Make your voice and needs known!:

Take the National TTA Needs Assessment!

Resource Search Results

Menu

Edit Your Search


New Search

View MyCitations

s

Displaying records 1361 through 1380 of 1593 found.

HITEQ Job Function Decision Tree: A Matrix of Skills and Job Descriptions for Health IT Staff (2016). Resource Type: Publication. Description: The following document is intended to assist health center staff create new job descriptions and/or modify existing job descriptions to more clearly incorporate Health IT and quality-related responsibilities.  The matrix provides responsibilities across three categories of roles:  Medical Leadership, Quality, and Health IT.  It differentiates these responsibilities based on typical job functions (e.g., Quality Improvement, Compliance, Meaningful Use).    The following document is intended to assist health center staff create new job descriptions and/or modify existing job descriptions to more clearly incorporate Health IT and quality-related responsibilities.  The matrix provides responsibilities across three categories of roles:  Medical Leadership, Quality, and Health IT.  It differentiates these responsibilities based on typical job functions (e.g., Quality Improvement, Compliance, Meaningful Use).    This tool is helpful in two distinct ways. First, the matrix can provide language to modify existing job descriptions to ensure that for each function, responsibilities are articulated across all appropriate health center roles. Second, the matrix can help an organization that has determined the need for additional Quality and Health IT staff, such as a Data Analyst or Quality Coordinator.  The tool can assist in determining which functions will be incorporated into the new role, and then developing the job description from the chosen functions. More Details...

HITEQ Health App Decision Tree: A tool developed In collaboration with the Children's Health Fund to help choose appropriate Health Apps (2017). Resource Type: Publication. Description: There are thousands of consumer health applications health apps, which run on smartphones, watches, tablets, and other mobile devices. These Health Apps are available for download for general consumers, patients, and healthcare professionals. Currently, there is no governmental agency that provides certification or guidance on health apps, although there are several projects from organizations such as HL7, the FDA, ONC, and OCR that are working to provide guidance. User discrepancy in terms of the validity and safety of the health apps they choose to use are primarily based on ratings or recommendations. This guide seeks to provide a health app decision tree that can assist medical professionals and consumers in making wise choices when using health apps. There are thousands of consumer health applications health apps, which run on smartphones, watches, tablets, and other mobile devices. These health apps are available for download for general consumers, patients, and healthcare professionals. Currently, there is no governmental agency that provides certification or guidance on health apps, although there are several projects from organizations such as HL7, the FDA, ONC, and OCR that are working to provide guidance. User discrepancy in terms of the validity and safety of the health apps they choose to use are primarily based on ratings or recommendations. This guide seeks to provide a health app decision tree that can assist medical professionals and consumers in making wise choices when using health apps. The Children's Health Fund was made aware of a use case in which a health app that was targeted for use by adults was used for a child and consequently caused a detrimental health issue. Currently there are no certifying bodies for consumer-oriented health apps and consequently many doctors must navigate this domain themselves. This guide seeks to provide a health app decision tree that can assist medical professionals and consumers in making wise choices when using health apps. Download the decision tree below. More Details...

Hiring Test to Screen Possible Candidates for Data Knowledge: Gauging an Applicant’s Basic Data Knowledge and Abilities (2016). Resource Type: Publication. Description: This test is intended to gauge an applicant’s basic data knowledge and abilities.  Applicants are to go through all the tabs in order and follow the instructions in the red boxes. Included is an answer key that accompanies the Hiring Test. After giving a candidate the test, the hiring manager can use the Answer key to assess how the candidate did on the test. This test is intended to gauge an applicant’s basic data knowledge and abilities.  Applicants are to go through all the tabs in order and follow the instructions in the red boxes.  Hiring managers can administer this test as they see fit: they can email it to the applicant after a phone interview to see if they want to offer them an in-person or second interview it can be completed after the interview to determine whether the applicant has the basic skills needed for the position if the person is the right choice for the company because of mission-fit and soft skills, it can be used as a training assessment This also allows employees to assess if the job is the right fit for them. Note: Patients listed are fictitious examples More Details...

