Technology Assessment and Government Regulations
What is health information management?
Definition: ensuring that health information collected from patients is appropriately handled according to legal requirements set forth by the government and the health care organization (Scott, 2017)
Stanley Graphic [Digital Image]. (May 4, 2016). Retrieved July 23, 2017 from here.
What is a health information management system?
Health information management systems (or HIMS) – vital to growing the collection of information to better comprehend the impacts of wellbeing correspondence and wellbeing IT on populace wellbeing results, medicinal services quality, and wellbeing differences (“Health Communication and Health Information Technology,” 2014)
Take action on information
CKM Beat Graphic [Digital Image]. (March 19, 2011). Retrieved July 23, 2017 from here.
How do you choose a HIMS?
Consider the cost of the system (“9 Best Practices,” 2015) – choose a good system, but as inexpensive as possible
Choose a system that complements flow of the organization (“9 Best Practices,” 2015)
– Easy to understand
– Satisfy the needs of the organization
Ensure accurate support of the system after installation
ComplyTrack’s Information Security Assessment Manager (ISAM)
security assessment management system – enables quick usage of established standards, while also quickly evaluating placement with current compliance requirements and launching a growth of continuous and constant refinement (PR Newsire, 2017)
Proven progressive software
Helps to maintain successful compliance
Communication and reporting enhancements
Quickly expedites the review and asessment process
ComplyTrack has IT techs that will come in and install system (PR Newswire, 2017)
Meets all goals of the organization (including who will be using system) (Hicks, 2017)
Meets all regulation compliance
What is interoperability?
– the ability of systems and devices to exchange information and interpret that shared information (“What is Interoperability?,” 2013)
ComplyTrack’s data is compatible with all our technology
Able to present the information so all users can understand
ComplyTrack allows organization to be more productive
Information can be quickly gathered to avoid issues before they become issues
Provides superior content and workflow which allows for greater productivity, accuracy, and speed
Treemaginers Graphic. [Digital Image]. (December 7, 2016). Retrieved July 23, 2017 from here.
Possible HIMS Support Challenges (Sundararajan, 2014)
Data entered into system has to be HIPAA compliant yet also easily shared and understood by all users
Ability of patients to be able to view, download, and transmit online health records must be implemented within HIPAA guidelines and be user specific
Customization of specialties (yes or no?)
Maryland EHR Regulations (“Electronic Health Records,” 2016)
First state to require State-regulated payors to provide incentives to select health care providers to promote implementation of EHRs
Adoption of incentive program is to encourage providers to implement EHRs
2012 office-based physician adoption rate: approximately 49.2 percent
Greatchoice Computer Service Graphic [Digital Image]. (n.d.). Retrieved July 23, 2017 from here.
Maryland HIPPA Regulations (“HIPAA Privacy and Maryland Requirements,” n.d.)
1978 Maryland Medical Records Act
1990 Confidentiality of Medical Records Act
– 1984 – 22 page report identified discrepancies in medical records confidentiality
– 1987 – Attorney General redrafts confidentiality law for mental health records
– 1989 – Health Subcommittee, of the Senate Economic and Environmental Affairs Committee
drafts a detailed statutory coverage of confidentiality of medical records
– Senate Bill Number 584 signed into law on May 29, 1990
Maryland HITECH Regulations (“What is HIPAA?,” n.d.)
Created monetary incentives for meaningful use of EHRs
Prior to HITECH, business associates were only responsible for protecting individual health information if the Covered Entity they were serving required them to do so in a contract
HITECH went into effect February 17, 2010 and required entities to secure patient’s personal information
HITECH changed definition of breach in privacy as well as the reporting standards for such breaches
2 Ways MD Regulations Can Impact HIMS in Health Care Organization
Must make sure personal health information is being used correctly and handled securely (Miaoulis, 2010)
Must ensure that users have at least the minimum information needed to complete their job efficiently (Miaoulis, 2010)
3 Solutions to Address Regulation Challenges
Educate all users of the health information management system and offer continuing training
Be willing to adjust and make changes if needed (ie. be adaptable)
Do not simply rely on an IT team but should involve all key members of the organization so that everyone is on the same page if something goes wrong (Ngafeeson, 2014)
3 Privacy & Security Measures (“Protecting Against a HIPAA Breach,” 2015)
Ensure that all individuals that handle secure information are trained in privacy procedures and regulations
Administer risk assessments of the current program and determine any potential risks
Develop a uniform protocol that everyone must follow
Research Guides Image [Digital Image] (n.d.). Retrieved July 23, 2017 from here.
Action Plan to Protect Patient Information (“Information Security Measures,” 2017)
Password security – regularly change passwords (every 30-60 days)
Ways confidential information is handled:
– secure computer hardware
– personnel clearance procedures
– secure disposal of confidential waste
– consequences for misuse of information and data
– signed confidentiality agreements
– confidentiality and security awareness training
Key Actions to Monitor Privacy & Security Violations After Implementation of HIMS (“Health Information Privacy and Security,” 2013)
Conduct security risk analysis
Develop a plan for addressing threats and vulnerabilities
Manage and decrease risks
Prevent breaches with workforce training
Communicate with patients on how information is handled
Electronic health records. (September 22, 2016). Retrieved from http://mhcc.maryland.gov/mhcc/pages/hit/hit_ehr/hit_ehr.aspx.
Health communication and health information technology. (2014). Retrieved from https://www.healthypeople.gov/2020/topics-objectives/topic/health-communication-and-health-
Health information privacy and security: a 10 step plan. (January 19, 2013). Retrieved from https://www.healthit.gov/providers-professionals/ehr-privacy-security/10-step-plan.
HIPAA privacy and Maryland requirements. (n.d.). Retrieved from
Information security measures. (2017). Retrieved from https://provider.ghc.org/open/render.jhtml?item=/open/workingWithGroupHealth/records-infosec.xml.
Miaoulis, W. M. (March 2010). “Access, Use, and Disclosure: HITECH’s Impact on the HIPAA Touchstones” Journal of AHIMA 81, no.3, 38-39; 64. Retrieved from
Ngafeeson, M. (2014). Healthcare information systems: Opportunities and challenges. Retrieved from
PR Newswire. (July 19, 2017). Wolters Kluwer strengthens Midland Health information security management system with ComplyTrack. Retrieved from
Protecting against a HIPAA breach. (April 15, 2015). Retrieved from http://prognocis.com/protecting-against-a-hipaa-breach/.
Scott, S. (2017). What is health care management? Retrieved from https://www.herzing.edu/blog/what-health-information-management.
Sundararajan, Y. (June 26, 2014). Key challenges facing HER vendors. Retrieved from http://www.healthcareitnews.com/blog/key-challenges-facing-ehr-vendors.
What is interoperability? (April 5, 2013). Retrieved from http://www.himss.org/library/interoperability-standards/what-is-interoperability.
What is HIPAA? (n.d.). Retrieved from https://health.maryland.gov/HIPAA/Pages/whatishipaa.aspx.
Click following link to download this document
Technology Assessment and Government Regulations.pptx