Mac McMillan Speaking at Hawaii-Alaska Chapter of HIMSS

Hawaii-Alaska Chapter of HIMSS Brownbag

October 9, 2012 @ 11:30

HMSA Building Multi-Purpose Room (MPR)

OCR Random Audits: A Look Inside

Presenter: Mac McMillian, HIMSS Privacy and Security Policy Task Force

This presentation will allow attendees the opportunity to discuss the OCR Random audit process, learn ways to assess their program and prepare for an audit.

Ø  During this session participants will:

Ø  Discuss what the audit process looks like and what to expect

Ø  Understand how to prepare your facility/department for the audit process

Ø  Understand how to review your program to understand weaknesses

Ø  Participants will review lessons learned from early audits

Ø  Heightened Enforcement and the Omnibus Rule

Ø  Where enforcement is at today and the signal HHS is sending

Mac McMillian serves as the National Chair for HIMSS Privacy and Security Policy Task Force.  The newly-formed HIMSS Privacy and Security Policy Task Force was established to bring together a group of industry thought leaders to support HIMSS’s formal response to new legislation, regulation, as well as to develop HIMSS policy position papers and tools that relate to healthcare privacy and security. One of the goals of the Task Force is to collaborate with fellow professional organizations like HFMA, MGMA, AHIMA, HCCA, etc. to formulate a broader industry response, when appropriate, as well.

___________________________________________________________

 

This is the fourth Brown-bag luncheon with this year’s theme of

“Bringing Healthcare Information Technology to the Consumer”:

–          July – Hawaii Health Connector (insurance exchange), presented by Coral Andrews, the Connector’s executive director

–         August – Update on HIMSS Advocacy, presented by Lee Castonguay, with Colin Underwood from Alaska

–         September  – Can Smart Cards help the consumer get more engaged in healthcare?, Presented by David King-Hurley of LifeNexus

o           UPCOMING – October 9  – OCR Random Audits: A Look Inside, presented by Mac McMillian, HIMSS Privacy and Security Policy Task Force

•                  Using Technology to Keep Seniors at Home

•                  Personal Health Records in the Cloud

•                  HIE for Everyone

•                  Privacy and Identity is a requirement

•                  MU 2 and 3, impacts on the consumer

•                  HIT Day for Public Policy

•                  Analytics and You

•                  Use of Games in Health Care

Mac McMillan, Accepted to Speak at HIMSS13

Mac McMillan,  has been accepted to speak at HIMSS13:

Mac McMillan, CEO of CynergisTek had his proposal accepted on “Business Associate Management under HIPAA: More than just a contract.”  Mac McMillan has accepted the opportunity and will await to hear details. This will be the third consecutive year he has been accepted to speak at HIMSS.

What is HIMSS: 

The Healthcare Information and Management Systems Society (HIMSS) is a nonprofit organization whose goal is to promote the best use of information technology and management systems in the health care industry.

Founded in 1961, HIMSS provides a forum for collaboration among the various stakeholders in health care IT, using advocacy, education and collaboration to further its mission. Its membership base of more than 44,000 individual and 570 corporate members includes health care providers, students, IT vendors, consultants and other stakeholders in the health IT industry. HIMSS currently focuses its attention on health IT topics such as electronic health record systems, HIPAA security and privacy provisions, software interoperability and technical standards.

HIMSS produces an annual conference that brings together health IT stakeholders for several days of education and networking. The organization also offers a research arm known as HIMSS Analytics and a philanthropic group known as the HIMSS Foundation.

