittig, professor of biomedical informatics at The University of Texas Health Science Center at Houston, and Hardeep Singh, research scientist at Baylor College of Medicine.

On the Health Affairs blog, Sittig and Singh call the roadmap “an important step for both policy and practice in an area where researchers like us are just beginning to understand the boundaries and definition of health IT-related patient safety.”

They also offer their thoughts on the challenges that must be addressed if the Health IT Safety Center is to be brought to fruition – and truly brought to bear on technology-enabled quality improvement.

As the public-private organization gathers folks from the different facets of health IT to help develop a “learning health system” (in one of ONC’s favorite turns of phrases) where continuous improvement of patient safety is the goal, the diverse participants would work to spotlight ways to address IT-related adverse events, aim toward better evidence-based practices and information sharing and promote education for clinicians’ safe use of healthcare technology.

But as Sittig and Singh point out, that’s easier said than done.

“Why hasn’t all of this been done by now? The answer lies in the complexity of health IT use,” they write. “In addition, research to understand unintended consequences of health IT has emerged mostly in the last decade. As recognized in the roadmap, a comprehensive, sociotechnical approach is essential; this must include technical factors, as well as nontechnical factors such as people, workflow and organizational issues.”

[See also: EXTREME essentials for interoperability]

Several years ago, the two researchers published a study titled “A New Socio-technical Model for Studying Health Information Technology in Complex Adaptive Healthcare Systems.” They’ve also done extensive research on how electronic health records can help deliver on patient safety. Through that research, they offer a three-part framework for defining safety as it relates to technology. It involves:

  • Activities to mitigate risks that are unique and specific to technology (e.g., safety issues related to unavailable or malfunctioning hardware or software);
  • Issues created by the failure to use technology appropriately or by misuse of technology (e.g., hazards created by nuisance alerts in the EHR), and
  • Use of technology to monitor health care processes and outcomes and identify potential safety issues before they can harm patients (e.g., the use of EHR-based algorithms to identify patients at risk for medication errors or care delays).

Addressing all three of those is a tall order, they write; the safety center, even as a “trusted space where stakeholders [can] convene to review evidence and jointly develop solutions” (in ONC’s words), will face challenges – especially when it comes to improving identification and sharing of health IT-related safety events.

“Our research shows that identifying EHR-related patient safety issues or delineating the role technology plays in a safety event is difficult,” write Sittig and Singh. “For example, when clinicians overlook abnormal test results in EHRs, nearly all eight sociotechnical dimensions” – as defined in their earlier report – “can be involved.”

So, while the proposed center wouldn’t conduct investigations into adverse events, they write, “we believe EHR-enabled healthcare organizations should themselves create multi-disciplinary EHR safety teams to investigate safety events with potential ‘health IT involvement.’” Such teams could work with patient safety organizations during investigations “and be integrated with an organization’s risk management infrastructure” they suggest.

That proposal is just one of many Sittig and Singh have to offer. Read their full post here.

In the meantime, they write, “safe and effective implementation and use of health IT within a complex adaptive health care system is a monumental, sociotechnical challenge. The proposed Safety Center is a step forward, but it will require strong and sustained support from a multitude of stakeholders, including vendors, researchers, and policymakers. A great deal is at stake here. In the absence of any other central oversight, the Safety Center will need to lead the way in making health IT safer and better, so we can improve the health and health care of our patients.”

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/can-health-it-safety-center-succeed

Bookmark and Share

Practice Challenges Ruling, Defends Firing Over Improper EHR Access

July 28, 2015 in News

A Montana-based eye care center is challenging a ruling that firing a worker for improperly accessing an electronic health record system violates the National Labor Relations Act, FierceEMR reports.

Background on Case

The case involves an employee at the Rocky Mountain Eye Center in Missoula, Mont., Britta Brown, who used the practice’s EHR system to obtain the contact information of 17 coworkers. She then provided information on 12 coworkers to a union representative. Rocky Mountain fired Brown, citing a HIPAA violation and abuse of the practice’s confidentiality agreement.

