1. First Lecture: Meaningful use risk assessment: Requirements, Methodology, Challenges, and Lessons. Joy Pritts, JD Chief Privacy Officer from the ONC and Johnathan Coleman from Security Risk Solutions.This was a very good and clear session on meaningful use risk assessment and how to survive this aspect with an ONC or CMS audit. The clear slide session is available (in your briefcase) . Key Points were (borrowed from the lecture):
- Identify the scope of the Analysis
- Gather Data
- Identify and document potential threats
- Assess current security measures for vulnerabilities
- Determine the likelihood of threat occurence
- Determine the potential impact of threat occurence
- Determine the level of risk
- Identify security measures and finalize documentation
Key points were that these audits were not expected to be exhaustive, but reasonable, well thought out, with good documentation and recorded policies and procedures. Internal audits should be annual (at a minimum).
Note was made that recent audit failures with financial penalties assigned were tied to mobile. Firewall security was discussed with suggestions to test it as well as the EHR.
A point was also made that this security is not merely tied to the EHR – the entire enterprise in the health care setting is evaluated, not just the EHR. Vendor solutions are not (necessarily) absolute.
This is a worthwhile talk to take the time to listen to – clear, informative, and engaging!
2. Second Lecture : RTLS – its not for just assets anymore! Kathi Cox from Texas Health. Very good and useful presentation about the use of RTLS (sometimes RFID; other technologies exist) fully integrated into a new hospital to track patients, caregivers, and assets. The cost of install paid for itself in a year with a million dollars in savings. Obvious benefit was the integration of the RTLS system with the EHR #timestamps which freed employees up from non-value added activities that create timestamps (example given of nursing call light turning itself off when nurse enters patient room). They applied the technology to inpatient use – tried to apply it to the ER but since active technology was used, too many tags were leaving the hospital and creating unnecessary costs, so they backed off there. Assets (patients, providers, equipment) are tracked at a central facility, and web apps can be used for locators. #workflow benefits cited, as providers knew where patients were. Also, examples of improved bed turnaround time were cited as once a patient leaves the room (is discharged), the cleaning team can enter and begin preparing the room immediately.
Benefits of location were cited as to employee rightsizing (staffing to need) and bed rental management (where rental beds were used, where they were not). infection control and temperature control also cited. The means of creating ‘chokepoints’ for RTLS detection was shared as one monitor inside the patient door, and one monitor outside the patient door (to track movement down halls, etc..)
This was a great presentation – consideration has to be made that this was a de novo install in a new institution that had experience with prior RTLS applications. But it does make a great argument for the RTLS technology in asset tracking. And its nice to have providers/employees thought of as assets, instead of liabilities.
3. Third lecture : Next Generation Revenue Cycles – Elaine Remmlinger, senior partner at Kurt Salmon. This should have been sub-titled, “How to select new billing software to adapt to new billing paradigms upcoming”. A detailed, and well thought out discussion of the pitfalls of purchasing this type of enterprise software was performed. Actually, the steps and criteria could be applied to ANY sort of software purchase. Truth be told, this lecture was most oriented towards CFO’s or finance managers concerned about bundled billing, capitation, and the like. HMFA members would probably get the most out of this lecture. The lecture was well delivered, I just probably am not the right audience for it.