CynergisTek CEO to Speak at Five Educational Events in September

Industry Thought Leader, Mac McMillan, to Discuss Best Practices for Privacy and Security in the Era of Stage 2 Meaningful Use and OCR Audits

Austin, Texas, September 14, 2012— CynergisTek™, an authority in enterprise security and privacy solutions and services for healthcare organizations, today announced that its CEO and Chair of the Healthcare Information and Management Systems Society (HIMSS) Privacy and Security Policy Task Force, Mac McMillan, will speak at five education sessions this month:

• NCHICA “OCR Audit Readiness: Advice from Those in the Know.” Monday, September 10, 2012 at 11:30 a.m. EST

• AHIA Tech Talk Roundtable call. Monday, September 10, 2012 at 3:30 p.m. EST
• Iowa HIMSS, “OCR Audit Process: A Detailed Look Inside, Mac McMillian, HIMSS Privacy and Security Policy Task Force.” Wednesday, September 12, 2012 at 2:30 p.m. CST

• CHCA Corporate Compliance Forum, Friday, September 14, 2012 at 8:00 a.m. CST
• AHiMA Privacy and Security Institute, “OCR Audits: Lessons Learned,” (presentation with David

Mayer, OCR Senior Advisor) Saturday, September 29, 2012 at 11:00 a.m. CST

McMillan will provide attendees with a foundational understanding of the most significant IT security challenges currently facing healthcare today, including the implications of Meaningful Use and other regulatory initiatives. In addition to his general update on current industry trends, McMillan will also share lessons learned from CynergisTek’s experiences providing consultative services to multiple entities chosen to undergo the pilot phase of OCR’s HIPAA Audit program.

“The latest regulatory shifts towards a more stringent set of healthcare IT security standards have increased the pressure on organizations to get their security house in order. Simultaneously, recent hacker activities, like the extortion incident in Illinois, have demonstrated that the stakes are much higher than simple regulatory compliance,” said McMillan. “Both these trends have driven very strong demand for our expertise and unique perspective, and I am looking forward to sharing some of those firsthand lessons and best practices around preparing for new threats and regulations at these upcoming events.”

CynergisTek’s solutions and services are specifically designed to help healthcare organizations improve their security posture, facilitate compliance, advance operational efficiency and foster trust. CynergisTek’s managed and on-demand solutions address the fundamental elements of information security management, including:

• Strategy and Governance
• Compliance and Risk
• Infrastructure
• Technical Vulnerability Management
• Audit Readiness
• Managed Security Solutions

About CynergisTek

CynergisTek is an authority in healthcare information security and privacy management, regulatory compliance, IT audit and advisory services, business continuity management, security technology selection and implementation, and secure IT infrastructure architecture and design solutions. The firm offers practical, manageable and affordable consulting services for organizations of all sizes and complexity. Using an organized, planned and collaborative approach, CynergisTek applies multidisciplinary expertise to serve as partner and mentor, to enhance the consulting experience and, ultimately, clients’ compliance and business performance. CynergisTek participates in and contributes to HIMSS, AHIMA, HFMA, HCCA, AHIA and other industry bellwether organizations.

Iowa HIMSS 2012

OCR Audit Readiness

Date: September 12, 2012

Presented by:

• Mac McMillan, CEO CynergisTek, Inc., Chair, HIMSS Privacy & Security Policy Task Force

Agenda:

• Background: The Program
• The Audit Process
• The Audit Protocol
• Lessons Learned
• Audit Readiness
• Wrap Up

About CynergisTek
CynergisTek is an authority in healthcare information security and privacy management, regulatory compliance, IT audit and advisory services, business continuity management, security technology selection and implementation, and secure IT infrastructure architecture and design solutions. The firm offers practical, manageable and affordable consulting services for organizations of all sizes and complexity. Using an organized, planned and collaborative approach, CynergisTek applies multidisciplinary expertise to serve as partner and mentor, to enhance the consulting experience and, ultimately, clients’ compliance and business performance. CynergisTek participates in and contributes to HIMSS, AHIMA, HFMA, HCCA, AHIA and other industry bellwether organizations. For more information visit http://www.cynergistek.com, call 512.402.8550 or email info@cynergistek.com.

HIMSS 2012 – Mac McMillan

EHRtv presents HIMSS 2012 a video featuring Mac McMillan, CEO of CynergisTek as he speaks on multiple issues surrounding Healthcare Security.

Patients worried about medical records going digital

Many Americans — 85% in a new survey — report having fears about the privacy of their records as more physician practices adopt EHRs.

