Hidden Riches Revealed
Insurance Networking News, February 1, 2009
When the Health and Human Services Office of Inspector General (HHS OIG) conducted surprise HIPPA audits during 2007 and 2008, health care organizations across the value chain realized as never before the importance of treating the mandate of delivering privacy, security and compliance as mission-critical.
Advertisement
"This is the great challenge," says Merit Smith, VP and director of the health care practice at Robert E. Nolan, a Simsbury, Conn. consulting firm. "Regulators' approach and tolerance to Personal Health Information (PHI) security breaches has changed, and it's putting a lot of pressure on IT in terms of keeping systems up to speed yet safe and secure."
Smith says the number of privacy breaches that could be documented prior to the implementation of the privacy regulations amounted to a couple of thousand per year on about a trillion transactions, making the issue relatively inconsequential. "About 80% of those were misdirected faxes," he says, "so it's easy to compromise records, and it often occurs by accident. Tragically, breaches of all kinds (such as posting clinical test results on the Internet) have become more commonplace - everyone's tolerance for that has worn thin."
The environment that houses, transmits or touches sensitive data is becoming more complicated by the day, Smith adds. "We've fragmented our support systems - some are in Bangalore, some in Prague and some in people's homes," he says. "IT can deal with each challenge, but the complexity of sourcing, outsourcing and subcontracting is harder to manage, and harder to make sure you got it right."
All of this puts more stress on a health insurer's IT staff, which already is dealing with the multiple pressures of industry-wide competition, a complex, layered federation of stakeholders, a patient/member base that is hungry for control of their own health records, and the budget-cutting trickle down effect of liquidity and credit crisis issues.
Reaction to these issues typically means a call to action; health insurers are retrenching, reviewing their existing working environments and enterprises to determine if their business strategies remain sound.
In some cases, this exercise may bring to light best practices for ensuring the security and integrity of health information across the enterprise and/or the network. In all cases, it's likely to reinforce a "do more with less" mandate, forcing insurers and other stakeholders to leverage new and existing technologies in a way that creates a host of positives-from improved patient outcomes and associated reduced claims to additional business opportunities.
NUMEROUS STAKEHOLDERS
At the network level, a number of security initiatives include ancillary benefits for insurers. As one of nine health information exchanges (HIEs) in the trial implementation of the U.S. Department of Health and Human Services' Nationwide Health Information Network (NHIN), CareSpark, a Regional Health Information Organization (RHIO) in Central Appalachia, is developing and demonstrating core services for the secure exchange of summary medical records, as well as information required for medication management and consumer empowerment use cases.
The HIE is working with Chicago-based Initiate Systems Inc., a provider of Enterprise Master Person Index (EMPI) software, to serve 750,000 residents and approximately 1,200 physicians in a 17-county area of southwest Virginia and northeast Tennessee. Demonstrating their medication management and consumer empowerment use cases at the 5th NHIN Forum in Washington in December 2008, Liesa Jo Jenkins, CareSpark's executive director, touted the accuracy and speed of the software. "It provides the highest level of confidence needed for matching of records and adoption of standards endorsed by NHIN," she says. Other benefits include improved services at the point of care and increased operational efficiencies and interoperability among applications, which contribute to successful health information exchanges, says Jenkins.
For more information on related topics, visit the following channels:
