Resource Search Results

Lessons Learned in Data Sharing & Care Coordination (2021). Resource Type: Publication. Description: This publication summarizes the lessons learned from conversations with Health Care for the Homeless health center consumers and providers as health centers work to create coordinated care systems through data. More Details...

Strategic Cybersecurity Investments: Leveraging American Rescue Plan Funding to Enhance Infrastructure and Services: HITEQ Highlights webinar (2021). Resource Type: Archived Webinar. Description: Healthcare continues to be the sector most targeted globally by ransomware and related malware attacks and leads in the average total cost of data breach across industries. The FY 2021 American Rescue Plan Funding provides an excellent opportunity for Health Centers to make strategic investments in cybersecurity infrastructure and services. This HITEQ Highlight, presented by Adam Kehler of Online Business Systems provides an overview of assets that can increase Health Center cybersecurity. Topics covered include cybersecurity infrastructure and services that can increase defense-in-depth for health IT, including EHRs, telehealth tools and services, mobile medical devices, patient portals, and related health information software applications. More Details...

21st Century CURES Act and Information blocking - How to Avoid Blocking Interoperable EHI.: HITEQ Highlights Webinar (2021). Resource Type: Archived Webinar. Description: In this webinar, the HITEQ Center discusses the 21st Century CURES act (CURES act), specifically focused on how it defined interoperability and information blocking and how that relates to health centers. With HHS recently extending the provider compliance date to April 5, 2021, we review how ONC’s final rules defined information blocking requirements and exceptions. We discuss common scenarios and health center policy practices that might be considered information blocking, and how they can reduce health center risks with early planning and policy definitions. More Details...

Data Integration Best Practices for Health Centers & Homeless Services Publication: Health Center Focus Group Recommendations on Data Integration (2020). Resource Type: Publication. Description: Health centers use data and technology to improve health outcomes of patients, speed administrative processes, and collect patients’ health and housing histories. This report advances strategies for large and small health centers to match data with homeless service systems to identify and coordinate care for high utilizers of crisis care systems. More Details...

Addressing Intimate Partner Violence and Human Trafficking in the Health Center Setting: HITEQ Highlights Webinar (2020). Resource Type: Archived Webinar. Description: The coronavirus pandemic and consequent stay-at-home orders may increase danger for those at risk for or experiencing intimate partner violence and human trafficking (IPV/HT). Due to COVID-19, many health centers have shifted health encounters to virtual platforms, which offer unique opportunities to provide trauma-informed care and connect in new ways with those who may be experiencing abuse. Yet, telehealth and virtual visits also present health centers with new challenges related to privacy, safety and digital health equity. More Details...

PrEP and Informatics (2020). Resource Type: Archived Webinar. Description: In this webinar experts from Fenway Health and HITEQ discuss using data, electronic health records, and informatics to make informed decisions regarding PrEP (pre-exposure prophylaxis) for HIV prevention. The webinar covers both clinical data usage and administrative staff support in using data and informatics for optimizing PrEP in health centers. More Details...

Telehealth.HHS.gov website (2020). Resource Type: Other. Description: The Telehealth.HHS.gov website provides information about the latest federal efforts to support and promote telehealth services. It was built by the Health Resources and Services Administration (HRSA), an agency of the U.S. Department of Health and Human Services (HHS). More Details...

HIPAA Compliance and Telework (English/Spanish) (2020). Resource Type: Publication. Description: This short legal guidance memo from FTLF is intended to guide health center staff in assuring HIPAA compliance in a remote work setting. It accompanies two other NACHC resources: Remote Work Toolkit; and Reduced Workflows and Staffing Guidance for Non-Clinical Operations COVID-19 Resource Packet. More Details...

Patient Confidentiality & COVID-19 (2020). Resource Type: Archived Webinar. Description: In this complimentary webinar, we will review the permitted uses and disclosures of patient information during emergencies under both HIPAA and Part 2 and discuss the most recent updates from OCR and SAMHSA. We will also provide responses to health center’s most frequently asked questions and suggest best practices to ensure on-going compliance during this challenging period. More Details...

Strategic Cybersecurity Breach Protection and Incident Response: Guidance and Resources for Health Centers (2019). Resource Type: Other. Description: This is Part 2 of HITEQ's Health Center Defense Against the Dark Web presentation series. This presentation provides general knowledge about breach mitigation and planning strategies for incident response. More Details...

Health Center Defense Against the Dark Web Presentation: Strategies for Building Security Awareness, Education and Compliance (2019). Resource Type: Other. Description: This cybersecurity presentation explores key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. Part 1 of this series will seek to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection will be covered with an emphasis on health center-wide information protection. More Details...

