October 29, 2012
If health information exchanges (HIEs) are the key ingredient to participating in collaborative and coordinated care models, then what does it take to have success with HIEs? The answer, according to our panel of experts at this year’s OPEN MINDS Technology & Informatics Institute, has two elements. First, consumer (and professional) trust is one key. The second is related to the first – to have trust among consumers and professionals, your organization needs “breach resistant” technology.
This was the theme of the discussion, Electronic Health Records & Health Information Exchanges: How To Secure Your System In An Increasingly Connected World. The panelists, Tim Timmons, Corporate Integrity Officer of Greater Oregon Behavioral Health, Inc., Cathy Pumphrey, Director of Informatics at Fairfax-Falls Church Community Services Board, Steve Chan, Information Security Officer, US Department of Veterans Affairs, and Lisette Wright, M.A., Senior Associate, OPEN MINDS, built the case for these parallel solutions.
Limit the risk of data breaches – The first of these two elements is the “breach-proofing” your systems – because trust comes with the perception of a solid system. Deciding how to keep personal health information (PHI) secure starts with the question, “Who owns the data? And, it is critical to have a qualified Information Security Professional (either on staff or hired as a consultant) who can guide the initial design of the system. The panelists discussed other key ways to keep PHI secure and prevent breaches:
Encrypt all computers, portable devices, storage media using technology that meets NIST FIPS 140-2 standards (for more info on that consult your IS expert)
Use VPN (Virtual Private Networking) when communicating between your remote computers and your corporate network
Use PKI (Public Key Infrastructure) for encryption of emails/documents and digital signatures
Avoid clicking links in emails (if you must, hover over with mouse first to ensure it’s the correct link)
Take the Federal Government mandated “Privacy and Information Security Awareness and Rules of Behavior” once a year or more frequently
After preparing to participate in HIEs, ensuring compliance and trust within the system, and taking steps to keep PHI secure, providers should do one additional thing when securing their systems in an increasingly connected world. “Think with your personal (not provider) hats on…How do you want your health care provided?” That’s what creates the “trust factor.”
Build client and inter-organizational relationships through integrity and trust – The key to having PHI data to exchange starts with the consumer – if they lack trust in the exchange of electronic information due to perceived or actual risks to their PHI, they may be unwilling to consent to participation in the HIE exchange. This leads to holes in the “big data” that everyone is talking about – from missing information in individual records to missing data for “big data” research.
There are lots of strategic plans dependent on a robust information exchange – which makes this recipe for success a critical one. We’ll keep you up to date on best practices in how to move HIE from concept to competitive advantage.
Monica E. Oss
Chief Executive Officer, OPEN MINDS
For another free resource, see: 10 Tips For Avoiding Privacy Breaches—And Penalties all members
This is free for the next sixty days to all registered OPEN MINDS Circle members.