Hiring for Team Fit (2017). Resource Type: Archived Webinar. Description: This archived webinar recording explains the importance of hiring for "Team Fit" to the patient experience and describes best practice examples for hiring for "Team Fit" More Details...

Highlighting the Role of Enabling Services at Community Health Centers: Collecting Data to Support Service Expansion and Enhanced Funding: The Enabling Services Accountability Project (2010). Resource Type: Publication. Description: This issue brief, written collaboratively between AAPCHO and the National Association of Community Health Centers (NACHC), describes the importance of enabling services (ES), such as interpretation and eligibility assistance, and how better quantifying the provision of these services can demonstrate their value to private and public payers. More Details...

High-Performance Health Centers: Learning, Measuring, Achieving (2014). Resource Type: Publication. Description: This guide explores the transition from data to information to knowledge to action with the goal of achieving a high level of performance. It discusses the difference between calculating outputs and measuring outcomes, and reviews the basics of “change management,” explaining how to identify what’s important and how to transform limited resources into significant improvements. It also describes the importance of measuring, benchmarking, and evaluating all organizational activities, providing an introduction to the tools needed to attain high performance. More Details...

HIE Evaluation Checklist: Scoring HIE offerings to assess suitability to your health center. (2016). Resource Type: Publication. Description: This HIE evaluation checklist is a scoring checklist that health centers can use to evaluate HIE offerings on a number of key components ; and was modified for the health center audience with permission from the HIMSS HIE Evaluation Checklist. HITEQ recommends this scoring checklist which health centers can use to evaluate HIE offerings on a number of key components. This has been adapted from an earlier checklist developed by the Healthcare Information and Management Systems Society (HIMSS), with permission. The checklist includes multiple criteria that may be more comprehensive than some providers need, but this scoring tool allows individual criteria to be included or omitted as appropriate during your review. The first tab ("HIE Evaluation Checklist") is a blank document. The second tab ("Checklist Example") shows how one provider might rate a particular HIE offering by including, excluding, and attaching its ratings to each criterion. Download the excel checklist below. More Details...

Helping Residents in Public Housing Understand the Affordable Care Act (n.a.). Resource Type: Publication. Description: No annotation provided by the authoring organization. More Details...

Healthy Smiles for a Lifetime (2005). Resource Type: Patient Material. Description: This is an oral health curriculum for the training of community health workers. It focuses on preventing common dental problems such as tooth decay and gum disease and the barriers that keep farmworkers from being able to enjoy good dental health. More Details...

Healthy Minds, Healthy Bodies: Promoting Mental Wellness in Youth (n.a.). Resource Type: Archived Webinar. Description: Youth share their perspectives on mental health, how SBHCs can promote awareness, and ways adolescents and adults can work together to overcome stigmas and improve student health. More Details...

Health, Schools, and Public Housing: Uniting for Young People's Success (2018). Resource Type: Archived Webinar. Description: This webinar discusses needs of children and adolescents within public housing and successful health center strategies for creating partnerships between housing and education sectors. More Details...

Health Tips (2015). Resource Type: Patient Material. Description: Health Tip's is a bilingual, quarterly publication that focuses on health topics and issues prominent to the farmworker and the general Hispanic population. It makes use of low-literacy and culturally - appropriate terminology to present the latest, most updated information on health topics. More Details...

Health Outcomes and Data Measures for Supportive Housing and Health Centers: A Quick (Data) Guide for Health and Housing Partnerships (2017). Resource Type: Publication. Description: Both health and housing providers are tracking data elements and outcomes for a similar vulnerable populations. This resource guide highlights the common data elements currently being tracked, and opportunities to learn from multi-sector partners More Details...

