Providing a recognized and respected approach to safeguarding the use and exchange of electronic health records (EHRs) is the basis of “SECURETexas: Health Information Privacy and Security Certification,” the first state program of its kind in the country offering privacy and security certification for compliance with state and federal laws. The program, managed by the Texas Health Services Authority (THSA) in conjunction with industry collaborative Health Information Trust Alliance (HITRUST), offers individuals and entities involved in the use of electronic health records an affordable and officially sanctioned process to ensure they have in place recognized protections for their patients’ protected health information (PHI).
SECURETexas was created as a result of amendments to the Texas Medical Records Privacy Act and the THSA’s enabling statute in 2011. The revised law directed THSA to develop the SECURETexas certification. The program was established to allow providers and/or business enterprises that come in contact with PHI to demonstrate compliance with federal and state health information protection requirements.
The changes adopted in the 2011 law increased fines and legal liabilities for improper uses or disclosures of PHI, but also included provisions that allow for a mitigation of those penalties if the offending party had obtained SECURETexas certification. The state requirements are in addition to federal regulations such as HIPAA that also outline stringent guidelines for the use and disclosure of PHI. Violations of federal laws could result in hefty fines, and certification provided by SECURETexas may also be leveraged to reduce penalties should violations of federal laws occur.
“One of the most attractive features of the program is the savings it can provide by eliminating duplicative compliance assessments that medical enterprises now face with increasing government oversight and evolving requirements,” said George Gooch, acting privacy officer of THSA.
Tony Gilman, THSA chief executive officer, added, “The increased confidence and savings combined with the potential to provide protections against hefty fines reinforce the value that the program offers.”
SECURETexas provides the highest level of certification offered by the state for those who use and/or exchange PHI electronically. The program uses the benchmarks contained in HITRUST’s Common Security Framework (CSF) to assess an entity’s past compliance with state and federal privacy and security laws that govern the use of electronic health record systems. The CSF is a scalable, prescriptive and certifiable framework that incorporates a multitude of state and federal regulations, U.S. and international standards and best practices maintained and updated for the health care industry. SECURETexas builds upon the CSF’s existing framework to integrate Texas requirements into its assessment tool.
To gain certification, most organizations will be required to undergo an on-site assessment by a third-party assessor and submit those documents to HITRUST for review. If the organization meets the standards outlined in the CSF assessment, HITRUST will provide a recommendation letter that the assessed entity can submit to THSA for certification. Smaller enterprises with annual revenue less than $5 million will be able to submit documents directly to HITRUST for a remote assessment.
Competitive pricing to reduce and manage risk is among several of the benefits associated with the SECURETexas certification. Other compelling attributes of the program include providing consumers and business partners greater confidence that protections are in place, offering the efficiency of assessing once against multiple regulations, providing a means to demonstrate compliance with HIPAA’s security assessment requirements, and arming entities with a means to mitigate possible fines that are often in the millions of dollars.
Earlier this year, Children’s Medical Center of Dallas became the first hospital in Texas to obtain the SECURETexas certification.
“Each day, parents place in us their sacred trust to provide the very best care for their children, which includes protecting the privacy and security of our patients’ sensitive health information,” said Chris Durovich, Children’s chief executive officer. “We are pleased to be the first hospital in the state to receive this important certification, which recognizes the rigorous effort we have made to enhance quality and safety through information technology.”
According to the U.S. Department of Health and Human Services, HIPAA violations affecting 500 or more records are up 138 percent since 2012.
You may click here for more information on SECURETexas.