Meaningful Use Stage 2

licoricebedsΑσφάλεια

22 Φεβ 2014 (πριν από 3 χρόνια και 8 μήνες)

69 εμφανίσεις

Meaningful Use Stage 2

ID
Verification Policies

And Authorized Access


Highlights of the November 29, 2012,

Trusted
Identity of Patients in Cyberspace
Hearing


Policy: P&STT and the HITSC Privacy
& Security
Workgroup

http://
www.healthit.gov/policy
-
researchers
-
implementers/federal
-
advisory
-
committees
-
facas/calendar/2012
-
11?tid=125

Introduction


Identity management is a fundamental issue for the healthcare industry, and
that any efforts to improve healthcare information systems, reduce
administrative costs, fight healthcare fraud and identity theft, and improve
patient care must start by building a solid healthcare identity foundation.


HHS should educate the general public on Levels of Assurance and recommend
the use of higher assurance credentials (Level 3 and Level 4).


The Blue Button Initiative makes it imperative that two
-
factor authentication be
offered to those who are utilizing the Blue Button to download their health
information.


Neither the FACAs nor ONC should endorse specific products; rather they
should approach the issue of patient authentication with an eye towards a
standards
-
based solution that utilizes non
-
proprietary, mature technologies that
have a proven track record.

The Problems: ‘Siloed’ Records and Access
Consent


John Halamka, MD, tells the story of his mother’s
hospitalization:


A fall resulted in a broken hip,


IV morphine administered on admission


Pain and morphine resulted in an inability to reconcile her own
medications


No easy exchange of electronic records available


Medication ‘reconciliation’ via examination of all medication bottles
in her name resulted in her being put on
22

medications


Further deterioration of mental status limited capability to provide
informed consent for her son to act as her healthcare advocate

How Meaningful Use Stage 2 Helps


Due to Dr.
Halamka’s

intervention:


the
care team understood the poor quality of the data they had reconciled
and the lack of coordination among caregivers, they agreed
to
discontinue
everything except Tylenol and an anti
-
hypertensive
.


The next morning,
the patient was ‘foggy’ and had
no recollection of the
previous two
days, but
regained her involvement with the rehabilitation
process and became a partner in her care planning
.


Under Stage 2 of meaningful use, patient and family
view/access/download/transmit to her various data sources will be
required:


Data
exchange at transitions of care will be required.


Decision
support that would likely have offered best practices for medication
management in the elderly would have prevented the cocktail that altered
her mental status
.

Developing a Strong Health Information
Management System


Starts with the accurate identification of each person receiving
or providing healthcare services, as well as anyone accessing
or using this information.


Issues with establishing identity are compounded as
electronic medical records (EMRs) are used by many different
organizations at the regional, state, and national levels.


There must be a way to
uniquely and securely
authenticate
each person
across the healthcare infrastructure
, whether
that interaction is in
-
person at point of care or over the
Internet.

Online Credentialing Solutions Issues


In some cases,

in
-
person single
-
factor authentication

could be
sufficient.


Providing patients with a username and password that would grant
them access to already
-
established patient portal profiles.


Jonathan Hare, chairman and founder of Resilient Network Systems

testified that this system is not foolproof:


Front desk staff responsible for issuing online credentials typically has
no training in ID verification


Process relies too heavily on single
-
factor authentication, which is not
the most secure approach.


"If you want to have high assurance you should be using multiple,
independent ways to verify identity"

Multifactor Authentication Not Foolproof


Multifactor
authentication

may be more secure, but it has its
drawbacks


Elizabeth
Franchi
, data quality program director at the Veterans Health
Administration who
has worked on the
VA's Blue
Button

initiatives
:


A
dding
more steps to the verification process typically causes users to drop out of
the system before completing
verification, leading
to low utilization of patient
portals and other online services
.


For
example, the doctor may issue a username and password during a patient
visit, and then call the patient's personal phone number to make sure the patient
was in fact the person who entered the account before allowing full access.


Patients
often find this type of process onerous, making them less likely to follow
it through to the end.


"Our biggest lesson learned is that burden has to be lessened for the patient.
In order to facilitate this, we need to streamline
this.”

Smart Card Solutions


Mature
, trusted, and non
-
proprietary
technologies


Any
technology deployed to
modernize
our healthcare system
must
perform
a number of tasks: it must improve the quality of patient care, reduce costs,
minimize provider workflow and address the concerns and efficiencies
required to justify investment
.


Being
able to validate a person’s identity immediately introduces real
benefits to health care delivery and the ability to control cost and reduce
fraud.


Identification
and authentication are currently uncontrolled and not
standardized among medical systems, locations, and organizations
within the healthcare community.


Smart Cards provide
the easiest, most cost
-
efficient, secure, and
user
-
accepted method for solving the healthcare identity
management
problem

Smart Cards and Emergency Medical
Information


A secure, portable way to store
patient data
that could be critical in case of an
emergency
, such as:


current medications,


allergies, and


blood type

American Medical Association’s (AMA)
Health Security Card (HSC)


A three
-
year public health translational research


In April 2012, a live simulation of a public health triage scenario
using the HSC was conducted. 40 patients were divided into two
equal groups:


Group 1 carried a HSC containing name, gender, date of birth, allergies, current
medications, blood type.


Group 2 did not have a HSC. Some had an ID card or health insurance card.


The average length of patient encounter was


53 seconds for those not carrying a HSC


32 seconds when the HSC was presented


Patient satisfaction was significantly higher


75% of individuals carrying a HSC rating the quality of their care to be Excellent or Very
Good


35% of those not carrying a card gave a rating of Excellent or Very
Good

Combining Smart Card Technology,
Cryptographic Functions and Biometrics


Digital signatures ensure that the biometric template being used has
not been altered.


Encryption protects the biometric template and other personal
information stored on the smart card.


The smart card compares the live biometric template with the
biometric template stored on the card. The biometric template never
leaves the card, protecting the information from being accessed
during transmission


A cryptographic challenge authenticates the legitimacy of the card
and the reader, ensuring privacy for the cardholder, preventing
inappropriate disclosure of sensitive data, and thwarting
“skimming” of data that might be used for identity theft.

Sources

Burns, E. (12/3/2012). ID verification policies needed in stage 2 meaningful use.
SearchHealthIT.
http://searchhealthit.techtarget.com/news/2240173745/ID
-
verification
-
policies
-
needed
-
in
-
stage
-
2
-
meaningful
-
use
.

Halamka, J. (11/6/2012). Why meaningful use Stage 2 is so important.
Healthcare IT News
.
http://www.healthcareitnews.com/news/why
-
meaningful
-
use
-
stage
-
2
-
so
-
important
.

Magrath, M. (November 29, 2012) Testimony at P&STT and the HITSC Privacy and Security
Workgroup Meeting.
HealthIT.gov
.
http://www.healthit.gov/sites/default/files/20121129_michael_magrath_testimony_
-
_gemalto_and_smart_card_alliance.docx
.