Health IT-Enabled Quality Improvement: A Guide to Improvement: 10/4 HITEQ Highlights Webinar Transcription (2016). Resource Type: Publication. Description: A transcription of the October 4th HITEQ Highlights webinar. A transcription of the October 4th HITEQ Highlights webinar.  Improving care delivery is a business and mission imperative for health centers, and the HITEQ Center offers a growing collection of tools and services to support this journey. The foundation for these particular offerings is the "Guide for Improving Care Processes and Outcomes in FQHCs."  This web-based resource provides step-by-step guidance on understanding and improving workflows and information flows that drive performance on key targets such as hypertension control and colorectal cancer screening. Guide centerpieces include worksheets for documenting, analyzing, sharing and improving care processes for such targets. Strategies and tools in the Guide have been used successfully in various quality improvement (QI) initiatives, and a HITEQ Center focus is spreading this value more quickly and widely among health centers. This introductory training session introduces health centers and their partners to the Guide's proven approaches, worksheets and other health IT-enabled QI tool More Details...

Health IT Staff Resume Screening Tool: A template for Human Resources and Hiring Managers (2016). Resource Type: Publication. Description: This is a list of key words and phrases that can be used to pre-screen resumes for HIT/QI jobs to help quickly identify candidates for an additional screen. More Details...

Health IT Staff Recruitment Strategies: A template for Human Resources and Hiring Managers (2016). Resource Type: Publication. Description: This resource provides ideas about the latest recruiting tips used by community health centers as well as leading organizations from other industries. Review the strategies and identify ones that could work in your organization.  Adapt them as necessary to fit your particular needs and resources. This resource provides ideas about the latest recruiting tips used by community health centers as well as leading organizations from other industries. Review the strategies and identify ones that could work in your organization.  Adapt them as necessary to fit your particular needs and resources. More Details...