However, an administrative law judge found that while the practice’s personnel files were kept in a separate software system, it mixed patient and employee contact information in its EHR system because employees entered their contact information into the EHR  system as part of training. The judge also found that Rocky Mountain allowed the EHR system to be used as an employee directory.

In the decision, the judge wrote, “It was generally known that coworkers and supervisors accessed the Centricity system to get employee contact information,” adding, “Employees accessed each other’s contact information for work-related purposes, primarily involving last-minute schedule changes.”

The decision also noted that Rocky Mountain employees no longer enter their contact information into the EHR system and that the practice’s Human Resources Department now handles scheduling changes.

Details of the Challenge

In an Exceptions document filed with the National Labor Relations Board on July 10, the practice argued that the EHR system is a database reserved for patients. The practice noted that Brown accessed records of patients who happened to be employees before turning them over to a third party without approval (Durben Hirsch, FierceEMR, 7/24).

According to the Exception document, under HIPAA’s minimum necessary standard, “employees of a covered entity are not permitted to access a patient’s [personal health information] in the employer’s [EHR] system for personal reasons unrelated to that patient’s care or services” (Rocky Mountain Eye Center Exceptions, 7/10).

Rocky Mountain also argued that Brown never testified that she witnessed or was told it was acceptable to use the EHR system to find patient-employee contact numbers. In addition, it stated there is no evidence the practice allowed such access (FierceEMR, 7/24).

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/Z1UC0Gprm4g/practice-fights-ruling-that-improper-ehr-access-not-grounds-for-firing

Bookmark and Share

Why Medicare Advantage is more potent than meaningful use for driving reform

July 28, 2015 in Medical Technology

Earlier this year, the Centers for Medicare and Medicaid Services (CMS) announced increased 2016 rates to Medicare Advantage (MA) – changes that will continue to strengthen this growing industry program. Some are saying that this change is a result of the lobbying efforts of payers. But what if CMS was actually kinder to MA because the model has proven to work so well?

Popular across the healthcare ecosystem, the MA program caters to consumers, primary care doctors and payers, while delivering superior results for today’s society as opposed to a fee-for service program. Specifically with MA, consumers often get the benefits of high-end Medicare Supplement for zero premium, primary care doctors have the opportunity to increase their income significantly in a good Medicare Advantage risk-sharing contract, while payers have the chance to reap substantial profits or surplus for managing chronically ill populations.

In my view, MA is the only national program that engages payers, providers and consumers to support all three elements of the Triple Aim. It does so by means of a consistent set of value-based economic incentives and closed-loop information flows that reduce cost, increase quality and improve the patient experience. 

How are payers and providers able to be so successful in MA? First, payers must ensure that quality care is delivered through their network. To do so, they have to offer contracts to providers that reward the proactive management of the chronically ill. Successful payers also share significant population health information and support functions with providers who can’t afford their own population health infrastructure. Finally, payer success must be renewed each year by meeting the challenging set of Star Rating metrics that ratchet up each season to advance the clinical quality agenda.

In addition to meeting metrics, payers must also deliver a superior consumer experience, and that’s where consumer feedback comes in. Consumers are interviewed directly without the involvement of payers or providers through the Consumer Assessment of Healthcare Providers and Systems (CAHPS) survey process. This annual survey requires that payers and providers communicate well with members and engage them in real conversations. Bad feedback on support impacts both CAHPS and Star ratings.

As a result of payers’ successes in MA contracts, providers can also reap these benefits financially and through the job satisfaction that comes from the ability to spend more time with patients – which is the very reason they became doctors in the first place. Moreover, on a national level, the tasks required of providers in MA programs are increasingly central to the new U.S. healthcare model: prospective health status assessments, care planning, coordination of care and honest end-of-life dialogue.

