Protected patient information needed to better coordinate care will flow better in Texas through a new partnership with C3HIE, but perhaps not as well as in Oklahoma, where lawmakers decided waives the requirement that health care facilities submit data to the new state health information exchange.
Additionally, a state audit of Access Health CT found that HIE experienced 51 personal data breaches across five providers, three of which went unreported.
Texas Hospital Interoperability Agreement
PointClickCare, a care collaboration platform, and C3HIE, which provides care coordination services, announced a partnership Wednesday to add 40 Texas hospitals to the platform to improve care interoperability. care for patients statewide.
The partnership combines C3HIE’s admission, discharge and transfer data to the PointClickCare platform, while also integrating the company’s skilled nursing facility information into HIE’s network.
“By providing care teams access to essential data, we empower them to make informed decisions together, delivering results,” said Phil Beckett, C3HIE CEO. better health outcomes for the patients they serve.”
PointClickCare said hospital data in Texas has more than tripled in recent months and shows the need for real-time patient data. Previously, the company partnered with the Texas Health Services Agency to expand emergency encounter notifications across 100 healthcare facilities in Texas.
Providing “critical data directly, promptly and reliably” has can improve collaboration and enhance care outcomes in Texas.
HIE failed to report three data breaches
Earlier this month, Connecticut auditors concluded that Access Health CT, the Connecticut HIE, did not take sufficient action to ensure the security of consumer data was protected in 14 of 51 breaches. The data breach occurred between July 2021 and April 2023 at five of their contractors.
Furthermore, HIE failed to report three cyberattacks to the Comptroller of Public Accounts and State Audit, according to a recent state audit.
By law – Section 4-33a of the General Statutes – Connecticut auditors must be notified of all security breaches.
“The exchange was not aware of the violation of the security notification requirements of the General Regulations,” the auditors said in the report’s first finding.
“The exchange did not adequately implement internal controls to prevent the breach of customer data.”
The state’s report also includes Access Health CT’s response to alleged data security failures:
“For FY 2023, the exchange amended its call center vendor agreement to add violation reporting requirements as well as new penalties for violations,” HIE said. caused by the supplier”.
“In addition, the exchange requires any vendor that causes a breach to pay the costs of security monitoring for customers who experience the breach and requires the vendor to maintain adequate liability insurance in case of violation.”
Access Health CT also notes that it relies on third-party vendors to conduct regular IT security audits of vendor technology contractors whose employees have access to consumer data used in their network and said they were compliant when they became aware of the 2021 reporting requirements.
“The exchange reviews these security audits and requires vendors to remediate any findings,” HIE said.
Senate Republican Leader Stephen Harding and Insurance and Real Estate Committee Ranking Senator Tony Hwang commented on the undisclosed violations as “completely unacceptable” in a general statement.
“When a government agency commits a data breach affecting the people of Connecticut, the public has a right to know,” the agency said.
“We urge officials at the exchange to critically reassess their operations to ensure adequate data protection and transparency of information regarding any data breach.”
Oklahoma made HIE voluntary
After creating a new statewide health information exchange and imposing legislative authorization on providers to transmit and use the Office of the State Health Information Exchange Coordinator As part of the exercise, the Oklahoma Health Care Agency and its new officials proposed interoperability rules in September 2022.
Those rules require reporting by providers, including mental health practitioners, starting July 1, 2023. After health care providers mental health and others objected, the state allowed providers to request exemptions using an online form.
However, the Oklahoma Legislature recently changed one word in a full regulations update, making the controversial program voluntary for all types of providers, according to a report today. Monday in the magazine Oklahoman.
As of press time, the revision had not yet been updated to the online OHCA rule, 317:30-3-35, which covers mandatory data transmission by health care providers.
Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