Health IT Privacy & Security Skill Sets: The Importance of Information Security for all Health Center Staff (2017). Resource Type: Publication. Description: Since 2010, the healthcare industry has seen a remarkable increase in the use of technology in the administration and delivery in healthcare. This has led to a mass migration of data from paper charts and isolated systems to Electronic Medical Records EMRs and interconnected systems that transmit patient health and financial information across trusted and untrusted networks. While this has been a boon for the industry in its ability to provide timely information to those who need it the most, this transition has introduced a great deal of risk to the confidentiality and integrity of the information. Coupled with the fact that the information can be quickly monetized by criminals through insurance fraud and identity theft, the ecosystem is target-rich. Since 2010, the healthcare industry has seen a remarkable increase in the use of technology in the administration and delivery in healthcare. This has led to a mass migration of data from paper charts and isolated systems to Electronic Medical Records EMRs and interconnected systems that require ever-evolving privacy and security requirements to safely transmit patient health and financial information across trusted and untrusted networks. For an overview of the information contained herein access this recorded webinar and companion materials including a transcript and slides for reference.     Why Information Security Teamwork is Important for Health Centers Resource Context While the increase in the adoption of health IT across all service levels has been a boon for the healthcare industry in its ability to provide timely information to those who need it the most, this transition has introduced a great deal of risk to the confidentiality and integrity of the information. Coupled with the fact that the information can be quickly monetized by criminals through insurance fraud, extortion, and identity theft, the ecosystem is target-rich. Read More... What this means for health centers is that they are storing and transmitting high-value information in a dangerous environment which adds up to High Risk to the organization. The results of breaches include:  Reputational Breach Notification Laws require public notification of breaches Reduced ability to provide care Patients may withhold information if they cannot trust that it will be maintained confidentially Records that have been breached may contain incomplete or inaccurate information Financial Fines from the Office for Civil Rights Breach Notification costs; administrative and legal Remediation costs; technical remediation, staff retraining, Corrective Action Plans CAPs Legal action from affected patients and third party organizations Lost Business Loss of reputation may lead patients to seek care elsewhere Audience The strategies and tools in this Guide are targeted to all levels of health center staff, and health center partners that support Health IT Privacy & Security goals. Read More... Everyone who actively participates in the guidance and day to day operations of a health center have a responsibility to: Increase their awareness of primary healthcare security risk domains and the responsibilities of staff depending on their role within the health center to ensure better information security.   Improved their ability to recognize security risks within their own organization and better understand how to plan and mitigate for information security risks identified. Why Using this Guide is Important for Health Centers Community Health Centers need to continually refine their health IT security and privacy strategy. A lack in a clear strategic direction throughout all levels of health center services are being met with continually rising costs, across factors that include penalties, time expenditure, patient safety,trust and satisfaction, and the overall perception of quality held by related healthcare institutions. Health Centers need to invest in and devise a concrete roadmap and systems development and maintenance lifecycle that is transparent and supported by all levels of health center staff, including clinicial staff, front and back office staff, privacy and security staff, and the board of directors. Read More... Below are a few examples key stakeholders and their respective health IT privacy and security responsibilities All Clinical Staff: Even under emergency circumstances be diligent in handling and managing PHI Front and Back-Office Staff: Protect the confidentiality, integrity, and availability of electronic PHI at all times  Health Center Administration: Promote an organization-level committment to upholding best practices in health information privacy & security management.  Health Center Board of Directors: While a board is generally not involved in the day-to-day operations of cybersecurity, they do have a responsibility to ensure that proper structures are in place and that the organization is taking appropriate steps to identify and address cybersecurity risks How to Use this Guide Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean varius sapien nisl, id convallis justo semper nec. Pellentesque massa urna, cursus vitae accumsan eu, feugiat vel ipsum. Maecenas commodo libero lacus, non congue leo condimentum ullamcorper. Morbi vehicula accumsan quam. Integer accumsan velit ac lacinia pulvinar. Cras at arcu quam. Quisque a sagittis tortor. Nulla ut urna quam. Sed sodales justo ut rutrum luctus. Sed a tellus sollicitudin, bibendum dolor at, condimentum urna. Cras venenatis eu lectus eget interdum. Read More... Nam a euismod dolor. Etiam in ornare magna. Praesent eu posuere enim, mollis sagittis lectus. Praesent pharetra sit amet arcu sed tincidunt. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Ut finibus, dui quis laoreet vestibulum, purus arcu vestibulum mi, nec rhoncus ex purus ac orci. Duis egestas ligula eros, in commodo turpis vehicula nec. Donec vulputate pharetra sapien, non vestibulum quam consequat non. Nulla elementum tempus risus, eget dapibus purus faucibus vel. Quisque vitae volutpat est. Suspendisse molestie at nulla vitae cursus. Donec efficitur leo sed scelerisque elementum. Phasellus lacinia ante in bibendum aliquam. Fusce tempor mi sed risus egestas viverra. Sed quis nisl luctus, tristique est sit amet, vestibulum diam. Vivamus in eros tincidunt neque rutrum volutpat. Duis vulputate turpis a lacus eleifend volutpat. Nunc vel interdum felis, ut sollicitudin massa. Ut ac aliquam lorem, nec ultrices enim. Nulla volutpat eros libero, non malesuada risus faucibus eu. Donec ultrices sodales accumsan. Duis gravida, mi non pretium porttitor, mauris est pellentesque eros, id vestibulum augue lectus non eros.   