As HITECH breach notification compliance and enforcement become a reality, many lessons can be learned from past responses to security breaches under existing breach notice laws (effective in 45 states, the District of Columbia, Puerto Rico, the Virgin Islands, and counting) as well as the technological challenges of effectively securing PHI.  This workshop will take a comprehensive look at breach notification compliance, mitigation and response strategies, including: 

• Fundamental requirements of the HITECH breach notice rules;
• Factors to be considered in determining whether the harm threshold has been met;
• Legal and regulatory assumptions for Safe Harbor as defined by HITECH; 
• Technical and business limits of encryption to protect PHI in transit and in storage;
• Practical approaches to managing risk with Business Associates;
• Considerations raised by past responses (both successful and unsuccessful) to state breach notice laws; and
• Pitfalls to avoid in breach notification compliance and response efforts. 

The workshop will provide an inside look at government enforcement actions that have followed previous breaches notified under state law, and apply the teachings from those incidents to breach responses in the context of the HITECH breach notice rules.  The workshop also will tackle a holistic look at compliance, correcting the myth of end-point encryption as a cure-all Safe Harbor shield to breach reporting, and addressing the reality that due to common threats to PHI data, reportable breaches will still happen unless encryption is viewed as only one element in a comprehensive security program.  The panel will draw on their experience representing clients who experienced security incidents involving both personal information (as regulated by state breach notice laws) and protected health information (as regulated by HIPAA), to provide you with useful insights and practical compliance pointers. 

Who Should Attend:

• Compliance Officers
• CIOs
• Privacy and Security Officials                                           
• CFOs  
• Attorneys (in-house and outside Counsel)   
• Nurses                     
• Internal Audit                         
• Business Associates                                             
• Contract Managers
• Consultants
• Others involved in HIPAA privacy and security compliance           
  

Workshop Objectives:

• Master the fundamentals of HITECH breach notice compliance.
• Describe how your organization can apply past experiences of others in responding to state breach notice laws to implement effective HITECH breach compliance plans.
• Discuss what past FTC and state agency enforcement activities have to tell us about how HHS will likely approach HITECH enforcement.
• Evaluate the effectiveness and limits of encryption to prevent future reportable breaches.
• Describe the scope of security controls that, when used together, may reduce overall threats to PHI.
• Explain the challenges of integrating the security incident response processes and managing the risks posed by numerous  Business Associates.
• Identify when a single incident may trigger duties under both the HITECH breach notice rule and existing state laws, and how the response must take both possibilities into account.
• Explain the value of “mapping” existing data to assess your exposure to multiple applicable sources of law.

Workshop Presenters:
Clyde Hewitt (Forsythe Solutions Group), Elizabeth Johnson & Pam Scott (Poyner Spruill LLP)

connect via

ICD-10 – Understand the Requirement. Achieve Compliance. Deliver a Strategic Advantage!

The healthcare industry has reached an inflection point. Advances in medicine and the efforts to deliver effective care have led to rapidly escalating costs. However, ICD-10 has the potential to turn a compliance requirement into meaningful and profitable administrative simplification. ICD-10 can serve as a springboard to upcoming healthcare reforms (EHR adoption, better fraud and abuse monitoring, pay-for-performance, etc.) and will enable increased efficiency and lower costs. This compliance requirement offers an opportunity for healthcare organizations to gain a competitive advantage.

In this session, presenters will:

• Establish clear understanding of the basic requirements
• Provide an overview of strategy definition, planning, executive sponsorship, communication, education, business analysis, and industry collaboration
• Describe some best practices that payers and providers should adopt for implementing ICD-10, including sequencing and coordination of implementation efforts following a rational transition plan to avoid systemic disruptions
• Describe how some implementation tools, such as standardized crosswalks, can be used by payers and providers in the compliance process
• Show how to prioritize against other HIPAA implementation efforts to accelerate health information technology adoption and health information exchange
• Provide an understanding of the impact of ICD-10 on the interactions of each entity involved in the delivery of care from direct providers (treating physician, nurses, etc.) to indirect providers (clinical labs, radiologists, pharmacists, etc.) to facilities (hospitals, outpatient clinics, etc.) to claim adjudicators and payment processers (clearinghouses, health plans, etc.)
• Describe the consequences for failing to act quickly to achieve adoption of ICD-10

Using specific case study examples, the presenters will drill down into the compliance process and show how payers and providers can transform their compliance efforts into efforts for improving outcomes and achieving short- and long-term competitive advantages. The presenters will place a particular focus on business issues and how these two mandates will impact business users. For senior managers and leadership planners, this session is a must attend.

