Weekly roundup: Breaches, HIE in the news
Breaches are back in the news this week with two more reported breaches impacting almost 3,000 patients in Miami and Sonoma, and Idaho State University (ISU) settling on a hefty $400,000 fine for its HIPAA violations.
The settlement comes after ISU’s Pocatello Family Medicine Clinic disabled server firewall protections for a period of at least 10 months, resulting in the breach of electronic protected health information (ePHI) for 17,500 patients.
The Office for Civil Rights (OCR) concluded that ISU did not apply proper security measures and policies to address risks to ePHI and did not have procedures for routine review of its information system in place, which could have detected the firewall breach much sooner.
To date, OCR has collected $15.3 million relating to HIPAA violations and settlements.
In related news, the Office of the National Coordinator for Health IT (ONC) has released guidelines to provide recommended policies and practices for health information service providers (HISPs), trust communities and accrediting bodies such as DirectTrust to enable providers to securely exchange patient information across geographic, organizational and vendor boundaries.
The Direct Implementation Guidelines for Assuring Security and Interoperability were developed due to ONC's concern that HISPs were not using a "common standard" and were "creating islands of automation." ONC encourages adoption of the guidelines and believes that voluntary adoption will help providers meet Stage 2 of the Meaningful Use program and provide care coordination.
ONC opted not to proceed with regulations mandating HIE governance, and instead provide voluntary support to entities working to improve interoperability. Patients and others have expressed concerns about the security of data being shared electronically.
Lastly, this week we reported on the American Health Information Management Association’s (AHIMA's) certified health data analyst credential which enables professionals to prove mastery in a broad range of data skills.
In 2008, a multiple stakeholder group identified the three domains of expertise required of a data analyst—data management, data analysis and data reporting—and listed related tasks necessary for proficiency. Once AHIMA completed the test writing process, the association administered the first exam in 2010.
“We saw a growing need for data analysts in provider organizations as well as other sectors,” said Lisa Brooks Taylor, RHIA, director of HIM practice excellence, of the credential’s roots. The health information management system is an integration point between clinical, business, legal and regulatory realms. “The health information management professional often is answering ad hoc questions for the executives, so it seemed a natural progression for a specialty certification,” she said.
How are jobs changing at your organization? Please share your experience.
Beth Walsh
Clinical Innovation + Technology editor
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.