Health IT Privacy & Security Key Factors Compliance The HIPAA Privacy and Security Rules provides a set of standards for the Confidentiality, Integrity, and Availability of electronic Protected Health Information ePHI. Health Centers are required to demonstrate compliance with the HIPAA Privacy and Security Rules through the implementation of Administrative, Technical, and Physical safeguards. Read More... The HIPAA Security Rule is designed as a Risk Management Framework that consists of conducting regular Security Risk Analysis and implementing a Risk Management Process that implements reasonable and appropriate safeguards. The HITECH Act of 2009 builds on the HIPAA Privacy and Security Rules to include Breach Notification Requirements, increased patient access to their medical records, compliance of Business Associates, and stronger enforcement of compliance. The Meaningful Use MU program also enacted in the HITECH Act included requirements to conduct an annual Security Risk Assessment as a prerequisite for collecting incentive moneys. While MU did not add any requirements that were not already a part of the HIPAA Security Rule, it did provide the incentive for many organizations to conduct regular Security Risk Assessment where they previously had not.   Security While the HIPAA Security Rule does provide the foundation for information security, it is important for organizations to understand that being compliant does not necessarily equate to having good security. It is important for organizations to continuously evaluate their organization and their systems against industry standards and guidance to ensure appropriate security controls are in place. This can certainly be performed in conjunction with a HIPAA compliance program. Read More... It is important for Health Center IT leadership to understand the key differences between security and compliance. As illustrated in the graphic below, while there is a cross-over between compliance and security to the degree that compliance establishes some security baselines, it is important to know that security encompasses a broader domain of required practices and controls in order to be effective.   Approach The Security Risk Assessment approach outlined in the HIPAA Security Rule is designed to allow organizations to implement “reasonable and appropriate” safeguards. Said another way, the Rule does not prescribe what specific safeguards must be in place. This allows for flexibility based on the size of the organization, the technology in place, the number of medical records, and other organization-specific considerations. Read More... An example of this flexibility is can be seen when considering Disaster Recovery Planning. What is a reasonable disaster recovery plan for a large health system would be excessive for a small doctor’s office. An OCR auditor would certainly have different expectations of these two types of organizations. While the framework of the HIPAA Security Rule provides flexibility, the non-prescriptive nature of it can make it difficult to understand how to comply with its requirements and find concrete examples and expertise. Many organizations become concerned about identifying and documenting risks in their risk assessment as they worry it will be an indicator of non-compliance. Between the lack of understanding of the requirements and the fear of documenting risks, many assessments end up being an enumeration of security controls or simple checklists. Neither of these deliverables would meet the expectations of a Security Risk Assessment. When looking at what is a “reasonable and appropriate” safeguard, organizations can look at what other similar organizations are doing. If other similar organizations are encrypting their laptops, it would seem reasonable to expect your organization to do the same. Finally, one can look at industry standards and guidance for information on what security controls are not only reasonable and appropriate, but also effective. Remember, the goal is effective security, not just checking the checkboxes for compliance.   Health Information Security Basics An important place to start with protecting ePHI is with the basics. This is considered the “blocking and tackling” of information security, or those things that users, managers, and IT staff should be performing day-in and day-out to protect information. Step 1: Identify ePHI Many organizations only consider their EMR when considering the security of their ePHI. What one must consider is that EMRs do not reside in a bubble. ePHI is transmitted to and from EMR systems, communication with patients and other third parties often occurs outside the EMR, and data is generated and stored outside the EMR.   Read More... ePHI must be protected both at rest and in transit i.e. as it is being transmitted both internally and externally. Consider the following typical areas where ePHI is stored or transmitted: Practice Management System Email Text Messages Other messaging systems Fax transmission and storage of faxes Billing Systems Patient Portals Phone conversations and voicemail Photocopiers and network printers Medical Devices Image storage Reports Backup Storage If the people using ePHI on a day-to-day basis can learn to recognize when they are handling ePHI and where it is stored and/or transmitted, they can start to have the awareness of how it can be protected. Step 2: Protect ePHI When EMR and other product vendors market the fact that their system is “HIPAA-Compliant”, many take that as assurance that the system is secure and don’t give additional thought to protecting the information. Read More... Unfortunately, no matter how secure the system is, it is when the ePHI is used that the risk of a breach increases. Examples of potential openings for breach include: A user uses the same or slightly modified password between their personal email account and their EMR account. That password is compromised either because their email system has been compromised or a family member may know or find out the email password. Now that password can be used to access the EMR system by a third party. A staff member exports a report from the EMR and attaches it to an email for a colleague, referring provider, or billing company use. The message is sent using a public email system to another public email system. The risks involved include: While the message is being transmitted unencrypted over the Internet, it could be intercepted A typo in the email address could lead to the message being read by an unintended recipient Either person’s email system could be compromised and the information breached Information from an EMR system is exported to a USB drive in order to transfer to another computer. USB drive is lost or reused by another staff member and therefore information is breached. Step 3: System Protections Most operating systems these days are capable of protecting information, however the out-of-the-box configuration is generally focused more on usability than security, so enabling security protections is something