Meaningful Use, Tip of the Week, Trends & Technology

2013 HIMSS Public Policy Summit

The Healthcare Information and Management Systems Society(HIMSS) Summit focused on the clinician community which included physicians and nurses where they met with senior staff of their counterparts in Congress last September 19th, 2013. “Dr. Carol Steltenkamp, Vice Chair of the Board, from Kentucky, and Dr. Paul Kleeberg, Board Chair-elect, from Minnesota, and other physician Board members and HIMSS members—met with House Doctors Caucus staff to explain physicians’ view of health IT, Meaningful Use, and HIMSS’ recommendations to optimize health engagements and care outcomes using information technology” according to the HIMSS News. The House Doctors Caucus is chaired by the Honorable Phil Gingrey, MD, (GA/11th) and the meeting was organized by David Pulliam, Legislative Assistant to Dr. Gingrey.
At the same time, HIMSS sent nurse members to meet with the staff of professional nurses in Congress. “The meeting was hosted by the Honorable Eddie Bernice Johnson, RN (D-TX) who represents a district that is part of the Dallas area. Carrie Palmer, Legislative Assistant to Congresswoman Johnson organized the meeting” as mentioned by the HIMSS News.

The 2013 HIMSS Congressional Asks were:
1. Consistent Nationwide Patient Data Matching Strategy
2. Alignment of Healthcare Quality Reporting Requirements Across Federal Programs
3. Consistent Adoption of Health IT Exchange Standards and Implementation Guidelines

For more information on all three 2013 Policy Summit Congressional Asks Recommendations click:

Tip of the Week, Trends & Technology

The Role of Security Controls in a Security Program

When your organization is building a security program, clear direction must come from the Executive level to guide management and staff in implementing the right solutions. Without a greater understanding of the organization’s direction, management lacks the proper knowledge to make decisions in the best interests of the organization. In much the same way, a security program needs the proper structure of controls in place to guide the organization at the lower levels of the workforce.

A security control is “any administrative, management, technical or legal method that is used to manage risk.”1 Once your organization has identified areas of need, whether because of security or compliance concerns, controls are the tools used to correct the problem or fill the gap. These tools can consist of staff members, physical or technical measures, procedures, or governance. As Kim Sassaman explains, “Implementation of information technology security controls is how the Security Program is put into operation.”1 When deciding on a control to deploy, the decision needs to be part of a risk analysis or risk management process; each type of control must exist for a specific reason, hopefully filling multiple needs at once.

Some examples of controls include door locks, ID badges, firewalls, encryption, policies, procedures, and oversight committees. One of the most glaring results of the OCR KPMG Audit Program was that nearly 80% of Covered Entities were lacking a formal risk analysis, the very first step in determining the proper controls for your organization!2 And if you haven’t heard about some of the most recent data breaches, many of them have been caused by a lack of encryption or media disposal controls. These issues and more can be resolved with a proper security program supported by security controls outlined in organization policies.

Contact RISC Management if you need help developing a security program or implementing controls. Remember, the first step is always a Risk Analysis. If you don’t identify, analyze, and document your risk, you’ll never effectively manage it.



  1. Implementing Information Security in Healthcare: Building a Security Program
  2. “Preparing for HIPAA Compliance Audits.” Healthcare Info Security Website


Upcoming Events

Health Information Exchange Adoption: Driving End-User Value Beyond Implementation

Complimentary Webinar Thursday, September 26, 2013

Adopting and operationalizing Health Information Exchange (HIE) capabilities is what drives clinical, operational, and financial value for the HIE and its stakeholders. A Free webinar is offered for end-user adoption which includes examples of practical experience applicable both with the public and private HIE initiatives.

  • Understand key considerations in developing end-user adoption strategies
  • Review major components of an adoption strategy
  • Discuss lessons learned and firsthand experience from developing and executing end-user adoption strategies
  • Review approaches to assessing value from both the HIE and end-user perspectives

For more information click the link:

Featured Speakers

Michael Rosenblum, PharmD
Clinical Executive
InterSystems Corporation

Scott Momrow, MPH
Vice President of Marketing and Outreach

Education, HIPAA / HITECH Enforcement, Meaningful Use, Trends & Technology

How Big Data helps patients make smarter decisions

The explosion of information in the Age of Big Data, a moniker coined by the New York Times, is leading to greater transparency, better understanding and new treatments in health care. Big data according to Gartner is one of the most hyped technology term currently: “Big data” is high-volume, -velocity and -variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.”

