Sharing More Data? Ask More Questions.

Posted On:

Karen Utterback By Karen Utterback
Former Vice President, Product Marketing and Strategy, McKesson (Retired)

Health Information Exchange for Home Health - Ask More QuestionsSharing data is becoming a common occurrence for home health and hospice agencies, whether you’re exchanging specific patient data with another provider or more general data on your patient population with a state, regional or private health information exchange (HIE).

As you share more data more often, security rises to the top of your list of concerns—as well as it should. Asking questions is the best way to familiarize yourself with security terminology and become comfortable with what constitutes a secure connection to an HIE.

At a minimum, HIEs must be fully compliant with HIPAA and the state-specific privacy regulations in their region. They should also have readily available, detailed information on their security policies.

For example, HIEs must consider the following:

Physical security

    • Access to the production facility
    • Power quality and backup power
    • Smoke detection and redundant HVAC (heating and air)

Network security

    • Redundant firewalls
    • Site autonomy
    • Restricted electronic access to the data center

System security

    • Protection against electronic attacks
    • Hardening and monitoring of web servers, integration servers and file transfer servers

Access control

    • Controlled access requests
    • Strict security account policies
    • Encrypted remote access
    • Auditing

Application security

    • Input validation
    • Strict authentication
    • Credentials management
    • Exception management

Data security

    • Data separation (PHI never sent or received without being encrypted)
    • Data auditing
    • Data backup
    • Data destruction

In a nutshell, any entity you exchange data with should be able to prove to you that it has well-tested physical/network security, that its facilities and processes are audited periodically, and that it has taken all potential patient privacy concerns into consideration.

Learn more about HIE and other news from the home health and hospice industry by liking us on Facebook and subscribing to the McKesson Homecare Talk blog.

Leave a Reply

Your email address will not be published. Required fields are marked *