8/28/13 1

ACO – Accountable Care Organizations Cooperative Healthcare Requires Cooperative Security “It’s a Team Sport.”

Robby Gulri VP, Product Marketing gulri@echoworx.com  

855.85HIPAA  www.compliancygroup.com  

Industry  leading  Educa1on  

Cer1fied  Partner  Program    

•  Please  ask  ques1ons  •  For  todays  Slides  h#p://compliancy-­‐group.com/slides023/  •  Todays  &  Past  webinars  go  to:  h#p://compliancy-­‐group.com/webinar/  

#CGwebinar  

Real Stats in the Field

8/28/13 3

ACO – Accountable Care Organizations Definition

•  Accountable Care Organizations (ACOs) are groups of doctors, hospitals, and other health care providers, who come together voluntarily to give coordinated high quality care to their Medicare patients

•  Goal of coordinated care is to ensure that patients get the right care at the right time, while avoiding unnecessary duplication of services and preventing medical errors

•  Share in the savings it achieves for the Medicare program

8/28/13 4

ACO Illustrated

8/28/13 5

Encryption requirements for ACOs

8/28/13 6

Requirements Scan, Encrypt or Block outbound email

•  Compliance (PHI, PAN, etc) •  Confidential or Sensitive

information Business Process Enablement for Efficiency

•  Replace paper based processes •  Loan applications, regulatory filings •  Medical records, insurance claims,

and information exchange Automated eDocument Delivery

•  Email distribution of documents containing private information

•  Bank, mortgage, credit card statements

•  Bills and invoices •  Insurance policies and claims

The Players within ACOs

•  Providers •  As networks of providers, ACOs are composed mostly of

hospitals, physicians, and other healthcare professionals.

•  Payers •  The federal government, in the form of Medicare, will be the

primary payer of an ACO •  Other payers include private insurances, or employer-

purchased insurance

•  Patients •  An ACO’s patient population will primarily consist of

Medicare beneficiaries

8/28/13 7

ACOs and Health Care IT

8/28/13 8

 Encryp1on,  Security  of  Data  at  Rest  and  in  Mo1on  

4 Essential Technologies for effective ACOs

•  HIEs (Healthcare Information Exchange) •  Portal •  Secure Email •  Push / Pull

•  Analytics •  Reporting •  Dashboards

•  Care Management applications •  Tele Medicine •  Remote Patient Monitoring

•  Encryption & Security Applications •  Document Encryption •  Email Encryption

8/28/13 9

Security Framework for ACOs

•  Secure, online environment which allows for controlled access to and sharing of data on a variety of levels between stakeholders

•  Access to aggregate cost and quality trends by governance and project teams

•  Secure repository for shared aggregate and detailed data

•  Sharing of patient-specific clinical data between responsible caregivers

8/28/13 10

Tools required for Secure Communications

8/28/13 11

Source:    AT&T  Compliance  Report  2013  

Push / Pull Support

8/28/13 12

Complying to HIPAA for ACOs

•  Becomes even more important as information is constantly being exchanged across multiple organizations and providers

•  More scrutiny and enforcement of HIPAA Omnibus

•  Encryption becomes an important compliance tool and weapon

8/28/13 13

HIPAA Encryption Requirements

•  Standard ~ “Transmission Security: Implement technical security measures to guard against unauthorized access to PHI that is being transmitted over an electronic communications network” 45 CFR 164.312 (e)(1)

•  Addressable Implementation Feature ~ “implement a mechanism to encrypt electronic protected health information whenever deemed appropriate” 45 CFR 164.312 (e)(2)(ii)

Email  containing  PHI  requires  Encryp1on  

Addressable Implementation of encryption is not optional

•  Addressable implementation features are not optional, they must be addressed; HCO must either: 1  Implement the feature   or 2  Document why it’s not “reasonable and

appropriate” to implement feature,   and implement an equivalent alternative measure

when “reasonable and appropriate”

Omnibus & Email Encryption

•  More enforcement with Omnibus •  Direct liability for both Covered

Entities and Business Associates •  More parties involved with

PHI exchange •  Breach Definition have changed

•  Breach is presumed and you have to prove “why breach didn’t occur…”

•  Increase Penalties for liability

8/28/13 16

Echoworx Snapshot

8/28/13 17

8/28/13 18

Thank you

Free  Demo  and  60  Day  Evaluation  www.compliancy-­‐group.com  

 

HIPAA  Hotline      855.85HIPAA  

855.854.4722  

  HIPAA  Compliance    HITECH  Attestation  

 Omnibus  Rule  Ready   Meaningful  Use  core  measure  15