In This Issue
CHIA Journal: Anatomy of a Ransomeware Attack
Article excerpt provided from the Nov/Dec CHIA Journal. Read full articles and more in the online version here.

Health Care Under Attack: 
How to Protect California's Patients 
and  Hospitals From Ransomware 
By: Chris Bowen, MBA, CIPP, CIPT, CISSP, CCSP 

The medical records of Californians are protected under some of the strictest privacy laws and data breach reporting requirements in the country. Yet despite this stringent regulatory framework, California health care organizations have proven to be just as susceptible to data breaches as those in other states. In fact, health care data breaches are the third leading breach type in California, according to the 2016 Data Breach Report from California's Attorney General.1 The report also found that medical information and social security numbers, both found in patient medical records, were breached more than any other data types. 

Already such breaches can spell years of trouble for patients as they fight to reclaim their stolen medical identities. With the rise in ransomware attacks on hospitals, we can expect data breaches to jeopardize patient safety even more. In just one example, when ransomware shut down critical systems at Hollywood Presbyterian, emergency room patients reportedly had to be diverted to another hospital altogether.2 Seemingly left with little recourse, the hospital forked over ransom money in exchange for access back to its systems.
CHIA Blog Series: Information Governance At-a-Glance
Blog series describes the "scalable framework" AHIMA has developed, called the Information Governance Adoption Model (IGAM), as described in AHIMA's Information Governance Toolkit 2.0. This model consists of ten organizational competencies which assist HIM professionals in focusing in on all areas of IG within an organization to implement an IG program.  Read the full CHIA blog series.

Competency 2: IG Structure 

To effectively align information use with organization strategic priorities requires a structure. The structure doesn't need to be complicated; it simply needs to be clear, functional and coordinated. A clearly defined structure will ensure that the right people contributing to the right organizational model will lead and develop an IG program. This will include key stakeholders from the following four areas: Executive (oversight from the top); Strategic (senior leaders); Tactical (functional leaders/subject matter experts); and Operational (functional area super users). A structure might include engaging an executive sponsor, forming an IG Committee (or expanding an existing committee to include IG oversight), and ensuring the right people are involved. It will be important to clearly define the roles of each part, and accountability for the program. "The challenge is to harmonize and align the work that is already underway in a practicable, sustainable structure that serves the organization today and tomorrow" (AHIMA, 2016).
Looking For More In-depth IG Training? CHIA Has Your Solution!
Explore the Events Calendar and register for one of CHIA's upcoming events. 

AHIMA Information Governance Bootcamp, Co-sponsored by CHIA 
Thursday, December 8 - San Diego 

Learn how many organizations are making significant progress in implementing Information Governance (IG) programs to use their information as a strategic asset at AHIMA's IG Boot Camp. Get hands-on training to develop an information governance plan to help your organization:
  • Reduce costs, increase quality, and support population health activities
  • Align with and support strategic goals and gain a competitive advantage
  • Increase regulatory compliance
  • Avoid costly data breaches
  • Advance analytics and business intelligence
AHIMA's IG Boot Camp is a virtual and one-day, in-person engagement that provides a deep dive into the application of IG tools and resources and understanding of the IG discipline. There are 13 CEUs available for this event.
OSHPD Wants to Hear from You
The Office of Statewide Health Planning and Development (OSHPD) has launched a survey to gather feedback on potential data element changes being considered for Medical Information Reporting for California (MIRCal). OSHPD would like one representative from each hospital or hospital system to respond. The survey opens November 9th and will close November 18th. Please take this opportunity to provide OSHPD with your valuable opinion. Take the quick Survey today!
CHIA is #Connected
Keep up with the latest news and announcements on  Like us on Facebook Follow us on Twitter View our profile on LinkedIn
What's Happening in HIM This Week
CMS to Hold Call on MACRA Final Rule Nov. 15

The Centers for Medicare & Medicaid Services (CMS) will host a call Nov. 15 from 10:30 a.m. - noon (PT) to discuss provisions in the recently released Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) final rule. In the rule, CMS has finalized a number of changes that increase flexibility for the Merit-based Incentive Payment System and for qualifying for incentive payments through participation in advanced alternative payment models. This call is designed for Medicare Part B fee-for-service clinicians, office managers and administrators; state and national associations that represent health care providers; and other stakeholders. Registration is available online. For more resources related to MACRA, visit CHA's dedicated web page.
Affordable Care Act Myths: Busted! 
Sylvia Mathews Burwell, HHS Secretary and Andy Slavitt, Acting Administrator, Centers for Medicare & Medicaid Services (CMS), Oct 31, 2016

For years now, Americans have heard more than a few scary stories about the Affordable Care Act and the Marketplace. To put a few of those ghoulish tales to rest, we're spending this Halloween busting some myths ourselves. Unfortunately, federal regulations and secret service protection kept us from testing anything with explosives or car crashes. But we managed to bust some myths all the same. Remember, don't try this at home. We're what you call experts! 

Myth #1: Health coverage on the Marketplace is unaffordable. 
Myth #2: Consumers don't have choices on the Marketplace. 
Myth #3: It's hard to shop for health coverage on the Marketplace. There are problems with the website and there's no help available. 

Read more myths and how they're busted!
Reducing Medical Record Review for Clinicians Participating in Certain Advanced Alternative Payment Models
Centers for Medicare & Medicaid Services, Oct 13, 2016

The Centers for Medicare & Medicaid Services (CMS) is announcing an 18-month pilot program to reduce medical record review for certain physicians while continuing to protect program integrity. Under the program, providers practicing within certain Advanced Alternative Payment Models (Advanced APMs) will be relieved of additional scrutiny under certain Medicare medical review programs. 

CMS has a statutory duty to protect the Medicare Trust Funds against inappropriate payments, and to take corrective action when they are identified. To accomplish this, CMS uses contractors to review claims and payments for accuracy. Most of these reviews involve only an automated analysis of claims data, but for some claims, the contractor may request records from the provider to compare the medical record to the claim and make a payment decision - this is known as medical review.
Medical Information Reporting for California: Quick Notes Issue #45
Office of Statewide Health Planning and Development, Nov 1, 2016

The Office of Statewide Health Planning and Development (OSHPD) Patient Data Section (PDS) has published the latest version of Quick Notes as part of our series of technical bulletins and updates on reporting requirements for patient level data to MIRCal. This issue focuses on the data element changes for 2017. The Latest edition, Issue #45, can be viewed here.
OSHPD Update: What's New, What's Here, and What's Coming
Wed, November 9 - LIVE Webinar
Student Chat with CHIA President
Thu, November 10 - FREE Webinar
ICD-10-PCS Key Learnings for FY2017
Tues, November 15 - LIVE Webinar
Confidentiality and the ROI in California
Wed, November 16 - Garden Grove
Thu, November 17 - Pleasanton
HCCs - What Are They and How Do They Affect the HIM  Professional
Tues, December 6 - LIVE Webinar
AHIMA's Information Governance Boot Camp
Thu, December 8 - San Diego