Aim
Since 2009, the Palliative Care Quality Network (PCQN) has fostered collaboration among U.S. hospitals, health systems, and community-based organizations committed to improving the care of seriously ill patients and their families. Palliative care is focused on providing relief from the symptoms and stress of a serious illness. The goal is to improve quality of life for both the patient and the family. The network is comprised of 100 member organizations spanning 17 states with hundreds of individual users across the member organizations and approximately 140,000 patient encounters. These groups collect a standardized set of data that establishes benchmarks and allows for direct comparisons across teams.
Housed at UCSF, the PCQN is in the unique position of hosting other organizations’ protected health information (PHI) and therefore having to comply with HIPAA (Health Information Portability and Accountability Act of 1996) and UCSF policy plus their partner hospitals’ security standards as well. Privacy and security are particularly important around such a sensitive topic, and everyone involved is committed to keeping patient records secure.
Approach
In February 2016 SOM Tech began working closely with Angela Marks, PCQN’s deputy director, to develop a collaborative and consultative approach to improving PCQN’s security policies and practices. SOM Tech began by helping Angela complete external security questionnaires and refine the vulnerability scanning and remediation process, which led to the drafting of
We have a much better understanding of key rules and regulations and the roles that various teams within IT play in supporting our security needs. I can now point to areas in which we as a program do well and identify areas where there are gaps,” said Marks.
Solutions
Now, when a prospective hospital asks PCQN to complete a security assessment to keep the prospective member’s PHI secure Angela can complete the security assessments quickly and speak more fluently with customers about their security needs. Angela says, “I can talk more fluently with current and potential customers about their security needs and concerns and am able to turn around potential customers’ security assessments more quickly.”
With the security policies and procedures document developed collaboratively with SOM Tech, PCQN addresses all HIPAA Security Rule requirements from access provisioning to vulnerability management. The document serves as an addendum to PCQN’s membership agreement and BAA (Business Associates Agreement). SOM Tech was able to help focus PCQN’s security improvement efforts by consulting on how to best manage security risk at the appropriate level for the business.
SOM Tech serves as a liaison to central IT teams such as Data Center Services and IT Security. SOM Tech helps clarify roles and responsibilities across IT departments, which creates a smoother process for PCQN.
Partner
Angela Marks, MSEd, PCQN Deputy Director, and UCSF IT’s Security and Data Center Ops teams.
More Information
PCQN continues to grow and has welcomed between 10 and 20 new organizations each year over the last few years, and its policies and procedure document