Upload
jared56
View
742
Download
3
Embed Size (px)
DESCRIPTION
Citation preview
1
Legal and IT Coordination in a Complex Health System
Presentation to Information Security Compliance Risk Management Institute
Wednesday September 16, 2009
Laird A. Pisto, JDPaul VanAmerongen, CISSP
MultiCare Health System
Integrated Delivery Network: Cradle to Grave & All Points In Between
3
EMR Risk Analysis
Low High
High
Impact
Pro
babi
lity
31
2
Who Regulates MultiCare?
MHS
WISHA
DOJ
FDA
DOT
OSHA
DOL
NRC
OCR
HHS
Federal
State
Other
OPO
J ointComm
Medical Board
Nursing Board
State Survey &Survey Certificates
State Medicaid
SBOH
State Licensure
Labor/J ustice ADA
FBI
FCC
NIOSH
HRSA
FTC
EPA
IRS
SECRegional
Home Health Intermediaries
LocalGovernment
CMSCenter for MedicareMedicaid Services
Congress
Medicare IntegrityProgram Contractors
Federal CircuitCourts
SupremeCourt
DepartmentalAppeals
QIOs
OIG
CarriersIntermediariesRegionalOffices
PRRB
DME RegionalContractors
Adapted from AHA News, May 29, 2000
DEA
DOEPharmacy Board
DOH
HCFA
Recent Legal and Regulatory Change Requirements Federal Rules of Civil Procedure (FCRP) –
Electronic information disclosure
Red Flags – Identification and notification of identity theft
American Recovery and Reinvestment Act of 2009 (ARRA) - Changes to HIPAA
Health Information Technology for Economic and Clinical Health Act (HITECH) - Expands on HIPAA
ONCHIT GOALS – 2008 - 2010
Goal One: Inform Clinical Practice
Goal Two: Interconnect Clinicians
Goal Three: Personalize Care
Goal Four: Improve Population Health
Each of these is fully embedded in HITECH ACT
7
Goals Mirror RisksPatient Safety
Access
Accuracy
Efficiency
Financial Performance
100% Adoption
Do no harm
Know the patient’s story
Effective communication among caregivers
Eliminate steps that do not add value
Reduce length of stay
Innovate to deliver the Ideal Patient Experience
8
Information Security & Change Management
9
Newton’s Third Law of Motion:For every action, there is an equal and
opposite reaction.
Information Security & Sir Isaac Newton:
Newton’s Second Law of Motion:Acceleration is proportional to force.
Newton’s First Law of Motion:Things tend to keep doing what they’re doing.
10
Typical Data Sources For Discovery
11
Clinical Systems Business Systems
ANCILLARY SYSTEMS
MisysLab
EpicRx
PyxisMedicationDistribution
HBSOutpatientRx- Retail
POS
ImageCastRadiology
Pyxis OR Surgical
Supply Station
Epic/ Varian
Oncology
HospiraSmart Pumps
SiemensCardiology
CoPathPathology
EpicHome Health/
Hospice
StrykerSurgery Center
Systems
ProvationGI Lab
DocumentationSystem
GENICU FetalMonitoring
HologicDigital
Mammography
ComputritionNutritionServices
ORSOSSurgery
Scheduling
ANCILLARY SYSTEMS
MeditechLab
MeditechRx
MeditechOR
GECardiology
GELabor &Delivery
MedSelectMedication Distribution
NDCOutpatient Rx-
Retail POS
VSTNutritionServices
SurgiServSurgery Center
Systems
PTcTHome Health/
Hospice
CoPathPathology
FINANCIAL SYSTEMS
REVENUE CYCLE SYSTEMS
LawsonAccounts Payable
LawsonGeneral Ledger
McKessonBudgeting/ Financial Planning
AscentContract
Management
McKessonDecision Support
ePremisClaims
Processing
LawsonPayroll
LawsonHuman
Resources
WorkbrainTime &
Attendance
LawsonRecruitmentManagement
TractManagerContracts
Management
Third MilleniumClaims
Digital Archive
EpicPatientBilling
nCoderCoding
HDXInsuranceEligibility
EpicBed
Management
EpicPatient Access/
Registration
EpicEnterprise
PatientScheduling
EpicPatient
Tracking
EpicClinic PracticeManagement
EpicHIM
AnsosScheduling-
Clinical
VariousScheduling-Non-Clinical
FINANCIAL SYSTEMS
REVENUE CYCLE SYSTEMS
MeditechAccountsPayable
MeditechGeneralLedger
TractManagerContracts
Management
AscentContract
Management
Budget Advisor/ Financial
Budgeting/Financial Planning
Power ManagerDecision Support
ePremisClaims
Processing
E-CabinetClaims
Digital Archive
InfiniumPayroll
InfiniumHR
KronosTime &
Attendance
E-LaborRecruitmentManagement
MeditechPatientBilling
Provider AdvantageInsuranceEligibility
3MCoding
MeditechPatient Access/
Registration
MeditechEnterprise
PatientScheduling
MisysClinical Practice
Management
MeditechBed
Management
MeditechHIM
AnsosScheduling-
Clinical
KronosScheduling-Non-Clinical
Health System Health System SubsidiarySubsidiary
LawsonMaterials
Management
MeditechMaterials
Management
MeditechReporting
HBI/HPMManagement
Reporting
CORE CLINICAL SYSTEMS
MidasCare Manager/
UR
NuanceRadiology Dictation/
Transcription
MedQuistDictation
MedQuistTranscription-
CMT
PhillipsCritical Care-
ClinicalDocumentation
NightingaleConsulting
Nurse Scheduling
QuadraMed- WinPFSNurse
Scheduling
QuadraMed- WinPFSPatient Acuity
EpicOrders/ Results
EpiceMAR
CORE CLINICAL SYSTEMS
MeditechCare Manager/
UR
CrescendoDictation
CrescendoTranscription-
CMT
MeditechE-Signature
MeditechOrders/Results
EpicClinical DataRepository
MeditechClinical DataRepository
HospiraSmart Pumps MISCELLANEOUS SYSTEMS MISCELLANEOUS SYSTEMS
12
Many Become One? Or Not?
