| Featured Article
| This month's featured article is entitled Compliance with HITECH / HIPAA Privacy and Security: Biomedical Device Integration (BMDI)
Author: Deborah Leyva, RN, Clinical Solutions Executive for Nuvon, Inc.
After 17 years in technology, experience as a Registered Nurse, and now as Nuvon's Clinical Solutions Executive, Deborah turns her attention to uses of technology within the healthcare industry.
This article provides an overview of how medical devices, with secure interoperability to electronic health records (EHRs), enables compliance with HITECH's Meaningful Use Criteria.
It also describes how interoperability provides improvements in communication, care, patient safety, and efficiency. In addition, the article presents how interoperability provides rapid accessibility of patients' medical device data into an EHR, virtually eliminating potential errors from manual intervention.
In short, this article describes how medical device integration could improve ROI for an organization's EHR/HIT investment.
| HITECH Ready Business Associate Contract & Compliance Roadmaps now available in the HSG Store.
|Business Associate Agreement: a HITECH Ready Model Contract
The HIPAA regulations and the HITECH Act mandate that a CE establish a written contract with a BA in a number of instances, including whenever a BA "manages" PHI on behalf of a CE.
Our Model Contract includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links, where appropriate, to the relevant statutory/regulatory authority that underpins each Contract clause.
The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. It can be used, with minor modifications, out-of-the-box, or as an educational tool to draft a customized version.
The Security Rule Under HITECH:
a Business Associate Perspective
The most important step for building a "good SR compliance story" is for the business associate to get started. The approach recommended herein is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. Getting started in the wrong direction initially could be far more costly in the long run, since much of the compliance budget may simply be wasted. The framework discussed throughout this document provides a good road map to follow.
HIPAA Survival Guide Third Edition
The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.
| Join Our Mailing List
|Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter on the first business day of each month.
Also, if you are interested in "jumpstarting" your compliance efforts then check out the HSG Store. Also, If you need to compare EHR software offerings click here and if you need a HITECH compliant data backup checklist click here.
Finally, interested in reducing costs and delivering more value to your patients then check out Info-Surge's patient engagement portal.
| Dear Carlos,
Welcome to the August 2010 HITECH / HIPAA Compliance Newsletter. The featured article this month is entitled: "Compliance with HITECH / HIPAA Privacy and Security: Biomedical Device Integration (BMDI)." This article, by Deborah Leyva, RN, Clinical Solutions Executive, at Nuvon, Inc., presents an overview of the importance of medical device integration vis-a-vis EHR ROI, and the corresponding privacy and security challenges under HITECH.
As we have often stated, HITECH transforms HIPAA from a paper tiger into a regulatory scheme with real teeth (some might say fangs), and that makes all the difference in the world regarding medical device integration, as it does with respect to all EHR touch points. Not only are covered entities now subject to potentially onerous legal liability, most covered entities do not yet fully understand the scope of HITECH, and are therefore legally exposed without even a minimal understanding of the potential extent of same.
In short, your security implementation is only as good as its weakest link. Given the breadth of medical devices that will eventually integrate into an EHR, the privacy and security issues surrounding medical device integration must be considered up front, and not as an "oh by the way afterthought," to be bolted on after the fact. Covered entitles that take the latter approach will find that building a "good compliance story" is much more painful and expensive than it otherwise would be if a coherent approach is adopted early on.
We are now actively promoting what we believe to be is the best of breed HIPAA compliance tracking system ("CTS") on the market. We performed a significant amount of due diligence over the last couple of years and this is the one solution that is clearly ahead of the pack and economically priced to be within the reach of even the smallest covered entities and business associates. To see a demo of the product click here.
We are also pleased to announce the availability
of our Breach Notification Framework.
Section 13402 of the HITECH Act
requires that HIPAA covered entities and their business associates provide various notifications following a breach of unsecured protected health information. Our Breach Notification Framework
offers guidance for complying with HITECH's Breach Notification requirements.
Our EHR Library
remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility.
We continue to be excited regarding the marketplace feedback of our Business Associate Agreement: a HITECH Ready Model Contract (Buy Now
The HIPAA regulations
and the HITECH Act
mandate that a CE establish a written contract with a BA in a number of instances, including whenever a BA "manages" PHI
on behalf of a CE. Our Model Contract includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links, where appropriate, to the relevant statutory/regulatory authority that underpins each Contract clause.
Our Model Business Associate Contract, Roadmaps, and other offeringsare now available in the HSG Store
Want to stay updated throughout the month then follow Debbie on Twitter by clicking on the badge below. If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.
Become a Fan
Follow us on FaceBook by becoming a fan of the guide and support the HSG by purchasing some HSG Wearables. Also, be sure to check out our HITECH Videos.
HSG is now welcoming advertisersto help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers, both large and small, return to HSG again and again.
| Compliance with HITECH / HIPAA Privacy and Security: Biomedical Device Integration (BMDI)
The HITECH Act and its Meaningful Use criteria requirements has provided the incentive for many hospitals and facilities to start their migration from paper to electronic records. HITECH has disrupted the existing workflow of facilities and practices across America. However, the migration from paper to electronic records is only the first step in the journey, despite the fact that this initiative, standing alone, requires a significant effort for most healthcare organizations.
New Wave of Health Information Technology
The next wave of healthcare innovation spurred by Meaningful Use Criteria, will be to collect data from the multitude of devices at a patient's bedside and integrate this device data so that the patient's electronic record can be updated automatically, without manual input. The graphic above depicts an example of the "new wave of interoperability" between medical devices and an electronic health record (EHR). The real promise of an EHR (e.g. reduced costs and improved outcomes) is arguably critically dependent on medical device integration.
The Joint Commission calls this data interchange "the interrelationship between medical devices and HIT." The ability to reduce costs associated with manual entry, and eliminate the potential for human transcription error, is a significant step forward, not only for a hospital's bottom line, but it may also contribute to improved patient safety and care. Furthermore, it is expected that 2013 and 2015 Meaningful Use Criteria will require it.
What types of devices could be integrated?
| About Us
| We help companies safely and securely do business on the web, in accordance with applicable law. How? By helping them reduce risk. Privacy and security compliance issues are merely a subset of legal issues that online businesses face. This is equally true for eCommerce sites as it is for healthcare providers, facilities, and vendors.
We take a partnering and collaborative approach in our legal practice. If you would like to see specific topics covered in this newsletter then please let us know.
The Digital Business Law Group, P.A.