HIPAA Compliance & Security Certification Training, Orlando, FL, Dec 7-10

NEWPORT BEACH, CALIFORNIA, USA – November 17, 2010

ecfirst, home of the HIPAA Academy, will be delivering two gold standard certification classes this coming December 2010, in Orlando, FL.  The Certified HIPAA Professional (CHP) and Certified Security Compliance Specialist (CSCS) classes will be instructor-led, public training deliveries (each class, respective two-day deliveries, to be held over the dates of December 7^th, 8^th, 9^th and 10^th). This curriculum has been utilized to address regulatory compliance and security training initiatives by organizations such as; Hewlett Packard, IBM, Microsoft, Cerner, Ascension Health and Kaiser Permanente just to name a few. Ask about the special iPad promotion offer.

Certified HIPAA Professional (CHP) – http://ecfirst.biz/cehiprc.html, Dec 7-8, 2010

The Health Insurance Portability and Accountability Act (HIPAA) is about insurance portability, fraud, and administrative simplification. In this delivery, we examine basics of the Administrative Simplification portion of the HIPAA legislation. In addition to examining HIPAA Transactions and Code Sets, Identifiers, Privacy and Security; the changes for all organizations that have access to Protected Health Information (PHI) due to the HITECH Act for Business Associates and Breach Notification requirements.  The CHP Program delves into the Meaningful Use requirements; so this is a full curriculum that brings everyone up to date on what is expected of organizations going forward.

“De-mystify HIPAA with this course! There is nothing to fear here, it really does have everyone’s best interest in mind.”
Jeff Hatzinger, The Joint Commission

Certified Security Compliance Specialist (CSCS) – http://ecfirst.biz/cscs.html, Dec 9-10, 2010

The CSCS^TM Program is the first and only program in the world that provides a comprehensive treatment of major information security regulations and standards.  The CSCS^TM credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulation. This takes the rules and regulations of HIPAA and compares it to other more regulations that have more clearly defined controls FISMA, ISO 27000 (ISO 27001/27002), PCI DSS, NIST Standards, business continuity and state regulations.

“Good information on many regulations. Tied different regulations together. Very nice job!”
Jeff Poole, Torchmark Corporation

About ecfirst

ecfirst, an Inc. 500 business in the first year of eligibility (2004), has served over 1,600 clients worldwide with addressing compliance and security initiatives.  ecfirst delivers deep expertise with its full suite of services that include; Compliance Auditing, Contingency Planning & Business Impact Analysis (BIA), Vulnerability Assessments and our industry-unique Managed Compliance Services Program (MCSP) amongst other services and products.. The HIPAA Academy – a division of ecfirst – is the gold standard for HIPAA and HITECH training and certification.  http://www.ecfirst.com/.

For more information regarding this event or ecfirst product/services

Audra Curtis  515.453.8247 x16 or email audra.curtis@ecfirst.com. Ask her about the free iPad promotion. Special pricing for early registration. Get certified and get an iPad!

Institute for Health Technology Transformation publishes EHR Landscape Report

The Institute for Health Technology Transformation’s EHR Landscape Report for 2010 takes an in-depth look at the emerging electronic health records landscape.

The report discusses in particular the resiliency of the healthcare information technology space during the most recent financial crisis, both in terms of issuance of public equity and merger and acquisition activity.

The report can be downloaded directly by visiting the Institute for Health Technology Transformation’s Download Center at http://ihealthtran.com/downloadcenter.html

Interested in this and other iHT2 content? Become an Institute for Health Technology Transformation subscriber today! Visit www.ihealthtran.com to learn more.

Part 1: Exploring the impact of HL7 standards integration

Q&A on HL7 with Eliot Muir, president, iNTERFACEWARE

1. What do you see as the biggest challenges associated with HL7 integration?

HL7 standards are a set of loosely defined standards. Unlike some standards that enforce strict guidelines, HL7 standards were designed to find a quick solution to healthcare integration woes. As a result, there are many different versions and aspects of HL7 floating around and interfacing between disparate systems can be extremely difficult.

Additionally, various parts of the standard are ambiguous at best and include a significant amount of optionality. This leads to different vendors making their own interpretations. As a result, one of the main challenges of integration is simply being nimble enough to adapt to these various interpretations.

2. What are the key drivers for the adoption of and consistent use of HL7 standards?

HL7 standards are the most widely deployed standards across the healthcare industry. They have successfully eliminated the headache of custom interface programming on the part of both the sending and receiving application vendors. HL7 standards have been around long enough to be tried and tested for creating interfaces. They have helped the healthcare industry reduce costs by outlining best practices for processes such as collection of patient attributes or a standard set of interesting events.

