How can we leverage our relationship with other health care organizations to better manage the security of our EHR data?
Larger organizations often have IT and security knowledge and resources beyond the capability of smaller clinics and physician practices. It is often possible to tie into these resources to improve security practices.
- Share security expertise. Get acquainted with the IT and security staff at other organizations, especially those with whom you share or refer patients. Knowledgeable individuals are usually willing to share information just for asking.
- Share computing resources. Investigate opportunities to share, lease, or collate equipment in the hospital's data center. Many hospitals maintain secure data centers with redundant power, environmental protection and physical access control. A data center is a fixed cost, that if underutilized is not a productive resource. Cooperative networking or data location arrangements can lower operating costs for both parties.
- Communicate and negotiate common security solutions. Certain types of security solutions, especially those directly associated with data transmission are more effective if there is a common agreement between the sender and receiver. Whenever feasible, inquire what types of solutions are used by your primary practice partners and determine how you might implement a compatible approach.
- Beware of Stark Rules. The Stark statute generally limits the extent of assistance hospitals may contribute to practice partners. There is an exception for hospitals that wish to provide the EHR system to physicians but this does not cover other types of assistance. The rules are complex and require careful reading to understand their full applicability.
- Stopping Traffic? (2008) -- an article from For the Record magazine that provides information about taking advantage of the Stark exemption that allows hospitals to subsidize a portion of an affiliated physicians' EHR cost.
- The Truth About Stark (2003) -- article by the American Association of Family Practitioners which gives an overview of the Stark law, who is covered, and permissible exceptions
Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.