Cooperative ACO's Must Lead to Cooperative Security Measures
1. 8/28/13 1
ACO – Accountable Care Organizations
Cooperative Healthcare Requires Cooperative Security
“It’s a Team Sport.”
Robby Gulri
VP, Product Marketing
gulri@echoworx.com
2. 855.85HIPAA
www.compliancygroup.com
Industry
leading
Educa1on
Cer1fied
Partner
Program
• Please
ask
ques1ons
• For
todays
Slides
h#p://compliancy-‐group.com/slides023/
• Todays
&
Past
webinars
go
to:
h#p://compliancy-‐group.com/webinar/
#CGwebinar
4. ACO – Accountable Care Organizations Definition
• Accountable Care Organizations
(ACOs) are groups of doctors,
hospitals, and other health care
providers, who come together
voluntarily to give coordinated high
quality care to their Medicare patients
• Goal of coordinated care is to ensure
that patients get the right care at the
right time, while avoiding unnecessary
duplication of services and preventing
medical errors
• Share in the savings it achieves for
the Medicare program
8/28/13 4
6. Encryption requirements for ACOs
8/28/13 6
Requirements
Scan, Encrypt or Block outbound email
• Compliance (PHI, PAN, etc)
• Confidential or Sensitive
information
Business Process Enablement for Efficiency
• Replace paper based processes
• Loan applications, regulatory filings
• Medical records, insurance claims,
and information exchange
Automated eDocument Delivery
• Email distribution of documents
containing private information
• Bank, mortgage, credit card
statements
• Bills and invoices
• Insurance policies and claims
7. The Players within ACOs
• Providers
• As networks of providers, ACOs are composed mostly of
hospitals, physicians, and other healthcare professionals.
• Payers
• The federal government, in the form of Medicare, will be the
primary payer of an ACO
• Other payers include private insurances, or employer-
purchased insurance
• Patients
• An ACO’s patient population will primarily consist of
Medicare beneficiaries
8/28/13 7
8. ACOs and Health Care IT
8/28/13 8
Encryp1on,
Security
of
Data
at
Rest
and
in
Mo1on
10. Security Framework for ACOs
• Secure, online environment which
allows for controlled access to and
sharing of data on a variety of
levels between stakeholders
• Access to aggregate cost and
quality trends by governance and
project teams
• Secure repository for shared
aggregate and detailed data
• Sharing of patient-specific clinical
data between responsible
caregivers
8/28/13 10
13. Complying to HIPAA for ACOs
• Becomes even more
important as information is
constantly being exchanged
across multiple organizations
and providers
• More scrutiny and
enforcement of HIPAA
Omnibus
• Encryption becomes an
important compliance tool and
weapon
8/28/13 13
14. HIPAA Encryption Requirements
• Standard ~
Transmission Security: Implement technical security
measures to guard against unauthorized access to
PHI that is being transmitted over an electronic
communications network
45 CFR 164.312 (e)(1)
• Addressable Implementation Feature ~
implement a mechanism to encrypt electronic
protected health information whenever deemed
appropriate
45 CFR 164.312 (e)(2)(ii)
Email
containing
PHI
requires
Encryp1on
15. Addressable Implementation of encryption is not optional
• Addressable implementation features are not
optional, they must be addressed; HCO must
either:
1 Implement the feature
or
2 Document why it’s not reasonable and
appropriate to implement feature,
and implement an equivalent alternative measure
when reasonable and appropriate
16. Omnibus & Email Encryption
• More enforcement with Omnibus
• Direct liability for both Covered
Entities and Business Associates
• More parties involved with
PHI exchange
• Breach Definition have changed
• Breach is presumed and you
have to prove “why breach
didn’t occur…”
• Increase Penalties for liability
8/28/13 16