NC HIEA June 2022 Update

North Carolina's HIE enables secure, coordinated psychiatric care, maintenance and cooperation keep NC HealthConnex functioning well, and Kimberly Webster joins outreach and provider relations with NC HEIA.

Technical Partnership with NC HIEA Enables Secure, Coordinated Psychiatric Care

Psychiatric care providers often encounter patients at their most vulnerable moments and face unique challenges to ensure their patients’ privacy while also coordinating care with multiple providers across the care continuum.

Central Regional Hospital (CRH), an in-patient state psychiatric hospital in North Carolina, has found a valuable partner in the N.C. Health Information Exchange Authority (NC HIEA) to bring together fragmented medical records in a collaborative technical approach that prioritizes privacy and security. 

CRH began the process of connecting to NC HealthConnex to meet a state mandate. The hospital initially had concerns about integrating its existing electronic health record system and protecting sensitive patient data. But CRH quickly found that NC HIEA staff listened to their needs and made technical adjustments to integrate with their system and meet patients' requirements.

"Everyone we have worked with has really been wide open to understanding what was different," said Marci Ann Keiser, CRH clinical initiatives program director. "They have worked with us to modify their standard model in how they process data to be able to process the records for our patients. And that's why we call it a partnership."

"We collaborated technically by interacting directly with NC HIEA's technical team," said Dr. Matthew King, CRH chief medical information officer. "We realized that they're all part of the mission as well and take that mission seriously."

King also feels confident in the security NC HIEA places around the exchange of sensitive patient information.

"We found that the NC HIEA does prioritize the privacy of patients and uses the most updated security for safeguarding patient information and controlling who can view patient records," King said.

Dr. Alan Cook, CRH chief medical officer, said that NC HealthConnex “helps psychiatric providers get a full picture of the medical history of patients, who are often in crisis and unable to articulate all their needs. CRH patients have often also been seen in emergency rooms and by multiple providers, and their care needs to continue after discharge, sometimes with new providers.”

Cook said that the availability of medical records from many facilities statewide in NC HealthConnex enables CRH to provide the appropriate care for patients while they are in the hospital. Providers also use the HIE to ensure continuity of care for discharged patients.

"It's probably more critical for psychiatric patients than any other folks in the health care  to be part of the HIE system," Cook said.

Importance of NC HIEA Maintenance, Cooperation and Use of Data

NC HIEA and its vendor partner, SAS Institute, perform a number of important functions to ensure the ongoing utility and functionality of the NC HealthConnex network. 

Maintenance Functions

In addition to scheduled maintenance and upgrades on the third weekend of every month, the NC HIEA implements improvements and fixes as needed to support the operations of NC HealthConnex (e.g., performing patient records maintenance, conducting technical system support, and troubleshooting unique or anomalous matters that may arise for NC HealthConnex participants). 

When the NC HIEA conducts technical system support and maintenance, NC HealthConnex participants may experience slower performance in the platform or may be unable to access certain features or data that typically are available. To minimize potential impacts from maintenance and improvement work, the NC HIEA and its vendor partners’ actions occur for a period of time no longer than necessary. 

Participant Cooperation

From time to time, the NC HIEA will seek cooperation from NC HealthConnex participants to address data integrity including, but not limited to, patient identity, patient record completeness, and technical configuration issues. In these instances, the NC HIEA contacts participants pursuant to its policies and applicable agreements and then undertakes necessary remedial actions in a consistent and non-discriminatory matter.

Data Use

As a reminder, the patient data available to NC HealthConnex participants is to be used by authorized individuals for specific permitted purposes and in a manner consistent with the law, applicable governance agreements, and NC HIEA policies. 

When clinicians or others utilize HIE data for treatment or care coordination purposes, they should be mindful of any standard of care that may be applicable to the use and review of patients’ record under the circumstances. NC HIEA participants are solely responsible for all decisions and actions taken or not taken involving patient care, utilization management, and quality management for their patients and clients resulting from, or in any way related to, the use of the NC HealthConnex, HIE features, NC HIEA policies and procedures, and any data made available by or through NC HealthConnex. 

Please review your organization’s agreement with NC HealthConnex for additional information regarding the permitted purposes, limitations of NC HealthConnex, and other information about maintenance, rights, and duties.

Introducing N.C. HIEA's New Business Development and Outreach Specialist

The N.C. Health Information Exchange Authority (NC HIEA) is pleased to introduce a new team member who will be active in outreach and provider relations. 

Kim Webster will work with the provider relations and outreach team to continue engagement with providers not yet connected to NC HealthConnex. She aims to build long-term relationships to help providers get the most out of their HIE connection. 