that must be performed deliberately. Read More... Here are a few steps that can be taken to increase the security posture of modern workstations, laptops, and tablets: Password protection – Password protecting your system enables the user to prevent unauthorized access to information and/or tampering with the system. This also prevents others from connecting to a system over the network, so even if a workstation is located in a more secure area, it is important that all sessions be properly authenticated. Current standards for strong passwords include: At least 8 characters Mixture of uppercase/lowercase, numbers, and symbols Not based off a single dictionary word though phrases are good Do not use the same password for multiple systems Individual user accounts – If more than one person will be using a system, create an account for each person. This will allow you to determine who used a system and when as well as grant access to information to other users on an as-needed basis. Encryption – Many systems have built-in encryption capabilities; however, it may not be enabled by default. If a system with ePHI is lost or stolen and the data is encrypted, this will provide safe harbor from breach notification. <citation needed> Furthermore, the HIPAA Security Rule requires that organizations encrypt ePHI wherever “reasonable and appropriate”. Failure to do so would require an organization to provide evidence that it was not reasonable and appropriate or to provide evidence that equivalent alternate safeguards are in place. End-Point Protection – Traditionally, end-point protection consists of Anti-Virus software that detects malware based on signatures. While this is still an important protection, today’s attacks have become adept at evading detection by anti-virus signature-based detection. End-point protection adds additional protections including: Additional behavior-based heuristics for detecting malware Built-in antispyware protection More intelligent host-based firewall Intrusion Detection and Warning Application control and user management Data input/output controls such as locking down USB ports and other removable storage Step 4: Continuous Maintenance One of the toughest aspects of privacy and security management is the diligence required to maintain safety. Security is not a one-time task and requires ongoing maintenance, upgrades, training and changes to workflow. Read More... Below are a few examples of ongoing maintenance tasks that organization should be performing: Security Awareness Training – This is all about creating a culture motivated and dedicated to securing patient data. Workforce members require regular reminders regarding how to detect suspicious activity, handling of ePHI, and what to do in the event of a security incident. This is especially important as threats evolve and new threats appear. Patching – Many breaches occur because systems have security vulnerabilities that have fixes available, however the fix has not been applied. Be diligent about operating system updates and updating of third party software and components. Review Policies and Procedures – As technology and work processes change, policies and procedures should be reviewed and updated accordingly. HIPAA requires that organizations have a policy for review of policies. Standard practice is to perform this task annually or as changes occur. Health Information Security Basics While the HIPAA Security Rule does provide a framework for security risk management, it can be difficult to know what specific steps to take to implement “reasonable and appropriate” security controls. Ways of determining this may include looking at what other similar organizations are doing and adopting relevant industry standards. One such standard organization effort that security administrators may wish to consider is The Center for Internet Security’s CIS Top 20 Critical Security Controls CSC. This standard is internationally recognized and provides guidance that is flexible for organizations of all size and maturity. The guidance is specific and practical and can often be adopted without spending a lot of money. Per the Australia Signals Directorate ASD: “Incorporating the Top 4, the eight mitigation strategies with an 'essential' rating are so effective at mitigating targeted cyber intrusions and ransomware that ASD considers them to be the cyber security baseline for all organisations.” Critical Security Controls Read More... While ASD recommends the Top 4, CIS indicates “Controls CSC 1 through CSC 5 are essential to success and should be considered among the very first things to be done.” The top 5 controls include: CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges These controls do map to requirements of the HIPAA Security Rule and can be used to assist organizations in finding specific technical measures that can help meet the requirements. A mapping of the Top 5 Controls provides an example: # Control Family HIPAA Security Controls 1 Critical Security Control #1: Inventory of Authorized and Unauthorized Devices 164.310c: Workstation Security - R 164.310d1: Device and Media Controls: Accountability - A 2 Critical Security Control #2: Inventory of Authorized and Unauthorized Software 164.310c: Workstation Security - R 3 Critical Security Control #3: Secure Configurations for Hardware and Software 164.310c: Workstation Security - R 4 Critical Security Control #4: Continuous Vulnerability Assessment and Remediation 164.308a8: Evaluation 164.308a6: Security Incident Procedures 5 Critical Security Control #5: Controlled Use of Administrative Privileges 164.310b: Workstation Use - R 164.310c: Workstation Security - R 164.312: Access Control: Unique User Identification - R 164.312b: Audit Controls 164.312d: Person or Entity Authentication   Acknowledgements Origins and Ongoing Refinement of this Guide: The content in this resource is drawn from and builds on widely used Information and Security standards, tools and protocols that have continually increased in terms of required measures, especially over the past couple decades in which the Internet and the ever-growing Internet of Things have evolved and expanded. The HITEQ Center plans to continue refining this Guide based on input from users like you, so please consider sharing your feedback through the comment form. Read More... This guide was developed in collaboration with Adam Kehler, CISSP, a Senior Consultant within the Healthcare Information Privacy and Security division of Online Business Systems. Adam specializes in assisting healthcare organizations in managing and meeting compliance requirements such as conducting security risk assessments, systems vulnerability assessments and regulations associated with HIPAA and Meaningful Use criteria. Adam is assisting the HITEQ project in building out resources and guidance to health centers on privacy and security best practices. More Details...

