NC HIEA Update July 2024

Security & Privacy Awareness for Health Care and Health IT Professionals; Informing the NC HIEA of Material Organization/System Changes; NC HealthConnex Clinical Portal Available After CrowdStrike Outage Affects EHR Systems

Author: Jessica Hagins

Security & Privacy Awareness for Health Care and Health IT Professionals

The most recent NC HealthConnex Teletown Hall featured guest speakers from NCDIT who shared insights and tips for improving security and data privacy for health care organizations.

NCDIT’s Chief Information Security Officer Eric Zach spoke on cybersecurity in the health care industry. He explained some of the financial costs surrounding security breaches and gave some tips to keep your systems safe.

  • The average total cost of a data breach is $4.45 million.
  • Healthcare, financial services, technology and telecommunications are the most commonly targeted industries.
  • It is important to have conversations with third-party vendors and service providers when entering into contracts.
  • Ask about their cybersecurity policies and practices, such as if they have a process for breach notifications and how they work to assess the impacts of those breaches.

We also heard from North Carolina’s Chief Privacy Officer Cherie Givens who explained the similarities and differences between data privacy and security. Givens offered tips on how to protect patient privacy from the point of data entry to reviewing information with patients during conversations at the front desk.

Supporting Patients’ Right to Privacy Regarding Their Health Information

  • Preserve privacy in the waiting room, at the front desk, and throughout the visit.
  • Discussing a patient’s medical condition where the conversation can be overhead by others violates privacy and can lead to feelings of embarrassment, stigma or distress.
  • If an overheard conversation reveals specific details about a patient’s medical condition or treatment, it constitutes an unauthorized disclosure of PHI and a violation of HIPAA regulations.
  • Phone calls can also be overheard where front desk staff repeat a patient’s name, address, and even credit card information for confirmation. Be aware of keeping these conversations private.

At the NC HIEA, we take our responsibility as stewards of patient data very seriously, and, as such, have several policies in place to maintain the privacy and security of the patient data entrusted to us. Read below to learn more about how we protect patient data shared through NC HealthConnex, the state-designated health information exchange.

How the NC HIEA Protects Patient Data

  • The NC HIEA follows the highest information security standards available and is compliant with all federal and state privacy and security laws.
  • Information is always encrypted and sent over a private network.
  • Information that identifies patients will not be sold in any way or shared with anyone other than authorized health care providers or organizations that have entered into HIPAA compliant, data-sharing agreements.
  • NC HealthConnex uses role-based access to control access levels for each authorized user.
  • Access to patient information is granted if there is an established treatment relationship with the patient.
  • View more information on our privacy and security policies on our website.

You can view the materials for this Teletown Hall on our website. Be sure to sign up for our webinar mailing list so you don’t miss out on the next Teletown Hall or Office Hours session.

 

Informing the NC HIEA of Material Organization/System Changes

In order to facilitate the best quality data coming to NC HealthConnex, we need the help of our participants. It is important to update the NC HIEA as soon as possible with certain changes that can impact how your data is sent to NC HealthConnex. A 30- to 60-day advance notice is ideal whenever possible.

Please contact the SAS Help Desk at HIESupport@sas.com or 919-531-2700 for any of the following situations:

  • Data/security breaches
  • Network changes
  • Server migrations/changes
  • Changes, upgrades or updates to your EHR, including code/code system changes for coded data elements or significant changes to how your data will be sent to NC HealthConnex
  • Transitioning to a new EHR vendor
  • Transitioning to an EHR instance shared with another organization, such as Epic Community Connect
  • Changes to systems such as the Assigning Authority or Number Creation System. If you need more information on what this system is and how it works, please view this infographic.

Please contact the NC HIEA team at hiea@nc.gov with any of the following changes:

  • Personnel contact information changes
  • Facility contact information changes
  • Facility location changes

Remember that good, quality data begins with the data entry process during patient intake. View this infographic for tips and information on best data entry practices.

 

NC HealthConnex Clinical Portal Available After CrowdStrike Outage Affects EHR Systems

The recent global CrowdStrike outage affected Windows systems across the world, including hospitals, health systems and physician’s offices. The financial impact of this downtime was felt hardest by the health care industry, with a loss of approximately $1.94 billion.

While not due to a cybersecurity attack, the outage did result from a faulty update to CrowdStrike’s threat detection software. That outage had significant impact on clinical staff workflows, patients and continuity of care.

Many hospitals around the world experienced disruptions that forced them to cancel appointments, and multiple clinicians reported lacking access to patient records in their electronic health record (EHR) systems.

The NC HIEA reminded participants that during any disruption that prevents access to your EHR, the web-based NC HealthConnex Clinical Portal is still accessible. Our connected providers are sending patient data on a daily basis, at a minimum, meaning during clinical visits, you can access your patient’s most recent health information.

The NC HealthConnex Clinical Portal allows you to see a longitudinal record of a patient, including medications, allergies, diagnoses, procedures, lab results, radiology reports, pharmacy dispense data and more. It also provides access to Direct Secure Messaging (DSM) to send secure messages to other providers.

If you have a Full Participation Agreement with the NC HIEA, you are able to begin accessing these services at any time, regardless of your connection status. If you would like access, please have your Participant Account Administrator (PAA) contact the NC HealthConnex Help Desk to request credentials or a DSM account. They can be reached at HIESupport@sas.com or 919-531-2700.

If you have a Submission Only Agreement, you can upgrade to a Full Agreement at any time. All of our value-added services are provided at no cost.

If you continue to experience outages, the NC HIEA is here to help you maintain continuity of care and access to a more complete health record for your patients. By leveraging the data in the NC HealthConnex Clinical Portal, you can be prepared to continue providing the best care to patients during this or any cyber event.

Please feel free to reach out to us with any questions via email at hiea@nc.gov or by calling (919) 754-6912.

 

Employee Spotlight

 Chaitanya Baadkar

Data Quality Analyst

As a Data Quality Analyst, Chaitanya (Chey) supports the NC HIEA’s work to achieve the Data Aggregator Validation certification in partnership with NC Medicaid. Chey was instrumental in achieving this designation last year and is working to ensure the NC HIEA is certified again in 2024.

Chey also works to ensure reliable and accurate analysis of data in NC HealthConnex on a daily basis. For the last 10 years, Chey has worked on several government health care projects that involved validation of health care data integration, hospital quality performance indicators, dashboards and immunization registries.