Earlier this year, the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) published the proposed Meaningful Use (MU) Stage 3. The industry is currently waiting for publication of a final rule. In the meantime, everyone seems to be contemplating potential HIM implications of this new phase of MU.
MU Stage 3 Engages Patients And ePHI Data
As proposed, MU Stage 3 includes several requirements that affect patient access to information as well as release of information. More specifically, the proposed MU Stage 3 focuses on the following:
- Easier patient access to their own health information
- Greater patient involvement in their own care
- Patient education
- Improved patient outcomes
Patient engagement is one of the primary goals of the proposed MU Stage 3. Other goals include more effective care coordination and clinical decision-making as well as health information exchange between providers. These goals, in turn, will hopefully yield better population health and lower costs.
ePHI Privacy And Security Are Paramount
How will organizations accomplish these goals?
Web-based portals and personal health record software will provide patients with an easy method to gain electronic access to their health information, particularly orders, test results, imaging, and visit summaries. However, in this age of electronic data sharing and release of information, providers must guarantee the protection of patients’ health information. Doing so helps providers gain and maintain patient trust. Ensuring the privacy and security of electronic patient information also helps physician comply with HIPAA.
It’s extremely important to secure PHI while responding to patients and providing information in a timely manner. Keep these tips in mind:
- Encrypt ePHI patient data in storage as well as when it’s accessed or sent over a network through an encrypted connection.
- Update software regularly to mitigate vulnerabilities.
- Keep security software and malware updated.
- Upgrade passwords to passphrases. These short sentences are more difficult to hack than a simple password. Also consider using fingerprints and one-time passcodes from digital keycards or fobs.
- Only transfer PHI via encrypted methods, such as encrypted emails. Use a VPN to create a secure connection between personal devices and the office network.
- When connecting to the Internet from a remote location, consider using a smartphone 4G hotspot rather than a public WiFi connection to provide secure access.
What’s your plan to engage patients in MU Stage 3, and how will you ensure the privacy and security of information in this increasingly inter-operable healthcare environment?