Who Should Attend:

• Medical Coding Professionals
• HIM Directors
• HIM Compliance Specialists
• Clinical Data Specialists
• Data Quality Managers
• Nurses
• Consultants
• CIOs
• Others involved in medical coding and billing

Workshop Objectives:

• Discuss who is affected, what is required, the compliance date, and whether there is an “out clause” for ICD-10
• Create a successful transition plan
• Describe the tools and processes that can be used to achieve compliance
• Explain the flow of diagnosis data from an initial request for health care service to payment for the service to the rendering provider
• Discuss how to avoid negative, costly results and improve profitability for all industry stakeholders

Workshop Presenters:
Michael Magliaro & Dave McCord (TM Floyd & Company) & Kimberly Williams (LabCorp)

connect via

Implementing Meaningful Use in Three Types of Healthcare Organizations: The HIE, Provider Practice & Hospital/IDN

Transforming healthcare through meaningful use (MU) has unique and similar challenges for different types of healthcare organizations. Health Information Exchanges (HIEs), hospitals/IDNs and provider practices are defining their approaches, tools and methodologies to comply with the new requirements. This workshop will focus on the approach for helping practices attain MU criteria as set forth in the current Proposed Rule. This presentation will communicate the current status of MU rules, including CMS incentives and penalties as well as actual office proven strategies used to improve EHR functionality. Attendees will gain direct knowledge from their constituent’s prior attempts at implementing MU criteria. Both successful and unsuccessful examples will be provided. Defining the resources that proved to be instrumental in successful implementation will also be included. Knowing what has worked in different types of organizations will provide unique insight for attendees.

Another key focus for organizations is to build on the current performance measurement capabilities. The goal is to incorporate decision support and performance management at the point of care in order to realize improved quality of care and reduced cost. Each type of healthcare organization contributes particular competencies to achieving the national objectives of informing clinical practice, connecting clinicians, personalizing care and improving population health.

The workshop will also describe the difficult work of redesigning organizational competencies and workflows required to meet MU performance targets. The process, practice and organizational capabilities that must be assessed to determine performance levels and redesign requirements will be described – as well as the challenges and limitations of available functionality, particularly reporting, in the market.

Further details will be presented about the approach, methodologies, tools and deployment considerations in each type of organization for the clinical and operational redesign, performance monitoring and reporting, and system configuration decisions. Setting the foundation early with analytic tools is an important aspect of not only meeting the Stage 1 targets of MU, but also being able to demonstrate improved performance from the baseline. Analytic tools support continuous monitoring of the redesigned organizational attributes for early course correction during the reporting period. The presentation will include hints and tips for building analytics that can be expanded to include Stage 2 and 3 targets – and beyond.

Who Should Attend:

• Physicians
• Clinicians
• CIOs
• Medical & Health Service Managers
• Quality Managers
• Medical Practice Managers
• Physician Office Managers
• Compliance Managers
• Nurses
• Consultants
• Others concerned about implementing meaningful use in a healthcare organization

Workshop Objectives:

• Discuss MU criteria and understand the impact to eligible professionals and hospitals
• Explain the role of the HIE and how it relates to your office environment
• Describe approaches for achieving MU in a Provider Practice and hospital/IDN along with pitfalls to avoid
• Examine the organizational components that contribute to meeting MU performance targets
• Apply proven methods used to develop and monitor MU performance with analytics
• Allocate proper resources to attain MU
• Avoid common errors when trying to implement MU

Workshop Presenters:
Jennifer Anderson & Gary Balser (Carolinas Center for Medical Excellence), Jan McCoy & Marla Roberts (CTG HealthCare Solutions)

connect via