As a registered nurse, Kim brings a clinical perspective to the NC HIEA team. She has worked in medical-surgery, family medicine, psychology-substance abuse, and physiatry. She has a Bachelor of Science in nursing from Western Carolina University.

NC*Notify Dashboard Enhancements and Training Coming Soon

The NC*Notify dashboard is a popular feature integrated into providers’ daily workflows, follow-up planning, and outreach across healthcare settings. The dashboard offers users a platform to easily see event notifications in near real-time.

As we work to continuously improve the NC*Notify service, we are pleased to announce that we will be updating the dashboard layout in by the end of the third quarter of this year. A number of new updates and features will complement the latest enhancements released last year. Stay tuned for more updates and training opportunities before this new roll-out.

Health Care PHI Faces Threats from Insider Threats, Chatbots

Health care organizations seek to protect the protected health information (PHI) entrusted to them from outside actors trying to steal it. But the biggest risk for data breaches comes from insider threats – and most often these are accidental.

Two of three insider threat incidents are accidental, and most involve email, according to Proofpoint, an email security and data loss prevention provider.

The newest way to steal sensitive information from unsuspecting victims has an interactive component: a chatbot. An email, usually containing an urgent message, directs the user to a website, where they interact with a chatbot. The chatbot simulates human conversation and gains the user’s trust, even using CAPTCHA, so they provide sensitive information, such as logins, addresses, and credit card data.

These accidental insider threats can be as harmful to a health care organization as a malicious insider who steals and sells PHI. For example, an employee can compromise data by emailing it, losing the organization’s computing or storage device, or loading organization data onto a personal USB drive or external hard drive.

Health care organizations can minimize the risk of PHI data compromises by following these tips:

  • Implement multi-factor authentication: MFA adds a layer of protection to user credentials that makes it less likely that passwords will be compromised, and sensitive data will be breached.
  • Implement data loss prevention: Data loss prevention is used to detect data-use policy violations and prevent data loss. It involves data discovery and classification to find, categorize, and understand sensitive data and then prevent such data from leaving an organization’s network and devices.
  • Identify and redact sensitive data: Not all data carries the same level of risk for exfiltration. Identifying systems on which sensitive data resides and ensuring that it is properly secured helps prevent exfiltration. Where sensitive data is not needed, it should not be stored.
  • Block unauthorized communication channels: Some malware uses external communication channels to exfiltrate data, which can be blocked.
  • Educate users: Ensure that employees can detect the signs of cyberattacks and know not open malicious attachments or click links in unsolicited emails. Organizations should also educate employees about company policies on data sharing as best practices for keeping data secure.

Read more cybersecurity news and tips in the N.C. Department of Information Technology's Enterprise Security and Risk Management Office's June Cybersecurity newsletter.

Find more tips to avoid phishing threats, as well as more cybersecurity and risk management resources from the N.C. Department of Information Technology.

Upcoming Events

  • NC Legislative Session Adjourns (Tentative) – Friday, July 1, 2022
  • How to Connect Call – Monday, July 25, 2022, 12 p.m. to 1 p.m. – Learn more about steps to connect to NC HealthConnex and the suite of value-added services available. Register for the call.
  • NC HealthConnex Teletown Hall: Tailored Care Management – Wednesday, Aug. 17, 2022, 12 p.m. to 1 p.m. – Get a better understanding of the role of tailored care management in improving whole-person care and how the HIE can help in this effort. This online town hall is for providers connected and interested in connecting to NC HealthConnex. Learn more and register.

In the News

Healthcare Groups Ask OCR for Clarity, Flexibility on HITECH Cybersecurity Practices — Industry groups are giving feedback on the cybersecurity provisions and monetary penalties in the Health Information Technology for Economic and Clinical Health Act to the Office for Civil Rights in the U.S. Department of Health.

Paper-Based Dental Data Sharing Hampers Patient Safety, Outcomes — An NIH-funded study will examine how community health information exchanges (HIEs) could support dental data sharing for patient safety.

What We Need to Create Resilience in 2022 and the Systems-Based Solutions to Get There – Systems-based science and engineering are keys to protecting and preserving our health and critical infrastructure. Integrating often dissimilar capabilities in new ways is essential for government, entrepreneurs, scientists and medical practitioners to solve complex problems.

Study Finds Racial, Geographic Inequities Among Recipients of NC Disability Services — For North Carolinians with intellectual and developmental disabilities, getting mental health treatment and other services that enable them to live at home can be challenging.