By PAMELA LEWIS DOLAN, amednews staff. Posted Aug. 20, 2012.

It took some time to get a majority of physicians in the U.S. to agree that it would be beneficial to implement electronic health records in their practices. Now, a survey finds, the most skeptical audience for EHRs is patients.

A survey of more than 2,100 patients by Xerox found that only 26% want their medical records to be digital, down two percentage points from a year ago. Only 40% believe EHRs will result in better, more efficient care. And 85% expressed concern about digital records. Their main worries: privacy and security of their information.

When asked what, specifically, worries them about EHRs, respondents said they were concerned that their information could be stolen by a hacker (63%), the files could be lost, damaged or corrupted (50%), their personal information could be misused (51%), or a power outage or computer problem could prevent doctors from accessing their information (50%). Fifteen percent said they had no worries.

There are many things in medicine that patients tolerate but don’t necessarily like. If most physicians will be electronic soon anyway, some physicians may wonder why it’s important to convince their patients that EHRs are a good thing instead of just letting them learn to live with them.

As the health care system shifts from one that focuses on acute care and treating patients who are sick to one that promotes wellness, “We need the patients as active participants,” said Philip Payne, PhD, chair of the Ohio State University College of Medicine’s Dept. of Biomedical Informatics. The EHR is an important tool to engage patients, he said.

Despite the benefits an EHR might bring, major data breaches are announced on virtually a weekly basis. For example, in the summer of 2012, a computer containing the medical information of 2,500 patients from the Stanford (Calif.) Hospital & Clinics and the School of Medicine was reported stolen. In Connecticut, information on more than 7,461 VNA Healthcare patients and 2,097 Hartford Hospital patients was lost when a computer belonging to a data analysis vendor was stolen. Beth Israel Deaconess Medical Center in Boston announced that the health information of 3,900 patients was put at risk when a physician’s personal laptop was stolen.

How to give assurance

The main message physicians should be spreading to patients who are concerned about breaches is that “people do bad things, whether it’s in paper form or electronic form,” said Mary Griskewicz, senior director of ambulatory health information systems for the Healthcare Information and Management Systems Society.

Michael Hobaugh, MD, PhD, chief of medical staff at La Rabida Children’s Hospital in Chicago, said if patients express concerns about data safety, physicians can tell them that there are many safety features of an EHR that patients never had with paper.

“The biggest assurance that patients have regarding electronic medical records is that anytime anybody looks at something or prints something, there is a record of who did it,” Dr. Hobaugh said. “That was not true of paper charts.”

Christine Bechtel, vice president of the National Partnership for Women and Families, said a survey her organization conducted, similar to the one by Xerox, found respondents rating EHRs higher than paper across the board in various safety and quality measures. She said the survey, released in February, shows that even if patients worry about their own information, many are showing confidence in EHRs in general.

Griskewicz said physicians need to be educated on how and when to engage consumers when it comes to technology adoption. HIMSS launched the HIMSS eConnecting with Consumers Committee this year, whose focus is to provide physicians with tools and education surrounding patient engagement and technology.

Many patient concerns stem from the fact that the value of EHRs has not been made clear to patients, Payne said.

“We really have to figure out how we make the EHR a focal point of collaboration between patients and members of multidisciplinary care teams rather than just a thing that’s in the room that we have to use to document so we can bill,” he said.

What patients think about EHRs

A survey found that patients have concerns when it comes to electronic health records, mainly about risks to their private information.

63%: With EHRs my information could be stolen by a hacker.
51%: My personal information could be misused.
50%: Digital medical records could be lost, damaged or corrupted.
40%: Digital records mean better, more efficient care.
31%: I feel I am adequately informed about when and how my medical records are used.
26%: I want my records to be digital.
26%: EHRs have improved my interactions with my physician office.
24%: My doctor involved me in the conversion from paper to electronic.
21%: I expect EHRs to improve the quality of service I receive.
14%: I think my health care provider is technically savvy enough to use EHRs.

Source: Third annual electronic health records survey, Xerox, July