Resource Search Results

Health Center Safety and Man-Made Threats Resource Packet: Targeted Resources on Health Center Security, Population-Specific Safety Topics, and Cybersecurity (2024). Resource Type: Publication. Description: This BPHCurates packet provides resources describing mitigation, preparedness, response, and recovery strategies for navigating man-made threats directed towards health centers, their staff, and patients. The man-made threats included in this packet are specifically related to health center security, population-specific safety concerns, and cybersecurity. More Details...

Health Center Resilience in the Face of Cyber Adversity: A Case Study of the Family Health Center of Worcester’s Ransomware Incident, February 2024 (2024). Resource Type: Publication. Description: The use of ransomware -- malicious software that restricts access to computer systems with financial demands -- has escalated, targeting health centers and putting countless lives at risk. This dire reality came to the forefront during the alarming ransomware attack on the Family Health Center of Worcester, Inc. (FHCW), where the personal health information and care continuity for thousands of patients were compromised. This resource uses FHCW's experience as a case study to demonstrate the imperative of preparedness and the strength of a community-centered response in ensuring the continuity of healthcare services amidst the ever-growing tide of cyber vulnerabilities. More Details...

Cyber Insurance & HIPAA Breaches Tip Sheet (2024). Resource Type: Publication. Description: This Tip Sheet specifically addresses how cyber insurance coverage can support health centers in meeting their obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to respond to security incidents and to report breaches. More Details...

HITEQ Highlights: What to Do About Health IT Hazards Associated with Copy and Paste in the EHR: HITEQ Highlights Webinar (2023). Resource Type: Archived Webinar. Description: Copy and paste functionality can support efficiency during clinical documentation, but may promote inaccurate documentation with risks for patient safety. This webinar discussed three key areas where health centers can consider implementing safe practice recommendations: Define copy and paste as a health IT safety issue by identifying the potential patient safety risks Review safe practice recommendations and implementation strategies to mitigate health IT-related hazards and safety issues Disseminate evidence, tools and practices for implementation More Details...

Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation and Response - Session 4: Virtual Learning Collaborative (2023). Resource Type: Archived Webinar. Description: It\'s time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you\'ll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won\'t become a breach. Health Centers are a domain with a high potential for data breaches, and the risk continues to grow as health centers use new tools and the introduction of artificial intelligence (AI). As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. To support health centers in their cybersecurity strategy and implementation, the HITEQ Center is offering a free learning collaborative -- Improving Health Center Cybersecurity: Risk Assessment, Breach Defense, Mitigation, and Response. This learning collaborative will involve four structured virtual learning sessions. During the series participants engaged with subject matter experts and their colleagues in peer-to-peer learning and discussion. Topics included: health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, cybersecurity implications of generative artificial intelligence in health centers, and incident response planning from a cybersecurity perspective. More Details...

HITEQ Highlights: Enabling a Cyber-Resilient Health Center: HITEQ Highlights Webinar (2023). Resource Type: Archived Webinar. Description: This HITEQ Highlight aimed to strengthen Health Centers\' capacity to build their cyber-resiliency. We covered risk management tools, methods for guarding against cybersecurity assaults, operationalizing cybersecurity to mitigate risks, and breach mitigation tactics. Participants focus on safeguarding data across the entire enterprise and examined approaches to implementing cybersecurity infrastructure through risk management frameworks and strategic risk assessment. More Details...

HITEQ Highlights: Health Centers as Actors (in Information Blocking)!: HITEQ Highlights Webinar (2023). Resource Type: Archived Webinar. Description: The HITEQ Center discussed approaches to balance patient confidentiality, sensitive situations, vulnerable populations, and meeting the provisions in CURES act and information blocking. How health centers should best prepare themselves and their staff to meet the information blocking provisions and better serve the patient population was also discussed. More Details...

FAQ: How will the upcoming changes to the Information Blocking and EHR certification requirements impact health centers?: October 2022 (2023). Resource Type: Publication. Description: When will the new information blocking and EHR certification requirements be in effect? What are the upcoming changes? How will these changes impact health centers? How will the scope of Information Blocking requirements change? How should health centers expand their EHI scope? How will EHR certification requirements change? How should health centers leverage the new FHIR R4 capabilities? More Details...

Navigating Compliance Challenges with the Information Blocking Rule: A Collection of Case Studies: HITEQ Center and Feldesman Tucker Leifer Fidell LLP, September 2023 (2023). Resource Type: Toolkit. Description: The Office of the National Coordinator for Health Information Technology’s (ONC) 21st Century Cures Act Information Blocking Rule (Info Blocking Rule) prohibits covered actors – including health care providers, health IT developers of certified health IT, and health information exchanges/health information networks– from engaging in practices likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information (EHI). The Info Blocking Rule includes eight exceptions that provide actors with certainty that, when their practice interferes with the access, exchange, or use of EHI and meets the conditions of one or more exception, such practice will not be considered information blocking.1 More Details...