Despite these many benefits, MA does have its critics. Some are ideologically opposed to private insurers being part of Medicare and others are concerned that insurers can game the system, for example, by inflating Hierarchical Condition Category codes illegally. Although this concern is valid, CMS has every regulation, incentive and resource needed to strongly enforce the law.

Given this criticism, Meaningful Use (MU) has often been portrayed as a tool for driving reform, especially given its vast funding by the HITECH Act and emergence of hundreds of electronic health record vendors over the last few years. Compared to MA, however, MU lacks the structural mechanisms necessary to drive reform. First, MU success depends on HITECH funding and its power declines as HITECH expires. More importantly, since MU’s power does not derive from the inherent economics of accountable care, it fails to motivate both payers and consumers who both play a role in sustainable reform.

According to Farzad Mostashari, MD, former national coordinator at ONC and currently the founder of Aledade, consumer demand is the key to driving reform and interoperability. In our view, hospital-based delivery systems do not have a deep history of consumer engagement and proactive health, while EHR vendors have little motivation or experience connecting directly with consumers. Therefore, both hospital-based delivery systems and EHR vendors targeted by MU are not equipped to influence consumer behavior. On the other hand, MA payers have the budget and the motivation to market directly to consumers while also influencing their behaviors.

For example, when it comes to the electronic delivery of discharge information to patients, MU attempts to impose, on both hospital systems and EHR vendors, a percentage of patients for whom such delivery is enabled. However, most hospitals report zero consumer demand and are excluded from the requirement as a result. If this goal was in place for MA Star Ratings criteria, payers would put the goal into their provider contracts, pay for the technology to deliver it and market the benefits to MA members and their caregivers.

With CMS’ improvement of the MA program incrementally across the Clinton, Bush and Obama administrations, MA has become the most powerful instrument we can use to drive national healthcare reform. The program reflects the true economic underpinnings of the Triple Aim, and through its Star Rating system, provides an engine to enable the entire industry to become the “learning system” that ONC’s Interoperability Roadmap has envisioned. All the players in the healthcare ecosystem – payers, clinicians, vendors as well as academic, clinical and policy leaders – need to leverage the power of MA as a reform tool that is sharp, proven, sustainable and continuously improving. This is the future.

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/blog/why-medicare-advantage-more-potent-meaningful-use-driving-reform

Bookmark and Share

HHS To Collect Health IT Data on Health Center Controlled Networks

July 28, 2015 in News

Last week, HHS’ Health Resources and Service Administration revealed plans to collect information on health center controlled networks’ progress with data sharing and the adoption of electronic health records, FierceEMR reports.

Details of the Announcement

In a request for comment published in the Federal Register, HRSA said it wants to ensure health center controlled networks effectively implement health IT to help providers achieve meaningful use of EHRs. Under the 2009 economic stimulus package, providers who demonstrate meaningful use of certified EHRs can qualify for Medicaid and Medicare incentive payments (Durben Hirsch, FierceEMR, 7/22).

Specifically, HRSA said it plans to collect annual progress reports to determine participants in the Health Center Controlled Networks program are meeting key goals, such as:

  • Adopting quality improvement strategies, such as health information exchange;
  • Providing ongoing support for achieving meaningful use; and
  • Sharing knowledge, resources and data (Federal Register, 7/22).

In addition, HRHS said it will use the information collected to “inform new technical assistance needs” and evaluate how meaningful use funding is progressing.

HRSA is seeking public comment until Sept. 21 and then will submit a request to the Office of Management and Budget (FierceEMR, 7/22).

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/c0okamXhbx8/hhs-to-collect-health-it-data-on-health-center-controlled-networks

Bookmark and Share

NIST releases first-ever mobile device security guidelines

July 28, 2015 in Medical Technology

If you’ve been looking for any set of official guidelines for mobile device security or best practices on keeping medical data safe, there’s finally some serious movement on that front – a standards handbook with reams of valuable insight on the topic.

The National Institute of Standards and Technology, the federal agency charged with developing tech standards, has unveiled its long-awaited mobile security guide, specifically written for safeguarding medical data.