Creating and Managing Strong Passwords at Your Health Center: Guidance in relation to updated NIST security requirements and HIPAA (2018). Resource Type: Publication. Description: Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user.  Question: Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user.  After consulting with HITEQ cybersecurity experts and consultants who have helped publish cybersecurity guidelines, the recommendations outlined below were communicated. Answer: The short answer is Yes. HIPAA is not prescriptive and takes the general stance that authentication mechanisms should be “reasonable and appropriate” for the risk they present. Being able to say that you are implementing NIST Standards is a good way to show that you are implementing “reasonable and appropriate” controls. Some standards are relaxed in regards to password change and complexity, those items shouldn’t be taken in isolation. The additional controls in the 800-63 recommendations should also be put in place and can include: Having users check passwords against password lists from breaches e.g., https://haveibeenpwned.com/Passwords  Increasing the length requirements Getting rid of password reminder questions Increasing usability Further Guidance from NCCIC/US-CERT: NCCIC/US-CERT reminds users of the importance of creating and managing strong passwords. Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping them confidential can make it more difficult for others to access your information. NCCIC/US-CERT recommends users take the following actions: Use multi-factor authentication when available. Use different passwords on different systems and accounts. Don't use passwords that are based on personal information that can be easily accessed or guessed. Use the longest password or passphrase permissible by each password system. Don't use words that can be found in any dictionary of any language. Refer to Tips on Choosing and Protecting Passwords and Supplementing Passwords for best practices and additional information. More Details...

Ransomware Guidance Presentation for Health Centers: Updated with Ransomware Strategies from CISA (2019). Resource Type: Publication. Description: This ransomware guidance presentation for health centers, updated with ransomware strategies from CISA, provides information about ransomware, HIPPA implications, recent examples from the news, and suggested resources. More Details...

Center of Excellence for Protected Health Information: FOCUS: PHI is a SAMHSA-funded source for clear and accurate information about patient privacy and confidentiality (2019). Resource Type: Other. Description: Clear and accurate information about confidentiality is important to ensure that patient privacy is protected and that privacy laws are not erroneously interpreted to prevent disclosure of patient information. Individuals living with mental illness or substance use disorders may not seek care without guarantees of confidentiality and privacy protections. Clarifying privacy protections and promoting communication of patient records is critical for improving patients’ access to care and quality of treatment once in care. The Center for Excellence for Protected Health information is supported by SAMHSA and includes key resources around privacy and confidentiality. More Details...

Compliance with 42 CFR Part 2: A Case Study with Community Medical Centers, Inc. (2019). Resource Type: Publication. Description: Health centers are actively expanding the substance use treatment services they offer in the community to address access to care for opioid use disorders, and more broadly to address better screening, referral and timely access to all substance use disorder (SUD) treatment. This case study is an example of how a health center is assessing operations to comply with 42 CFR Part 2, with a particular focus on changes to their health information technology (IT) systems. It includes a 42 CFR Part 2 Regulatory Checklist that health centers may find particularly helpful to review. More Details...

Sharing Behavioral Health Information for Treatment Purposes: Mental Health and Substance Use Disorder (2019). Resource Type: Publication. Description: As health centers continue to integrate behavioral health services to meet their patients' needs for mental health and substance use disorder services, they must be aware of their responsibility to comply with applicable federal, state, and community standard of care confidentiality requirements. This fact sheet is designed to clarify under what circumstances and by what methods behavioral health information may be shared for treatment purposes, including discussion of HIPAA and Title 42 CFR Part 2. More Details...

Managing Online Patient Engagement (2018). Resource Type: Publication. Description: An integral component of health center practice operations is patient engagement. Whether patient engagement is done over the phone, in person at the health center, via patient portals or online, health centers need to be prepared to provide a positive patient experience. However, managing patient expectations about online engagement can present challenges. More Details...

The Health Center CIO’s Guide to HIPAA Compliant Text Messaging: 2018 Updates on Methods for Successful Electronic Patient Engagement (2018). Resource Type: Publication. Description: This slide deck provides health centers with information and a presentation template overview of the HIPAA and electronic PHI risks related to texting and messaging that are important for health center leadership and IT managers to understand in making organizational decisions for these types of tools. This slide deck provides health centers with information and a presentation template overview of the HIPAA and electronic PHI risks related to texting and messaging that are important for health center leadership and IT managers to understand in making organizational decisions for these types of tools.   Key considerations covered within this slide deck: Important to understand new changes to enforcement of HIPAA as it relates to portable devices, texting, and emailing of PHI. HIPAA privacy and security rules need not act as an obstacle to texting, but compliance requires planning and diligence. All forms of communication involve some level of risk. Text messaging merely represents a different set of risks that, like other communication technologies, needs to be managed appropriately to ensure both privacy and security of the information exchanged. More Details...

Security Risk Assessment: A HITEQ Privacy & Security Resource - New Templates Added May 2017 (2017). Resource Type: Template. Description: To successfully attest, providers must conduct a security risk assessment (SRA), implement updates as needed, and correctly identify security deficiencies. By conducting an SRA regularly, providers can identify and document potential threats and vulnerabilities related to data security, and develop a plan of action to mitigate them. More Details...

Privacy and Security: What You Need to Know (2017). Resource Type: Archived Webinar. Description: This is the first webinar in a 2-part series on Privacy and Security. Webinar 1 will focus on everything you need to know as a Health Center regarding Privacy and Security, including information on HIPAA, Privacy Practices, Business Associate Agreements, Policies and Procedures, and more. More Details...