3. What best practices should hospitals and healthcare providers adopt to ensure they meet healthcare standards such as HL7?

1) Do the simplest translation possible.

The shortest distance between any two points is a straight line.  The same principle is true for integration.  When integrating two systems, there’s much less risk of lost or mis-translated information if you keep the translation in the same language.

For instance, if you’re tasked with translating some text from Quebecois French to Parisian French, it doesn’t make any sense to translate it into English first.  The same rule applies for HL7

Approximately, more than 90 percent of interfaces require transforming or translating one version of HL7 v2.x into a different version of HL7 v2.x.  HL7 v3 is XML based and a complete rewrite of the standard.  As a result, it is time-consuming and cumbersome to integrate systems by translating from HL7 v2.x into XML based systems and then back into a different dialect of HL7 v2.x.  This should be avoided if the goal is for a cost-effective timely integration.

2) Use tools with good visibility into the transactions

Integration is always a moving target.  Vendors make minor alterations to their products regularly. These changes often alter their interfaces in terms of what data they send/receive or how it’s formatted.  When looking for an integration solution, it’s important to make sure there is clear visibility around the transactions.  As you go live with your interface, it will save time and money if your support team can quickly look up all the transactions into and out of your system

3) Work from real data, not the standard.

Integration is a real-world problem, not a theoretical one.  Many of the core systems at hospitals were built more than a decade ago.   These systems are in place because they work and meet the operational needs of healthcare providers not because they strictly adhere to the standards.  As discussed earlier, the shortest and the most accurate path to interoperability provides the most flexibility for optimal real world interfacing.

Some of the common descriptions for HL7 include:  “HL7 is a non-standard, standard” or “HL7 is a great standard, everyone has one.”  This has led to lenient adoption of the standard. Therefore, it is important to be flexible and be able to work with existing data and interfaces, rather than build specific interfaces that can only work with the standard.

4. What’s different about HL7 version 3? How can healthcare providers prepare for the updated standards?

HL7 Version 2 was developed with the goal of standardizing and reducing the costs of building interfaces in healthcare. To expedite the adoption of these standards and to increase the number of users, clinical interface specialists and vendors tried to incorporate data fields and interface frameworks already in use. As a result, Version 2 was a set of loosely defined standards built in an ad hoc fashion but easy to conform to. Version 3 (V3) on the other hand was developed with a more ambitious goal of attempting to make a complete data model framework to try and achieve consistency across the whole message set. Additionally, V3 is XML based and therefore each message is significantly larger by one or two orders of magnitude compared with V2.

We’re still very much at the early adopter phase for V3 standards. Other than at the government level there really has not been much penetration of V3 standards into clinical environments.

iNTERFACEWARE is a software provider committed to simplifying HL7 integration. More information about iNTERFACEWARE, can be found at: http://www.interfaceware.com/.

iHT2 exclusive interview: The impact of CMS’ becoming a value based purchaser on health IT

 “It’s about really trying to improve the care that is delivered, and the outcomes of health that our beneficiaries receive.”- Dr. Betsy Thompson, CMO, Region IX, Centers for Medicare and Medicaid Services

Listen in on this 10 minute discussion previewing Dr. Betsy Thompson’s keynote presentation at the Fall Health IT Summit as she discusses how the largest payer is striving to evolve to a value purchaser rather than a passive payer, and how HITECH initiatives and working with REC’s can be a simple process to improve care and outcomes. 

Click Here to View this Exclusive Interview

Interested in this interview and other health IT content? Become an Institute for Health Technology Transformation subscriber today! Visit www.ihealthtran.com to learn more.

ecfirst Webcast 11/10: Standards to address HIPAA, HITECH and state security mandates

An Exclusive ecfirst Signature Webcast 11/10:

NEWPORT BEACH, CALIFORNIA, USA – November 10, 2010: Organizations are increasingly considering applying the ISO 27000 international security standards, NIST and PCI DSS Standards to comply with various U.S. federal (e.g. HIPAA, HITECH Data Breach and Meaningful Use) and state regulations (CA, MA, others).

The ISO 27000 is a global standard that provides a comprehensive framework that organizations can adopt to address compliance requirements and establish a resilient information infrastructure. NIST Standards provide a terrific opportunity for businesses to establish their policies, plans and procedures for security capabilities and controls. ISO 27000, NIST & PCI Standards provide best practice recommendations on information security management, risks and controls within the context of an overall enterprise compliance and security program.

Examine how to apply the ISO 27000, NIST and PCI DSS Standards to address critical federal and state privacy and security requirements.

Learning Objectives:

In this session, you will learn about:

• The ISO 27000 global information security standard and its application to compliance mandates
• The NIST Special Publication guidance and standard publication critical to address incident management, contingency planning and other regulatory requirements
• State regulations for privacy and security, with emphasis on California and Massachusetts, and the application of ISO 27000, NIST & PCI DSS to address critical requirements
• Getting started with a checklist to establish the foundation for a comprehensive information security program to address HITECH and HIPAA mandates for data breach management and Meaningful Use (risk analysis)

About Speaker:

Ali Pabrai, chief executive of ecfirst is a highly sought after information security and compliance expert. He is also author of the executive brief Cyber Security Strategy: The 4 Laws of Information Security. Pabrai was the first to launch a program focused on global information security regulations, the Certified Security Compliance Specialist^TM (CSCS^TM) program. The CSCS^TM program addresses PCI DSS, FISMA, ISO 27000, FISMA and other security regulations and standards.

Mr. Pabrai’s clients have included hundreds of hospitals, payer organizations, long term care facilities, Microsoft, HP, Symantec, Kemin, Ernst&Young, Elkay, Intuit, Pella, Principal Financial, U.S. Department of Veteran Affairs, as well as numerous federal, state and county governments.

Register Today:

Webcast Date: November 10, 2010 @ 11 am central. Register @ www.ecfirst.com.

For more information, please contact: John Schelewitz– John.Schelewitz@ecfirst.com — 480.663.3225

Planning for EHR Adoption Summit: Boston, MA — Nov. 4

Accelerating EHR Adoption – A FREE, one-day interactive seminar

Presented by: SearchHealthIT.com

Thursday, Nov. 4, 2010 * 8:00 AM – 3:30 PM * Boston Marriott-Newton, Newton, MA

Offering first-hand expertise from some of today’s top health IT practitioners, attend SearchHealthIT.com’s complementary, interactive seminar on Nov. 4, where you will:

• EXAMINE SOLUTIONS through organizational case studies of excellence, featuring Fallon Clinic, Atrius Health, Physicians’ Clinic of Iowa, Brigham and Women’s, and more!
• FIND ANSWERS to your toughest EHR integration questions and hear lessons learned and tools for success
• NETWORK AND ENGAGE one-on-one with our expert speaking faculty and contributing industry experts 
• HEAR FROM PROVIDERS who have “been there, done that”
• GARNER INSIGHT from association leaders on federal mandates and future implications

Learn about the latest updates in the EHR technology landscape and walk away with practical advice on:

·         10 keys to a successful EHR install and adoption

·         Privacy and security safeguards and HIPAA compliance strategies

·         Methods to streamline your service lines

·         How to assess the effect of EHR on workflows

·         Quality measurement and reporting strategies

·         Frameworks for EHR success from industry practitioners

·         Virtualization options to meet changing storage requirements

·         Techniques to enable health information exchange within your walls and outside

·         And much more!

For more information, including registration, speaker bios and more, visit the seminar Web site or call Steven Hart at (617) 431-9711: http://events.techtarget.com/EHR/?Offer=CommunityBlog   

REC Resource Chart: The “Who’s Who” in Regional Extension Centers

Updated- 10/6/10

As part of the American Recovery and Reinvestment Act of 2009 (ARRA), signed into law in February of 2009, President Obama enacted the Health Information Technology for Economic and Clinical Health Act (HITECH Act). The primary goal of the HITECH Act is to advance the adoption and meaningful use of health information technology and health data exchange, with the overarching objective being to expand the continuum of care, improve patient outcomes and overall drive quality of care up, and cost of care down.

Also included in the HITECH Act is the Health Information Technology Extension Program, which established the creation of Regional Extension Centers (RECs), designed to successfully move providers though the process of electronic health record (EHR) selection, installation, implementation and adoption. The main function of each REC is to provide both education and technical assistance to providers in specific geographic areas to accelerate health IT adoption and enable meaningful use of EHR systems.

To find the REC serving your area, please refer to the alphabetized list below:*

*You can learn more about the the Office of the National Coordinator for Health Information Technology’s Extension Program here.

HealthMart10: Focusing on achieving meaningful use

A message from Craig D. Schneider, Ph.D, Director of Healthcare Policy, Massachusetts Health Data Consortium: Don’t miss HealthMart10 on Oct. 5!

The American Recovery and Reinvestment Act of 2009 enabled the spending of $40 billion or so on health information technology.  Almost all of these funds will be in the form of additional payments to physicians and hospitals for implementing electronic health record systems, and the “meaningful use” of these systems.

While this is an exciting time for those of us in the HIT field, there are enormous challenges to realizing the government’s vision.  How do we inform providers about the funding and the meaningful use criteria?  How should clinicians choose an EHR vendor?  How do we re-design clinical practice workflows to maximize the value of the EHRs?  How do we add new technology without disrupting the physician-patient interaction, and in fact use the technology to make care more patient-centered?

Addressing these and other challenges will take a number of years.  A worthwhile place to start meeting the challenge is at HealthMart10, which is being hosted by the Massachusetts e-Health Institute (the Regional Extension Center for Massachusetts) and the Massachusetts Health Data Consortium.  This event will be held from 8:00 – 4:00 on Tuesday, October 5^th at the DCU Center in Worcester.

The HealthMart10 Conference and Trade Show:  How to Achieve Meaningful Use is free to members of the Massachusetts Medical Society, the Massachusetts Hospital Association, the League of Community Health Centers, and the Medical Group Management Association.  To receive complimentary admission, go to http://mahealthdata.org/Events?eventId=173080, select: Partner – MeHI, and enter the case sensitive code: HM10-maehi .  Readers of this post who do not fall into these categories may attend at the member rate of only $100 (a $75 discount).

This program will enable physicians to meet with 50 different health IT and other healthcare vendors, and to attend five of a possible 25 breakout sessions.  We encourage you to take advantage of this opportunity to hear how your organization can achieve meaningful use and qualify for the additional Medicare and Medicaid payments.

-Craig D. Schneider, Ph.D, Director of Healthcare Policy, Massachusetts Health Data Consortium

SearchHealthIT.com presents the ‘Accelerating EHR Adoption’ event series

Is your organization well on its way to achieving meaningful use? Get the knowledge you need from the people in the know at SearchHealthIT.com’s fall event series, Accelerating EHR Adoption.

By attending the first of this three-part, FREE event series on Sept. 14, you will hear how some of today’s leading physicians, hospitalists and industry practitioners are navigating the ever-changing health information technology landscape. Key provider stakeholders will present case studies of success and address mission-critical best practices for promoting compliance, achieving meaningful use and overall demystifying the EHR integration process.

Register for free today and learn how to:

• Select EHR technology that will get you to meaningful use.
• Rationalize and unify multiple EHR systems.
• Optimize the performance and scalability of your infrastructure.
• Improve EHR system accessibility with the latest Web portal technologies.
• Meet capacity and bandwidth requirements for PACs integration.
• Identify the pros and cons of vendor vs. open-source mobile apps.
• And much more!

View the agenda and session descriptions for this free virtual seminar — see below for additional information!

SearchHealthIT.com’s “Accelerating EHR Adoption” Event Series:

• Virtual Seminar: Part 1– Sept. 14
• Live Event- Nov. 4, Boston
• Virtual Seminar: Part 2- Dec. 2 (details coming soon!)

Q&A with the CIO of Preferred Health Partners

Answers below provided by Aman Bhasin, Chief Information Officer, Preferred Health Partners

Q.     Why must workflow analysis be a critical component of the EHR selection and adoption process?

• If the goal for your project is to make it easier for a physician to record the patients health information as well as make it easier for the physician or other care providers to access the information in the future, then it is imperative that the workflow not get disrupted.  The software should be an enabler and make your staff more productive and efficient.  If the workflow is disrupted, it will cause you to have less acceptance and more resistance towards the change and your project will be doomed before it begins.  It will also reduce the learning curve of your staff.  They (both clinical and non-clinical) have enough to learn in the new system and do not need the additional burden of learning new workflows.  Transparency is critical especially in the earlier stages. As you get more mature in your adaptation, you can always work on changing workflow using the tools that the EMR provides to you.

Q.     What are the biggest challenges you’ve faced as CIO of a multi-practice system over the past two years?

• There are many large challenges for a CIO as we are in a dynamic environment and technology in   healthcare is still in its infancy stages. Clearly one of the biggest challenges has been the acceptance of the system by physicians.  You need to understand that adoption is on a one time process – it is a cyclical one.  There are continuous changes in the technology, the physician comfort level with the system and the demand for enhancements.  There are forces that cause us to change the system which are not always clinically driven.  Sometimes it is a need from administration so we can better measure and report on metrics and other times it may be finance (coding, billing, etc).  Those reporting demands tend to require changes to the physician templates so we may better record data or better capture details of a patient visit.  This means that you need to have a good means of communication to your users for changes in the system along with a continual training program.

Q.     What are your top recommendations for providers as they continue their journeys toward achieving meaningful use?

• Understand the requirements and have a strategic plan for all stages, not just the first.
• Try to make changes to your system that will benefit your practice in the long run overall – not just meaningful use dollars as they will run out!
• Review your community connect strategy – you are basing the sharing of patient information to your RHIO or HIE – do they have a long term financial model? What will you do if they are not around in 4 years?
• How many external parties do you refer to or connect to for data exchange? Are you equipped to develop or may for dozens of interfaces or are you better off going with a broker.