25
Measures
1. CPOE for Medication Orders
2. Drug Interaction Checks – Drug-Drug/Allergy
3. Maintain Problem List
4. Permissible Prescriptions - ePrescribing
5. Active Medication List 6. Medication Allergy List 7. Record Demographics
8. Record Vital Signs
9. Record Smoking Status – 13 Years or Older
10. Clinical Quality Measures-CMS/States 11. Clinical Decision Support Rule (1)
12. Electronic Copy of Health Info.- Upon Request 3BD
13. Clinical Summaries – Each Office Visit – 3 BD
14. Electronic Exchange of Clinical Information
15. Protect Electronic Health Information
16. Drug Formulary Checks
17. Clinical Lab Test Results – Structured Data
18. Patient Lists
19. Patient Reminders – Per Patient Preference
20. Patient Electronic Access - Portal
21. Patient-specific Education Resources 22. Medication Reconciliation
23. Transition of Care Summary – Referrals
24. Immunization Registries Data Submission 25. Syndromic Surveillance Data Submission
CORE
Measure Number 15
Protect Electronic Health Information
Objective
Capability to exchange key clinical information (for example, problem
list, medication list, medication allergies, and diagnostic test results),
among providers of care and patient authorized entities electronically.
Measure
Conduct or review a security risk analysis in accordance with the
requirements under 45 CFR 164.308(a)(1) and implement security
updates as necessary and correct identified security deficiencies as part
of its risk management process.
Permits civil actions on behalf of patients
May enjoin the actions; and
Obtain damages not to exceed $25,000 annually
Attorneys fees may be recovered by State
The Risk
Healthcare practices are at significant risk of financial loss resulting from a
breach of patient information.
The Health Insurance Portability and Accountability Act (HIPAA), Health
Information Technology for Economic and Clinical Health Act (HITECH) and
Payment Card Industry Standards (PCI) all impose substantial fines and penalties on health care entities that disclose patient information.
Thieves target patients’ personal information (social security numbers, American
Express, Visa and MasterCard numbers, addresses, phone numbers, and drivers’ license numbers), along with patients’ confidential medical data.
Data breaches are not limited to outside hackers or burglars, many times even
trusted employees purposely or inadvertently allow patient data to be breached.
The U.S. Department of Health and Human Services (HHS) recently announced a
Minimal levels of Penalties based on Intent:
•
$100 - $25,000
Person did not know and would not have known
•
$1,000 - $100,000
Reasonable cause and not willful neglect
•
$10,000 - $250,000
Willful neglect
•
$50,000 -$1,500,000
The Risk
Human error remains the greatest threat to healthcare data security. In a survey conducted in 2012 by HIMSS*, 79% of respondents
reported that a security breach was perpetrated by an employee. Everyone from cafeteria workers to surgeons will come into contact with patient data and that they will do so in even more ways – from work computers, through paper records, via mobile devices and more – it becomes clear that evolving threats will always outpace even the
most thorough regulatory requirements,” said Brian Lapidus, senior vice president for Kroll Advisory Solutions in a press release dated April 11, 2012.
The Risk
In a press announcement dated April 24, 2012, Leon
Rodriguez, Director of OCR emphasized, “We hope that
health care providers pay careful attention to this resolution
agreement and understand that the HIPAA Privacy and
Security Rules have been in place for many years, and OCR
expects full compliance no matter the size of a covered
entity.” Small physician practices should take note that they
are not immune to OCR investigation.
The Risk – HIPAA Violations
Common ways a data breach can occur:
Backing up PHI and taking it home Office mail containing PHI
Employees being uneducated about the proper ways
to store and discard private information
Having unsupervised staff (i.e. cleaning crew or
maintenance) working after hours
Employees sharing stories about patient cases
The Program – HIPAA Safeguard
A web portal that serves as a compliance resource to effectively manage the
ever-changing landscape of HIPAA/HITECH and PCI.
Our no obligation risk assessment to detect vulnerabilities. Customer service center staffed by data security professionals.
Up to $100,000 of protection per healthcare practice for costs associated with
data breach of patient information covered under the program.
Protection for civil fines and penalties mandated by HIPAA/HITECH as relates
to the breach of protected health information.
Protection for PCI fines levied by the payment card brands (e.g. American
The Program – Data Privacy & Security
All HIPAA Safeguard Participants receive:
Access to web portal providing HIPAA and PCI privacy and security information and tools:
HIPAA security rule forms and policies
HIPAA privacy rule guidance, forms, policies
Sample agreements for covered entities and business associates PCI data security standards
Copyright © 2012. All Rights Reserved. Pristine Technology Solutions, Inc.
HIPAA Protection
For HIPAA violations resulting from a
data breach
, the program provides
the following protection per the terms and conditions:
Mandatory forensic investigation
Crisis management (notification to victims, identity monitoring)
Civil fines and penalties
HIPAA
data breach
includes:
Theft of electronic patient files
Physical theft of patient files
Accidental release of patient information
Employee theft of patient files or related information
Malicious software attacks
The Program - HIPAA Protection
HIPAA and PCI-DSS Data Breach Program Limits
$100,000 aggregate limit of protection per healthcare practice
$25,000 sub-limit for crisis management (i.e. notification cost)
$5,000 annual aggregate deductible
(negotiable based on enrollment)
HIPAASafeguard is a product of RGS Ltd., LLC. and this information is intended to present a general overview for illustrative purposes only. It is not intended to constitute a binding contract . Please remember that only the relevant insurance policy can provide the actual terms, coverage's, amounts, conditions and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.
The Program – PCI DSS Breach Protection
PCI Protection
For Visa/MasterCard PCI violations resulting from a data breach: the program
provides the following protection per the terms and conditions:
Mandatory forensic investigation,
Assessments (such as card replacement costs) Fines and penalties imposed by Visa/MasterCard
Visa/MasterCard
data breach
includes:
Theft of electronic cardholder or check information.
Physical theft of cardholder or check information.
Employee theft of cardholder information.
The Program – Customer & Claim Support
Customer Support
Professional forensic auditors available by phone or email.
Available to answer questions about the program and your procedures.
Any questions related to the protection are answered by a licensed insurance
agent.
Claims Support
Reporting of breaches and claims can be done online or by phone.
Once the online form is completed, HIPAA Safeguard will contact the medical
About Royal Group Services (RGS)
RGS is a leader in delivering unique programs to protect healthcare providers,
banks, and merchants from data security risks associated with HIPAA, HITECH and the Payment Card Industry (PCI).
The RGS executive team has decades of experience in working to expand
business opportunities in both local and national perspectives. insurance,
healthcare and payment card industries. We pride ourselves in offering best in class products.
RGS has forged exclusive partnerships with some of the largest and most
respected organizations representing healthcare professionals and the electronic payments industry.
This RGS program is backed by our longtime partner, Chartis Insurance
Value Proposition
Service Cost Service Cost
Event (per provider) $1295 Protection (per practice) $49.99 per month Plane Ticket $500 Hotel $125 2 Days Work $3000
Time Working Process Priceless
Total for Seminar
$4,931
8 Years Protection$4,799
2 Providers $9,862 16 Years Protection $9,5982 Day Seminar HIPAA Safeguard Protection
Protection $100,000
Risk Assessment
Risk Assessment
Information Security Policy
Program Management & Support
Asset Management
Trustworthy Human Resources
Physical & Environmental Security
Information Technology Communications & Operations
Access Control
Systems & Application Development
Incident Response