Health Center Guidelines for Implementing FHIR and the Information Blocking Rule: HITEQ Center, September 2023 (2023). Resource Type: Toolkit. Description: The 21st Century Cures Act and the ONC Health IT Certification Program include rules for technical configuration and use of Health Level 7® (HL7) Fast Healthcare Interoperability Resources® (FHIR) for health data exchange and accessibility. Health centers are directed to enable and publish their healthcare data locations, known as FHIR endpoints,* to and from their electronic health record (EHR). Part of the Cures Act, known as the Information Blocking Rule, mandates that patients have “easy” access to their digital medical information, costs and claims associated with their health record, and whom the data can be shared with. More Details...

Cybersecurity: Ask Me Anything: HITEQ Highlights Webinar (2023). Resource Type: Archived Webinar. Description: This session sought to motivate and educate Health Center staff and leadership on current critical cybersecurity threats, concepts, and methods for the defense of health data. A panel of cybersecurity experts addressed questions on how to best protect the health center from both internal and external network leaks, through malware such as ransomware, and through physical means on-site. More Details...

Interoperability Readiness Scorecard: HITEQ Center, July 2023 (2023). Resource Type: Template. Description: Many health centers struggle to reap the benefits of technological advancement and investments in health information technology (health IT), while others embrace them and reap rewards. Interoperability is one such example; requiring health centers assess systems, relationships, and implementation. There are keys to successful interoperability implementation for which health centers must develop processes, stand up infrastructure (within the system, internally and externally, and organization), and then take action. Process refers to structured processes, policies, and procedures within the health center. Infrastructure refers to structural capacity and ability within the health center’s technology and staffing structure. Action refers to full implementation to the point of active and ongoing use and engagement. This scorecard encourages health centers to consider their processes, infrastructure, and action in a number of key areas. Each area key to interoperability are to be self-graded on a scale of 1 through 5, where 1 is poorly or not yet developed and 5 is well developed. Health centers can also use this to guide discussions and monitor progress over time. evaluate once steps have been completed. More Details...

The HITEQ Center Podcast: Sharing Virtual Care Success Stories and Lessons Learned in 2022 and 2023 (2023). Resource Type: Podcast. Description: HITEQ is highlighting stories of leveraging the EHR, health IT, digital health tools, and other virtual care supports for health center recovery and stabilization during the COVID-19 pandemic and thereafter in this series of podcasts. We are lifting up stories that demonstrate the promise of digital and health IT tools to address the timely needs of health centers and their patients, emphasizing those that support high value, equitable care for all health center patients and that reduce provider burden. More Details...

Promoting Cybersecurity Awareness for Patients: Protecting yourself when using patient portals, health apps, and online medical devices, June 2023. (2023). Resource Type: Archived Webinar. Description: This training guide provides patients with knowledge and awareness about cybersecurity threats to protect their personal health data and to minimize risks from computer viruses and malware. More Details...

Sensitive Information and the Electronic Patient Record: HITEQ Center, June 2023 (2023). Resource Type: Toolkit. Description: With nearly 100% of community health centers utilizing electronic health records (EHR) to care for patients, focus has pivoted from implementation and new workflow development to enhancement in order to drive value and reflect patient needs and population trends. EHR technology presents potential opportunities and significant constraints. Providers frequently document and share potentially sensitive information in the EHR, such as risk for intimate partner violence (IPV), consistent offers of pre-exposure prophylaxis (PrEP), or patient sexual orientation and gender identity (SOGI). More Details...

A Guide to Essential Cybersecurity Tasks for Health Centers: For health centers with limited resources, developed in June 2023 (2023). Resource Type: Toolkit. Description: In an increasingly connected healthcare landscape, health centers face a dual challenge: the rising tide of cyber threats and the need to comply with stringent data protection regulations, all while managing limited resources. The ever-evolving nature of cyberattacks and the complexity of compliance requirements make it essential for health centers to prioritize cybersecurity tasks effectively. More Details...

Cyber Security Trends, HIPAA and Insurance (2023). Resource Type: Archived Webinar. Description: This webinar covers conducting a security risk assessment and developing a risk mitigation plan, the HIPAA requirements related to responding to a security incident, including notifying impacted patients, the media, and the Office for Civil Rights (OCR), as well as cyber Insurance best practices and options. More Details...

Active Shooter and Active Threat Response for Healthcare (2022). Resource Type: Archived Webinar. Description: The webinar discusses active shooter and active threat definition and profiles, background statistics, key response and recovery considerations, and preparedness resources. More Details...

Electronic Case Reporting Leveraging Fast Healthcare Interoperability Resources Toolkit: Electronic Health Records and Case Reporting Privacy and Security (2022). Resource Type: Toolkit. Description: In order to aid PCAs and HCCNs in developing a workplan for implementing a FHIR API integration for their network partners this guide includes resource planning, consideration of EHR vendor and individual EHR instance needs, and understanding case reporting requirements. More Details...

Electronic Case Reporting Leveraging Fast Healthcare Interoperability Resources Toolkit: Electronic Health Records and Case Reporting Privacy and Security (2022). Resource Type: Toolkit. Description: In order to aid PCAs and HCCNs in developing a workplan for implementing a FHIR API integration for their network partners this guide includes resource planning, consideration of EHR vendor and individual EHR instance needs, and understanding case reporting requirements. More Details...