using technology to bridge the communication gap in the...
TRANSCRIPT
Using Technology to Bridge the
Communication Gap in the Treatment Team
‣ HIPAA HIPAA HIPAA
‣ Using ReliaTrax for Communication Solutions
‣ Discussion between Treatment, Probation, and ReliaTrax
Sharon Sanders, MS, LPC, LPC-S, LSOTP, NCC
The Grey Matters Group- Clinical Director
Jennifer Saenz, Officer
Brazoria County Community Supervision and Corrections Department
James Hinderks, PhD
ReliaTrax CTO
Wendy Biesemeier, MS
ReliaTrax Director of Operations
What is HIPAA?
President Clinton signed HIPAA into law on
August 21, 1996
Portability part of the law that insured that anemployee could obtain health insurance if they changed jobs
Accountability identifies who, what, when and how specific health care activities and assigned specific job roles for accountability and compliance.
Hartley & Jones (2011)
Healthcare Insurance Portability and Accountability Act
Understanding HIPAA
Health Insurance Portability and Accountability Act
HIPPA COW
Each part of HIPAA is governed by different laws
1• Privacy Rule
2• Security Rule
3• Electronic Data
Exchange
Confidentiality, Integrity &
Availability
Confidentiality is the property that data or information is not made available or disclosed to unauthorized persons or processes
Integrity is the property that data or information has not been altered or destroyed in an unauthorized manner
Availability is the property that data or information is accessible and usable upon demand by an authorized person
Who Must Participate?
► Covered Entities► Doctors, Hospitals, Providers,
Treatment Centers, etc.► All persons on staff
► Business Associates► Any contractor with access to PHI► EHR► Testing Labs► Accountant / bookkeeper► Billing service
► Patients / Clients► Privacy Statements / ROIs
Business Associate Agreement (BAA)
Covered Entities are required to have a BAA in place with each company that has access to your PHI
1. What must be done in case of a data breach2. Client data ownership3. Requirements on subcontractors (they must execute a BAA with the BA)
Types of Breaches?
• unintended data disclosure – 41%•malware and hacking – 19%•malicious insider – 15%• physical loss of a device or drive – 8%•miscellaneous – 17%
All HIPAA settlement information from HHS website.
NewYork-Presbyterian Hospital and Columbia University (New York City)May 2014Deactivation of a network server resulted in the protected health information of more than 6,800 individuals being accessible online.$4.8 million HIPAA fine
Cignet Health (Temple Hills, Md.)February 2011Cignet violated patients' rights by denying them access to their medical records following requests to obtain them.$4.3 million HIPAA fine
Stanford Hospital & Clinics (California)March 2014Data from 20,000 patient records was found posted online.$4 million settlement
AvMed (Gainesville, Fla.)March 2014More than 1 million patient records, including Social Security numbers, were compromised following the theft of two unencrypted laptops.$3 million settlement
CVS Pharmacy (Woonsocket, R.I.)January 2009CVS retail pharmacy chains disposed of protected health information in dumpsters.$2.25 million HIPAA fine
Alaska HHS (Anchorage)June 2012A portable storage device containing electronic patient data was stolen from an HHS employee.$1.7 million HIPAA fine
Concentra Health Services (Addison, Texas)April 2014An unencrypted laptop containing patient data was stolen.$1.7 million HIPAA fine
WellPoint (Indianapolis)July 2013Company was found to not have technical safeguards in place to verify the entities accessing its database of protected health information.$1.7 million HIPAA fine
Affinity Health Plan (New York City)August 2013Company returned photocopy machines to a leasing agent without wiping the data of more than 344,500 individuals stored on the machine.$1.2 million HIPAA fine
General Hospital Corp./Massachusetts General Physicians Organization (Boston)February 2011The organization lost the protected health information of 192 patients.$1 million HIPAA fine
UCLA Health (Los Angeles)July 2011Complaints were filed against UCLA Health that from 2005-2008, unauthorized employees repeatedly accessed the protected health information of patients.$865,000 HIPAA fine
Parkview (Ill.) Health SystemJune 2014Medical records pertaining to up to 8,000 patients were left unattended and accessible in a physician's driveway.$800,000 HIPAA fine
Make sure
its not
you!