SiemensCardiology
QuadraMed- WinPFSPatient Acuity
LawsonPayroll
Business Systems
FINANCIAL SYSTEMS
REVENUE CYCLE SYSTEMS
LawsonAccounts Payable
LawsonGeneral Ledger
Kaufman HallBudgeting/ Financial Planning
Decision Support
ePremisClaims
Processing
LawsonHuman
Resources
WorkbrainTime &
Attendance
Peopleclick(Recruitment)
TractManagerContracts
Management
Third MilleniumClaims
Digital Archive
EpicPatientBilling
3MCoding
HDXInsuranceEligibility
EpicBed
Management
EpicPatient Access/
Registration
EpicEnterprise
PatientScheduling
EpicPatient
Tracking
EpicClinic PracticeManagement
EpicHIM
MISCELLANEOUS SYSTEMS
AnsosScheduling-
Clinical
VariousScheduling-Non-Clinical
FINANCIAL SYSTEMS
REVENUE CYCLE SYSTEMS
TractManagerContracts
Management
AscentContract
Management
Kaufman Hall Budgeting/Financial Planning
ePremisClaims
Processing
KronosTime &
Attendance
Peopleclick(Recruitment)
3MCoding
EpicClinical Practice
Management
EpicBed
Management
MISCELLANEOUS SYSTEMS
AnsosScheduling-
Clinical
KronosScheduling-Non-Clinical
Health System Subsidiary
LawsonGeneral Ledger
LawsonAccounts Payable
LawsonPayroll
LawsonHuman
Resources
EpicEnterprise
PatientScheduling
EpicPatient Access/
Registration
EpicPatientBilling
EpicHIM
LawsonMaterials
Management
Management Reporting
LawsonMaterials
Management
Management Reporting
HDXInsuranceEligibility
Third MilleniumClaims
Digital Archive
ImageCastRadiology
Clinical Systems
CORE CLINICAL SYSTEMS
ANCILLARY SYSTEMS
EpicRx
PyxisMedicationDistribution
HBSOutpatientRx- Retail
POS
Pyxis OR Surgical
Supply Station
Epic/ Varian
Oncology
HospiraSmart Pumps
CoPathPathology
EpicHome Health/
Hospice
StrykerSurgery Center
Systems
ProvationGI Lab
DocumentationSystem
GE QSLabor & Delivery
HologicDigital
Mammography
ComputritionNutritionServices
MidasCare Manager/
UR
Powerscribe
eScriptionTranscription
Epic ED
WinPFS
EpicOrders/ Results
EpiceMAR
CORE CLINICAL SYSTEMS
ANCILLARY SYSTEMS
EpicOR
McKessonCVIS
MedSelectMedication Distribution
NDCOutpatient Rx-
Retail POS
VSTNutritionServices
SurgiServSurgery Center
Systems
MidasCare Manager/
UR
EpicED
CoPathPathology
Health System Subsidiary
EpicRx
EpiceMAR
EpicOrders/ Results
EpicClinical DataRepository
EpicClinical DataRepository
EpicClinical
Documentation
EpicClinical
Documentation
EpicE-Signature
EpicE-Signature
HospiraSmart Pumps
SunquestLab
SunquestLab
RadiantRadiology
EpicHome Health/
Hospice
EpicOR
LawsonPayroll
AscentContract
Management
Powerscribe
Decision Support
eScriptionTranscription
WinPFS
RadiantRadiology
GE QSLabor & Delivery
EmegeonCVIS
Kodak PACSMcKessonPACS
EpicPatient
Tracking
13
And a few more:
Metadata: Friend or Foe?
Provide A Description By
Category
Location Of All Relevant:
Electronically Stored Information
Intentional Design: The Missing Ingredient?
Technologists
GIGO
Replication Or Innovation?
Risk Managers On Design Team?
15
Results of Lack of Intentional Design?
16
Version Control – or Not?
Portability – or Not?
Transparency – or Not?
Access Controls – or Not?
Audit Trails – or Not?
Archiving – or Not?
Print Management – or Not?
17
Is Risk Embedded in Project Oversight?
Go
vernan
ceD
irection
Delivery
18
Living with an EMR:
Training -- never ends
Implementation -- never ends: “Build, Implement, Optimize, Repeat”
Some things are hard!
Users should never worry about hardware, system stability or access to downtime data
CQI at its best: It’s really all about workflow and efficiency and “Process Improvement”
And as we enter budget season:
19
Commiseration Contact #s:Laird A. Pisto Paul VanAmerongen
Associate General Counsel Manager, Information Security
MultiCare Health System MultiCare Health System
PO Box 5299 PO Box 5299
Mail Stop 222J-1-LEG Mail Stop 124-2-IS
Tacoma, WA 98415-0299 Tacoma, WA 98415-0299
253-403-1186 253-459-7482