Technology Assessment and Government Regulations

16 Oct No Comments

Technology Assessment and Government Regulations 

HSA 520

What is health information management?

Definition: ensuring that health information collected from patients is appropriately handled according to legal requirements set forth by the government and the health care organization (Scott, 2017)

Stanley Graphic [Digital Image]. (May 4, 2016). Retrieved July 23, 2017 from here.

What is a health information management system?

Health information management systems (or HIMS) – vital to growing the collection of information to better comprehend the impacts of wellbeing correspondence and wellbeing IT on populace wellbeing results, medicinal services quality, and wellbeing differences (“Health Communication and Health Information Technology,” 2014)Process:Capture informationClassify informationRetrieve informationEvaluate inforamationShare informationTake action on information

CKM Beat Graphic [Digital Image]. (March 19, 2011). Retrieved July 23, 2017 from here.

How do you choose a HIMS?

Consider the cost of the system (“9 Best Practices,” 2015) – choose a good system, but as inexpensive as possibleChoose a system that complements flow of the organization (“9 Best Practices,” 2015) – Easy to understand – Satisfy the needs of the organizationEnsure accurate support of the system after installation

ComplyTrack’s Information Security Assessment Manager (ISAM)

security assessment management system – enables quick usage of established standards, while also quickly evaluating placement with current compliance requirements and launching a growth of continuous and constant refinement (PR Newsire, 2017)Proven progressive softwareHelps to maintain successful complianceSecurity perfectionCommunication and reporting enhancementsQuickly expedites the review and asessment process

HIMS Implemenation

ComplyTrack has IT techs that will come in and install system (PR Newswire, 2017)Meets all goals of the organization (including who will be using system) (Hicks, 2017)Meets all regulation compliance

HIMS Interoperability

What is interoperability? – the ability of systems and devices to exchange information and interpret that shared information (“What is Interoperability?,” 2013)ComplyTrack’s data is compatible with all our technologyAble to present the information so all users can understand

HIMS Productivity

ComplyTrack allows organization to be more productiveInformation can be quickly gathered to avoid issues before they become issuesProvides superior content and workflow which allows for greater productivity, accuracy, and speed

Treemaginers Graphic. [Digital Image]. (December 7, 2016). Retrieved July 23, 2017 from here.

Possible HIMS Support Challenges (Sundararajan, 2014)

Data entered into system has to be HIPAA compliant yet also easily shared and understood by all usersAbility of patients to be able to view, download, and transmit online health records must be implemented within HIPAA guidelines and be user specificCustomization of specialties (yes or no?)

Maryland EHR Regulations (“Electronic Health Records,” 2016)

First state to require State-regulated payors to provide incentives to select health care providers to promote implementation of EHRsAdoption of incentive program is to encourage providers to implement EHRs2012 office-based physician adoption rate: approximately 49.2 percent

Greatchoice Computer Service Graphic [Digital Image]. (n.d.). Retrieved July 23, 2017 from here.

Maryland HIPPA Regulations (“HIPAA Privacy and Maryland Requirements,” n.d.)

1978 Maryland Medical Records Act 1990 Confidentiality of Medical Records Act – 1984 – 22 page report identified discrepancies in medical records confidentiality – 1987 – Attorney General redrafts confidentiality law for mental health records – 1989 – Health Subcommittee, of the Senate Economic and Environmental Affairs Committee drafts a detailed statutory coverage of confidentiality of medical records – Senate Bill Number 584 signed into law on May 29, 1990

Maryland HITECH Regulations (“What is HIPAA?,” n.d.)

Created monetary incentives for meaningful use of EHRsPrior to HITECH, business associates were only responsible for protecting individual health information if the Covered Entity they were serving required them to do so in a contractHITECH went into effect February 17, 2010 and required entities to secure patient’s personal informationHITECH changed definition of breach in privacy as well as the reporting standards for such breaches

2 Ways MD Regulations Can Impact HIMS in Health Care Organization

Must make sure personal health information is being used correctly and handled securely (Miaoulis, 2010)Must ensure that users have at least the minimum information needed to complete their job efficiently (Miaoulis, 2010)

3 Solutions to Address Regulation Challenges

Educate all users of the health information management system and offer continuing trainingBe willing to adjust and make changes if needed (ie. be adaptable)Do not simply rely on an IT team but should involve all key members of the organization so that everyone is on the same page if something goes wrong (Ngafeeson, 2014)

3 Privacy & Security Measures (“Protecting Against a HIPAA Breach,” 2015)

Ensure that all individuals that handle secure information are trained in privacy procedures and regulationsAdminister risk assessments of the current program and determine any potential risksDevelop a uniform protocol that everyone must follow

Research Guides Image [Digital Image] (n.d.). Retrieved July 23, 2017 from here.

Action Plan to Protect Patient Information (“Information Security Measures,” 2017)

Password security – regularly change passwords (every 30-60 days)Ways confidential information is handled: – secure computer hardware – personnel clearance procedures – secure disposal of confidential waste – consequences for misuse of information and data – signed confidentiality agreements – confidentiality and security awareness training

Key Actions to Monitor Privacy & Security Violations After Implementation of HIMS (“Health Information Privacy and Security,” 2013)

Conduct security risk analysisDevelop a plan for addressing threats and vulnerabilitiesManage and decrease risksPrevent breaches with workforce trainingCommunicate with patients on how information is handled


Electronic health records. (September 22, 2016). Retrieved from communication and health information technology. (2014). Retrieved from information-technology.Health information privacy and security: a 10 step plan. (January 19, 2013). Retrieved from privacy and Maryland requirements. (n.d.). Retrieved from security measures. (2017). Retrieved from, W. M. (March 2010). “Access, Use, and Disclosure: HITECH’s Impact on the HIPAA Touchstones” Journal of AHIMA 81, no.3, 38-39; 64. Retrieved from, M. (2014). Healthcare information systems: Opportunities and challenges. Retrieved from Newswire. (July 19, 2017). Wolters Kluwer strengthens Midland Health information security management system with ComplyTrack. Retrieved from against a HIPAA breach. (April 15, 2015). Retrieved from, S. (2017). What is health care management? Retrieved from, Y. (June 26, 2014). Key challenges facing HER vendors. Retrieved from is interoperability? (April 5, 2013). Retrieved from is HIPAA? (n.d.). Retrieved from

Click following link to download this document

Technology Assessment and Government Regulations.pptx