X
GO
Overview

This section contains resources that help health centers to successfully implement EHRs, including leadership teams needed, workflow adoption, transitioning between EHRs, meaningful use, and patient safety issues.

Implementing EHR
Health Center Security & Compliance System Implementation Guide

Health Center Security & Compliance System Implementation Guide

January 2019

There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. Newer and rurally located Health Centers can especially benefit from guidance and decision support that assists them in determining how to implement systems in a manner that meets compliance requirements and doesn’t expose information to undue security risk. Identifying and managing these types of risk can be especially important when procuring new Health IT (e.g. EHRs, Medical Devices, Data Warehouses) for the Health Center. This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions.

Every time a Health Center adopts and implements newly procured technology, they could be exposing themselves to compliance gaps and security risks. Often these topics are addressed after the solution is implemented and are an after-thought. Unfortunately, the later in the adoption process that security is considered, the costlier it becomes to address as it may require redesign or reconfiguration of software, systems, and processes.

Especially important for covered entities, like Health Centers, is for this process to meet the regulations outlined within HIPAA. Throughout this document, the related HIPAA requirements are highlighted within each section so as to better understand where this process sits within broader security risk assessment (SRA) practices. In the Appendix of this guide is an EHR/Health IT Systems checklist that can be used as an implementation interview guide when procuring new resources.

This guide can help organizations identify security concerns and design the appropriate solution starting at the design and vendor-selection phase, thereby increasing the likelihood that security will be considered fully throughout the implementation process.

Download the full toolkit below, which includes the following sections:

  • System overview
  • Information classification and inventory
  • Business Associate Agreements and Contracts
  • Risk Analysis
  • Identity management
  • Encryption
  • Auditing and logging
  • Contingency planning
  • Workstation requirements
  • Patching
  • Security testing
  • Vendor and developer access
  • Physical security
  • Network segmentation

Documents to download

Previous Article Health Center Health IT/ EHR Assessment Tool
Next Article Lessons Learned in Social Need Screening
Print
6342
Intended AudienceHealth Center IT Staff and Leadership

Acknowledgements

This resource collection was compiled by the HITEQ Center staff with guidance from HITEQ Advisory Committee members and collaborators of the HITEQ Center.

EHR Vendor Profiles
Highlighted resources from the HITEQ CenterProfiles for EHR vendors are provided as a resource to health centers looking for EHR documentation, support services, and peer groups.

  Access Vendor Profiles

 

Need Assistance?
Would you like more assistance regarding EHR Selection and Contracting strategies or support in using any of the included resource sets?

  Request Support

 

Upcoming Events
The Quadruple Aim
Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More >