Health IT Interviewing Questions: Examples for Human Resources and Hiring Managers (2016). Resource Type: Publication. Description: This resource provides a list of sample questions that can be used to interview job candidates. The questions are organized into four categories: 1) questions for HIT staff positions; 2) questions for quality improvement staff positions; 3) questions for either position; and 4) questions for senior HIT or Quality positions.   This resource provides a list of sample questions that can be used to interview job candidates. The questions are organized into four categories: 1) questions for HIT staff positions; 2) questions for quality improvement staff positions; 3) questions for either position; and 4) questions for senior HIT or Quality positions.   These questions are intended to be a menu of items that an organization can pick or choose from, adapt to meet their organization’s needs, or use to generate additional/new questions. More Details...

Health IT enabled Quality Improvement Project Charter: The first step in a QI project. (2017). Resource Type: Publication. Description:  A Project Charter serves as a reference of authority for the future of the project. Creating a Project Charter and getting sign off from all participants gives all involved the authority to begin the work outlined therein. The task of developing the Project Charter builds understanding, consensus, and clarity about purpose, expectations, roles and responsibilities, and communications. Why develop a Quality Improvement Project Charter? Formalizes authority to dedicate resources (such as staff time) to the QI project Defines the purpose and expectations for the QI project Identifies key stakeholders to engage in QI project Clarifies roles and responsibilities of the QI Lead and QI Team members Assures commitment and support for QI project from leadership and QI Team members Provides a sustainable framework for any QI Project A Project Charter serves as a reference of authority for the future of the project. Creating a Project Charter and getting sign off from all participants gives all involved the authority to begin the work outlined therein. The task of developing the Project Charter builds understanding, consensus, and clarity about purpose, expectations, roles and responsibilities, and communications. Download the Project Charter (Word document) below to use with your QI team. It is important that this be completed with your QI team and leadership. Also, be sure to be as specific as possible when completing your QI charter, as this will be your reference for all things related to your project.  For example, rather than say you will hold monthly meetings, be specific that meetings will be the third Wednesday of the month at 9am. Another example, for the communication plan, be specific as to exactly who needs to be communicated with at what frequency, and through what channels. More Details...

Health IT and QI Workforce Development: Onboarding for Success: 11/29 HITEQ Highlights Webinar Transcription (2016). Resource Type: Publication. Description: A transcription of the November 29th HITEQ Highlights webinar.  After a brief introduction to HITEQ and this Resource Set, this webinar will highlight two specific tools for onboarding new staff into your health center with a focus on speeding the onboarding of Health IT and QI staff. The webinar will delve into the two onboarding tools - the Calendar and the Sample of a Staff Member’s Dashboard for Required Tasks, showing how they are meant to be used and how you can customize them for your needs. More Details...

This project is supported by the Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS) as part of an award totaling $6,625,000 with 0 percentage financed with non-governmental sources. The contents are those of the author(s) and do not necessarily represent the official views of, nor an endorsement, by HRSA, HHS, or the U.S. Government. For more information, please visit HRSA.gov.