Most security breaches are caused by user error, not malicious hackers lurking on the Internet
Lost laptops, misaddressed emails, or divulged passwords
Easily mitigated if your files are encrypted and stored in the cloud
Hackers won’t get at secure information and neither will the guy who found your iPad at the airport
By now you know that HIPAA
stands for
Healthcare
In
Pain
And
Agony (again)
Its not hopeless!
A full-featured EHR / practice management system
Designed from the ground up for mandated treatment
Feed back from Treatment and their referral sources
ReliaTrax
ReliaTrax servers are hosted at a HIPAA compliant data center.
Risk Analysis, Disaster Recovery and Breach Notification plans
are in place.
Access to all ePHI is restricted and requires password access.
ReliaTrax passwords are required to be strong and to change
every 6 months.
Workstation access to ReliaTrax is automatically terminated
after a period of inactivity.
Audit procedures are in place to record and examine access to
client records.
Security Officer conducts company wide security awareness
training monthly.
Compliance Helper
ReliaTrax Takes Security Seriously
Software is hosted on 100% uptime servers.
Servers are behind a private firewall with 2 factor VPN access.
Malicious software detection is in place on all servers with
updates applied regularly.
Operating System patch management occurs regularly.
Private database for each customer
This is not a server in someone’s garage!
ReliaTrax Servers
All data at rest and in motion is encrypted.
All database data is backed up hourly.
Operating System and database data daily backups are stored
offsite.
In addition, we have a fully redundant server in a physically
separate location (Indianapolis, IN) which is mirrored in real
time from the main server. In the event of a major disaster we
can failover to this backup server within 4 hours.
Data Security / Disaster Recovery
HTTPS encrypted connection
Monitoring for logins from foreign countries
Strong passwords
Passwords must be changed periodically
Automatic logouts after inactivity
User-specific permissions
Administrator
Counselor
Receptionist
Accountant
Probation / Parole
ReliaTrax Security
Full EHR Solutions
Scheduling,
Billing
Activity tracking
Offense-specific tools
Integrated with The LOOK
SOTIPS, VASOR-2, DVRNA
Tools for Collaborative Care
Shared documents
Real time access
Two-way communication tools
Online referrals
ReliaTrax: A Better Solution
Keep calm and counsel on!Using ReliaTrax to manage the communication
needs of mandated treatment
At a glance client
compliance information
Real time access to
attendance, drug testing
and Polygraph info
Automated Compliance
alerts
At A glance measurable
outcome reporting
Shared documents
Create and send documents to the rest of the treatment team for feed back
Progress Reports
Assessments
Treatment Recommendations
Treatment Team Comments
Shared documents
Upload and send documents to the rest of the treatment team for feed back
Agree with Safety Plan, client may visit family
Please ensure supervision training is
completed
SAFETY PLANS
TREATMENT PLANS
CLIENT PROJECTS
COLLATERAL INFORMATION
Referrals
Online referral tool
Services Listing
Searchable map
“Ticket to Treatment”
Two way-communication
toolsEliminate phone tag- receive short messages client specific messages
Offense Specific
Assessment Tools
SOTIPS
VASOR-2
LOOK
DVRNA
Discussion Panel
Sharon Sanders, MS, LPC, LPC-S, LSOTP, NCC
The Grey Matters Group- Clinical Director
Jennifer Saenz, Officer
Brazoria County Community Supervision and Corrections Department
James Hinderks, PhD
ReliaTrax CTO
Wendy Biesemeier, MS
ReliaTrax Director of Operations
Discussion Topics
What are the benefits of maintaining quality
communication between the entire treatment
team?
What do you see as some of the hardest
challenges in maintaining this communication?
How did you manage it before using ReliaTrax?
How has ReliaTrax helped?
833-222-0062
www.ReliaTrax.com