Using Technology to Bridge the

Communication Gap in the Treatment Team

‣ HIPAA HIPAA HIPAA

‣ Using ReliaTrax for Communication Solutions

‣ Discussion between Treatment, Probation, and ReliaTrax

Sharon Sanders, MS, LPC, LPC-S, LSOTP, NCC

The Grey Matters Group- Clinical Director

Jennifer Saenz, Officer

Brazoria County Community Supervision and Corrections Department

James Hinderks, PhD

ReliaTrax CTO

Wendy Biesemeier, MS

ReliaTrax Director of Operations

What is HIPAA?

President Clinton signed HIPAA into law on

August 21, 1996

Portability part of the law that insured that anemployee could obtain health insurance if they changed jobs

Accountability identifies who, what, when and how specific health care activities and assigned specific job roles for accountability and compliance.

Hartley & Jones (2011)

Healthcare Insurance Portability and Accountability Act

Understanding HIPAA

Health Insurance Portability and Accountability Act

HIPPA COW

Each part of HIPAA is governed by different laws

1• Privacy Rule

2• Security Rule

3• Electronic Data

Exchange

Confidentiality, Integrity &

Availability

Confidentiality is the property that data or information is not made available or disclosed to unauthorized persons or processes

Integrity is the property that data or information has not been altered or destroyed in an unauthorized manner

Availability is the property that data or information is accessible and usable upon demand by an authorized person

Who Must Participate?

► Covered Entities► Doctors, Hospitals, Providers,

Treatment Centers, etc.► All persons on staff

► Business Associates► Any contractor with access to PHI► EHR► Testing Labs► Accountant / bookkeeper► Billing service

► Patients / Clients► Privacy Statements / ROIs

Business Associate Agreement (BAA)

Covered Entities are required to have a BAA in place with each company that has access to your PHI

1. What must be done in case of a data breach2. Client data ownership3. Requirements on subcontractors (they must execute a BAA with the BA)

Types of Breaches?

• unintended data disclosure – 41%•malware and hacking – 19%•malicious insider – 15%• physical loss of a device or drive – 8%•miscellaneous – 17%

All HIPAA settlement information from HHS website.

NewYork-Presbyterian Hospital and Columbia University (New York City)May 2014Deactivation of a network server resulted in the protected health information of more than 6,800 individuals being accessible online.$4.8 million HIPAA fine

Cignet Health (Temple Hills, Md.)February 2011Cignet violated patients' rights by denying them access to their medical records following requests to obtain them.$4.3 million HIPAA fine

Stanford Hospital & Clinics (California)March 2014Data from 20,000 patient records was found posted online.$4 million settlement

AvMed (Gainesville, Fla.)March 2014More than 1 million patient records, including Social Security numbers, were compromised following the theft of two unencrypted laptops.$3 million settlement

CVS Pharmacy (Woonsocket, R.I.)January 2009CVS retail pharmacy chains disposed of protected health information in dumpsters.$2.25 million HIPAA fine

Alaska HHS (Anchorage)June 2012A portable storage device containing electronic patient data was stolen from an HHS employee.$1.7 million HIPAA fine

Concentra Health Services (Addison, Texas)April 2014An unencrypted laptop containing patient data was stolen.$1.7 million HIPAA fine

WellPoint (Indianapolis)July 2013Company was found to not have technical safeguards in place to verify the entities accessing its database of protected health information.$1.7 million HIPAA fine

Affinity Health Plan (New York City)August 2013Company returned photocopy machines to a leasing agent without wiping the data of more than 344,500 individuals stored on the machine.$1.2 million HIPAA fine

General Hospital Corp./Massachusetts General Physicians Organization (Boston)February 2011The organization lost the protected health information of 192 patients.$1 million HIPAA fine

UCLA Health (Los Angeles)July 2011Complaints were filed against UCLA Health that from 2005-2008, unauthorized employees repeatedly accessed the protected health information of patients.$865,000 HIPAA fine

Parkview (Ill.) Health SystemJune 2014Medical records pertaining to up to 8,000 patients were left unattended and accessible in a physician's driveway.$800,000 HIPAA fine

Make sure

its not

you!

