Cyber Security Assessments

Jan. 3, 2012
At a time when health information exchange sustainability is on everyone’s lips, and with NeHC report sharing case studies on sustainable HIEs and a recent KLAS study showing a doubling of live HIEs from last year, new revenue streams are being sought to keep these entities afloat.
At a time when health information exchange sustainability is on everyone’s lips, and with NeHC report sharing case studies on sustainable HIEs and a recent KLAS study showing a doubling of live HIEs from last year, new revenue streams are being sought to keep these entities afloat. At the eHealth Initiative 2011 National Forum on Health Information Exchange at the Omni Shoreham Hotel in Washington, D.C., I heard a unique revenue generator that piqued my interest from Christopher Henkenius, program director at Nebraska Health Information Initiative (NeHII).Henkenius says NeHII will be offering cyber liability and security assessment services that provide security consultative audits and services to stakeholder participants. Deb Bass, NeHII’s executive director says that a NeHII consultant will assess each participant’s needs and perform a GAP analysis and then assist the stakeholder with the implementation of the necessary policies and procedures to address any gaps that might be identified.NEHII has contracted with different vendors so a variety of pricing levels and processes, onsite vs. online assessments, will be offered. The audit will be conducted on an ongoing basis to be determined by the provider and the NeHII consultant. “It’s an ongoing assessment rather than a snapshot in time which most of the assessments have been in the past. You do it once and then a year or two later you start from square one, so there’s a lot of wasted energy and that was our thought around some of these solutions that are more innovative,” Bass says.NeHII’s initial focus for these assessments is physician practices. Two practices, a nursing home and a surgical practice, have been identified for a pilot phase that will start soon. “Many times they don’t have IT staffs,” Bass says. “It’s the office manager that assumes this role. The idea behind this is that we’ll be that resource to them, so they don’t have to hire additional bodies to address this.” NeHII plans to offer these assessments with other states, just as it shared its HIE security and privacy practices with 16 other states. She says that these policies are open source to create a more collaborative environment, so if other entities add on to them, NeHII will be able to access those ideas. Bass says that Arkansas recently published its privacy policies and recognized NeHII’s contribution.In the future, NeHII plans on adding to its security offerings to help organizations meet future meaningful use requirements and HIPAA compliances. One idea is to assist providers with creating “access reports” to patients indicating who has accessed data in a designated record set. NeHII also plans to continue partnering with Metropolitan Community College in Omaha on its HIT curricula and adding a cyber security course in the future.“With all of the new initiatives with health information technology—ICD-10, meaningful use, and HIE—many of our stakeholders are feeling extremely overwhelmed and resource-constrained,” Bass says. “And believe me, cyber security and these assessments are a major responsibility.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?