The handbook – see below – currently in draft form is awaiting public comment. It offers healthcare organizations insight on how to bolster mHealth cybersecurity via open-source or commercial tools.

Securing Electronic Records on Mobile Devices, NIST officials point out, provides health IT professionals with “detailed architecture so that they can copy or recreate with different but similar technologies, the security characteristics of the guide.” The guide also outlines NIST standards, best practices and other regulations to adhere to, such as HIPAA.

Among the myriad reasons for compiling such a guide, NIST officials point to a 2012 HHS roundtable on mobile devices, where participants underscored that “many healthcare providers are using mobile devices in healthcare delivery before they have appropriate privacy and security protections in place.”

In fact, 90 percent of healthcare providers are currently utilizing mobile devices within their organizations.

“We know from working with them that healthcare organizations want to protect their clients’ personal information and themselves from the high costs associated with breaches,” said Donna Dodson, director of NIST’s National Cybersecurity Center of Excellence, in a statement. “This guide can be an important tool among the many they use to reduce risk.”

Included in the 82-page how-to guide, there’s Bind DNS and DNSE installation and hardening tips step-by-step instructions and requirements, etc. There’s Access Point advice, IPTables firewall how-tos. The guide also details back system best practices, configuration management specifications – including Puppet, production Web server, etc. It underlines intrusion detection systems, certification authority, host and mobile devices security, MDM enrollment and has an entire section on governance, risk and compliance.

NIST officials describe the new guidelines as including a “virtual environment that simulates interaction among mobile devices and an electronic health record system supported by the IT infrastructure of a medical organization.”

In addition to the how-to handbook, the new NIST guidelines include a 16-page manual on relevant mobile device standards and controls mapping, specifically written for the healthcare industry. For each related technology, for instance, say key management, there’s a corresponding table of applicable standards and links to the standards.

The final piece of the guidelines delineates risk assessment and outcomes, based on the business workflow of a typical EHR user. 

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/nist-releases-first-ever-mobile-device-security-guidelines

Bookmark and Share

ONC Announces $38M in Grants To Bolster Use of Health IT

July 28, 2015 in News

On Tuesday, the Office of the National Coordinator for Health IT announced three new grant programs that awarded a total of $38 million to 20 entities to advance the use of health IT, FierceHealthIT reports. 

Details of Grant Programs

The first grant program — called the Advance Interoperable Health Information Technology Services to Support Health Information Exchange — focuses on expanding the adoption of health information exchange technology, tools and services. The two-year cooperative agreement program dispersed a total of $29.6 million among 12 “states or state-designated entities,” including the:

  • Arkansas Office of Health Information Technology;
  • California Emergency Medical Services Authority;
  • Colorado Department of Health Care Policy and Financing;
  • Delaware Health Information Network;
  • Illinois Health Information Exchange Authority;
  • Nebraska Department of Administrative Services;
  • New Hampshire Health Information Organization Corporation;
  • New Jersey Innovation Institute;
  • Oregon Health Authority;
  • Rhode Island Quality Institute;
  • South Carolina Health Information Partners; and
  • Utah Health Information Network.

The second grant program — called the Community Health Peer Learning Program — awarded $2.2 million to health services research organization AcademyHealth over two years to help identify best health IT practices for population health management in 15 communities (Bowman, FierceHealthIT, 7/28).

The third program — called the Workforce Training Program — provided $6.7 million to seven entities over two years to bolster workforce training by updating materials and ensuring “incumbent health care workers” are using health IT tools across various settings.  The grant recipients include:

  • Bellevue College in Bellevue, Washington;
  • Columbia University;
  • Johns Hopkins University;
  • Normandale Community College in Bloomington, Minnesota;
  • Oregon Health Science University;
  • The University of Alabama at Birmingham; and
  • The University of Texas Health Science in Houston (HHS release, 7/28).
Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/v23n7aru6Tk/onc-announces-38m-in-grants-to-bolster-use-of-health-it

Bookmark and Share