Most security breaches are caused by user error, not malicious hackers lurking on the Internet

Lost laptops, misaddressed emails, or divulged passwords

Easily mitigated if your files are encrypted and stored in the cloud

Hackers won’t get at secure information and neither will the guy who found your iPad at the airport

By now you know that HIPAA

stands for

Healthcare

In

Pain

And

Agony (again)

Its not hopeless!

A full-featured EHR / practice management system

Designed from the ground up for mandated treatment

Feed back from Treatment and their referral sources

ReliaTrax

ReliaTrax servers are hosted at a HIPAA compliant data center.

Risk Analysis, Disaster Recovery and Breach Notification plans

are in place.

Access to all ePHI is restricted and requires password access.

ReliaTrax passwords are required to be strong and to change

every 6 months.

Workstation access to ReliaTrax is automatically terminated

after a period of inactivity.

Audit procedures are in place to record and examine access to

client records.

Security Officer conducts company wide security awareness

training monthly.

Compliance Helper

ReliaTrax Takes Security Seriously

Software is hosted on 100% uptime servers.

Servers are behind a private firewall with 2 factor VPN access.

Malicious software detection is in place on all servers with

updates applied regularly.

Operating System patch management occurs regularly.

Private database for each customer

This is not a server in someone’s garage!

ReliaTrax Servers

All data at rest and in motion is encrypted.

All database data is backed up hourly.

Operating System and database data daily backups are stored

offsite.

In addition, we have a fully redundant server in a physically

separate location (Indianapolis, IN) which is mirrored in real

time from the main server. In the event of a major disaster we

can failover to this backup server within 4 hours.

Data Security / Disaster Recovery

HTTPS encrypted connection

Monitoring for logins from foreign countries

Strong passwords

Passwords must be changed periodically

Automatic logouts after inactivity

User-specific permissions

Administrator

Counselor

Receptionist

Accountant

Probation / Parole

ReliaTrax Security

Full EHR Solutions

Scheduling,

Billing

Activity tracking

Offense-specific tools

Integrated with The LOOK

SOTIPS, VASOR-2, DVRNA

Tools for Collaborative Care

Shared documents

Real time access

Two-way communication tools

Online referrals

ReliaTrax: A Better Solution

Keep calm and counsel on!Using ReliaTrax to manage the communication

needs of mandated treatment

At a glance client

compliance information

Real time access to

attendance, drug testing

and Polygraph info

Automated Compliance

alerts

At A glance measurable

outcome reporting

Shared documents

Create and send documents to the rest of the treatment team for feed back

Progress Reports

Assessments

Treatment Recommendations

Treatment Team Comments

Shared documents

Upload and send documents to the rest of the treatment team for feed back

Agree with Safety Plan, client may visit family

Please ensure supervision training is

completed

SAFETY PLANS

TREATMENT PLANS

CLIENT PROJECTS

COLLATERAL INFORMATION

Referrals

Online referral tool

Services Listing

Searchable map

“Ticket to Treatment”

Two way-communication

toolsEliminate phone tag- receive short messages client specific messages

Offense Specific

Assessment Tools

SOTIPS

VASOR-2

LOOK

DVRNA

Discussion Panel

Sharon Sanders, MS, LPC, LPC-S, LSOTP, NCC

The Grey Matters Group- Clinical Director

Jennifer Saenz, Officer

Brazoria County Community Supervision and Corrections Department

James Hinderks, PhD

ReliaTrax CTO

Wendy Biesemeier, MS

ReliaTrax Director of Operations

Discussion Topics

What are the benefits of maintaining quality

communication between the entire treatment

team?

What do you see as some of the hardest

challenges in maintaining this communication?

How did you manage it before using ReliaTrax?

How has ReliaTrax helped?

833-222-0062

www.ReliaTrax.com