Zen Newsletter: TEFCA news, Network Disputes, and Security Best Practices

It’s been an interesting month in the interoperability space! There have been a lot of eye-catching headlines in the news recently, most notably the very public dispute involving two Carequality Implementers. Zen is always reminded that data moves at the speed of TRUST - and we take our commitment to being a good citizen as a Carequality Implementer very seriously.

We recommend that you take a few minutes and read Carequality’s recent public announcement about the dispute if you have not already.

This month we are happy to introduce Jeff Cardenas, our newest addition to the Zen team, bringing over a decade of expertise in the healthcare technology landscape. Jeff embarked on his journey in interoperability as a Help Desk Engineer at Mirth. Through successful transitions into QA and software development roles, he continued to hone his skills and knowledge

At Zen, Jeff works does core development and supports client specific integrations, specializing in CCDAs and interoperability protocols like IHE based XDS and XCA. He thrives on the dynamic nature of client projects, embracing each unique challenge with enthusiasm and dedication. Outside of work, Jeff enjoys being immersed in the pages of a captivating book, showcasing his rhythmic talent on the drums, or reliving the golden era of gaming through retro classics. Zen is thrilled to bring on Jeff’s wealth of experience, commitment to excellence, and vibrant personality as one of the newest members of the Zen team!

Security Tip of the Month: Emailing PHI Securely

Did you know that employee mistakes related to emailing PHI in screenshots or attachments is one of your biggest areas of inadvertent PHI exposure? Now is a great time to review your internal processes and education to help avoid this common security misstep.

Best Practices for Secure Email Communication Under HIPAA

Use Secure Email Providers for PHI: Using HIPAA compliant email providers that employ encryption and authentication by default, ensures compliance and removes the risk of violating HIPAA when emailing PHI. We bet most of you already have that secure email option in place already. Does your staff know when to switch to that more secure email methodology? If you do not have a healthcare secure messaging solution in place, Zen has other ways you can securely submit PHI that might be needed during your project.? Please reach out to your Zen TPM. Regular employee training on HIPAA email guidelines, including creating secure passwords, avoiding phishing scams, and identifying potential security threats, is crucial.??

Train Employees on HIPAA Guidelines & Email Best Practices: Regular employee training on HIPAA email guidelines, including creating secure passwords, avoiding phishing scams, and identifying potential security threats, is crucial. Since staff members use regular email all day - it is easy for them to forget that it isn’t secure unless a dedicated secure email solution is used to protect PHI that might be embedded in screenshots or attachments. Frequent training and reminders will help!

Conduct Regular Reported PHI related Email Incident Reviews: At Zen - we alert you when an incident of emailed PHI occurs. This is a great opportunity to review your policies and procedures to help prevent recurrences, and do some refresher training.

Have Well-documented Action Plan for Inadvertent emailed PHI occurrences: It's easy to exacerbate the issue when trying to clean things up. (For example - responding to the thread without removing the PHI.) And while each email services may require a different approach, it’s important to remember that in most cases the email is not fully deleted until deleted email “trash” is removed. Your Security Officer or IT team should advise on the best approach for your email system. A written procedure that is easily available to all staff members will help ensure proper remediation is quickly accomplished!

Join Zen President Marilee Benson – reserve your spot today!

Stay in the know about industry updates, discover the latest trends, and find answers to your organization's hardest challenges in connecting to National Networks.?Register for 1 or all in the published series.

Register Here: OFFICE HOURS

• ONC / TEFCA releases Version 2 of the Common Agreement:?The updated TEFCA Common Agreement has some very important updates, including advancements in FHIR support and Individual Access. Also released are standardized Participant and Sub-participant Terms of Participation, which sets forth the requirements that each Participant and Sub-participant must agree to and comply with to participate in TEFCA. This standardization of flow down terms will level the playing field across different QHINs and reduce legal overhead. Check out the details here.
• Call to Support ONC Funding: I received a notice this week from HIMSS and wanted to alert you to this sign-on letter opportunity to support fully funding the HHS Office of the National Coordinator for Health Information Technology (ONC) at the President’s proposed FY2025 budget request of $86 million. You can sign the letter of support here.
• Carequality Onboarding Workgroup Update: Zen is actively participating in the Onboarding workgroup for Carequality that is working to establish an updated set of new onboarding requirements for all Implementers / Candidate Implementers. This group has excellent and diverse representation and we are confident that this group’s work will result in enhanced Implementer collaboration and cooperation, as well as further refine collective responsibilities.

Marilee Benson

President & Cofounder

Zen Healthcare IT