As the healthcare industry moved from being paper based to technology dependent, it did so in various areas and created silos of information that was difficult to communicate across offices of other providers. While technological breakthroughs had taken other industries far ahead, the healthcare industry was yet to be completely techno savvy. The concept of ‘meaningful use’ of vital data acted as the catalyst for change in the adoption of technology among the health care organizations.
"Meaningful use" describes the use of health information technology for improvements in healthcare and aims towards information exchange among health care professionals. However, to become "Meaningful users", providers need to demonstrate they’re using certified EHR technology in ways that can be measured significantly in terms of quantity and in quality. Moreover, the providers should know that adopting certified EHR technology helps them to achieve specific objectives such as:
- Quality, safety, efficiency in health records, and reduction in health disparities
- Care coordination and public health
- Privacy and security of Patient Health Information (PHI)
- Quality research data on health systems
Even though the US government implemented the mandatory requirement of HIPAA and HITECH Act compliance, the stage 1 of meaningful use allowed the existence of electronic medical record vendors to help healthcare professionals meet the government regulations. While most healthcare enterprises used technology to ease out information interchange for the benefit of the patients, there were still large number of medical practitioners and hospitals that had not moved towards the meaningful use program.
The US department of Health and Human Services then set aside a $28 billion stimulus fund as meaningful-use grant. To qualify for these incentive payments the healthcare organizations had to conduct a mandatory security risk analysis in accordance with the requirements under HIPAA regulation and generate meaningful use reports. Besides, the Centers for Medicare & Medicaid Services (CMS) were authorized to cross check them through audits. Since the authorities conduct these audits on the basis of certain red flags that trigger the same, the stakes are high and providers should have a clear idea of what they can expect from meaningful use audits which includes:
- purpose of the audits- verification of the electronic documents
- what the audit agencies look for – the suspicious or anomalous data
- The audit process
- Electronic or paper documentation that needs to be produced to support attestation
Even if CMS audits only 5% of all providers to ensure meaningful use of electronic health records, this will amount to 20,000 providers. As healthcare provider one is expected to return the entire incentive payment for that year and will also be automatically scheduled for next audit in case of failure even in just one element of a Meaningful Use audit.
To protect from such a high stake situation you can make use of Aegify SecureGRC solutions that will generate a detailed meaningful-use report which includes HIPAA compliance and security gaps. Since Aegify portrays the results of risk analysis by scanning your network, it not only identifies and discovers all HIPAA critical IT assets that capture, process, store or transmit PHI, and their security vulnerabilities but also provide remediation guidance to fix any gaps found.