Big data investments in 2013 continue to rise, with 64% of organizations investing or planning to invest in big data technology compared with 58% last year according to the Gartner’s 2013 Big Data Study. Investments are led by media and communications, banking and services companies. Enhanced customer experience is the top big data priority, with process efficiency close behind. Cloud adoption, with its supplementary nature, is the overriding technology that companies are using to derive value from big data.

The Gartner Research Circle is a Gartner-managed panel composed of IT and business leaders. It includes global organizations across all industries, both Gartner clients and non-clients. In total, 720 Research Circle members participated. A survey was performed last June 2012 and results will be compared.

In an industry where patient privacy is held in the highest respect, data mining, the process of discovering patterns in large data sets, offers new opportunities and challenges for health care providers.

Some of the recent health care data news:

— The Centers for Medicare & Medicaid Services recently released data on Medicare spending and utilization as well as selected data on hospital outpatient charges. Government data included significant variations in what hospitals charge for common inpatient services. Find out what your hospital charges and how much they are reimbursed by Medicare here.

— In a different report, the Centers for Medicare & Medicaid Services aggregated the data on the prevalence of chronic conditions among Medicare beneficiaries for five years from 2007 to 2011. Find out how common conditions such as hypertension and osteoporosis are in Kane and Dupage counties here.

— Using the data about Medicare’s prescription drug program, the investigative newsroom ProPublica recently reported how certain doctors who prescribe certain medications most often are also tied financially to the drug companies of those medications. Interested patients can search for Medicare prescribers at ProPublica’s Prescriber Checkup news app and for drug company payments to doctors and other health professionals at Dollars for Docs.

— The U.S. Department of Health and Human Services is co-sponsoring an app contest known as “code-a-palooza,” a national competition to design an innovative app using the Medicare data that primary care providers can use to help manage patient care.

Imagine how this information will help individual consumers make better, more informed decisions about their health care including evaluating hospitals, doctors, medications and care.

“A more data driven and transparent health care marketplace can help consumers and their families make important decisions about their care,” said Health and Human Services Secretary Kathleen Sebelius at the Health Datapalooza conference in June according to a press release. “The administration is committed to making the health system more transparent and harnessing data to empower consumers.”

Forbes mentioned big data in human resources (HR). There are around 160 million workers in the US alone. Payroll is the largest expense for businesses, or about 40% or more of total revenue, meaning that total US payroll expense is many billions of dollars. A huge amount of money is spent on marketing campaigns and sales. But in reality, the company does not know why certain sales person out performs their competitors. One of the suggestion is to hire the best sales person using statistical analysis of sales productivity.

“What did drive sales performance:

  • An accurate, grammatically correct resume
  • Having completed some education from beginning to end
  • Having successful sales experience in high priced items
  • Demonstrated success in some prior job
  • Ability to work under unstructured conditions

What did NOT matter:

  • Where the candidate went to school
  • What GPA they had
  • The quality of their references

Data Tells the Story

If you’ve done a lot of hiring, you know how hard it can be to assess an individual’s likelihood of success.

For big data, 2013 is the year of experimentation and early deployment. The adoption is still at the early stages with fewer than 8% of all respondents indicating their organization has deployed big data solutions. Twenty percent are piloting and experimenting, 18% are developing a strategy, 19% are knowledge gathering, and the remainder have no plans or don’t know.

The proliferation of data, particularly in health care, means that health care providers need even greater vigilance of its data security to ensure privacy protection mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) while balancing the good offered by that information in its aggregate form.

For help in navigating the sometimes murky waters of data security, enlist the aid of a security expert like RISC Management & Consulting which specializes in data privacy and information security regulations and frameworks.

Education, HIPAA / HITECH Enforcement, OCR HIPAA Audits

The HIPAA Omnibus Rule, Act Now

Protect your organization from fines and penalties, for more tips on compliance visit the Office for Civil Rights:

For immediate assistance please call 800-648-4358,  email, or visit our website: