CMA currently operates an enterprise-wide security solution for the New York State Medicaid Data Warehouse (NYS MDW) that meets, or exceeds, all the current Health Insurance Portability and Accountability Act (HIPAA) and the Electronic Health Record provisions of the Health Information Technology for Economic and Clinical Health (HITECH) requirements, in addition to all NYS and DOH specific privacy and security requirements for Protected Healthcare Information or Individually Identifiable Information (PHI/III).
NYS DOH oversees the NYS Medicaid Program, which supports:
CMA has decades of experience being the custodian of highly confidential information and the accompanying required system security. We recognize the sensitivity of the data entrusted to our care and accept the significant responsibility of safeguarding this data.
NYS DOH was looking for a Medicaid Data Warehouse that complied with the NYSOITS, HIPAA, and FERPA security requirements. This provides clients with a secure and compliant data warehouse that reduces project risk and provides cost savings.
Data security best practices are based on the confidentiality, integrity, and availability of that data. Policies and controls need to be implemented in a comprehensive manner, within the following sectors: roles and responsibilities, policy, physical security, logical security, monitoring, and compliance.
Data needs to be protected both while in transit (where it may be intercepted and disclosed) and at rest. “Data at rest” is Information stored on disk drives, USB drives, USB Flash devices, magnetic tape, CDR, and DVD’s. There is also risk that confidential information stored on PCs, Laptops, USB devices and optical media may be lost or stolen. This can result in a disclosure of confidential information.
CMA implemented an aggressive security program based on data security best practices. The program is based on National Institute of Standards and Technology (NIST), HIPAA, HITECH and the NY State’s own policies and controls.
Roles and Responsibilities: For any security solution to be successful it is critical that the roles and responsibilities be clearly defined and documented. The CMA Team worked with NYS DOH to identify the necessary organization. Once these roles were identified and their corresponding responsibilities clearly defined, qualified resource(s) were assigned to each of these roles.
Policy: More than 400 policies and procedures were developed jointly by CMA and NYS DOH for the new Medicaid Data Warehouse (MDW). These policies and procedures accounted for all Federal and State regulatory policies and national information security standards.
Physical Security: CMA instituted strict physical security using all the latest technology such as proximity cards, that allow access only on an as needed basis, and security cameras.
Logical Security: CMA’s MDW solution included a logical security design that encompasses technical controls that were applied for the protection of confidentiality, integrity and availability of data. CMA implemented safeguards to protect information based upon the level of sensitivity as designated by NYS DOH.
Monitoring: CMA’s Health Care Data Warehouse solution for the NYS MDW satisfied all HIPAA, HITECH, and OCS policies regarding auditing, logging, and reporting.
Compliance: CMA reviewed all security standards to ensure that the security provided to NYS DOH meets or exceeds all applicable Federal and State requirements. Logs and alerts from all production application platforms are monitored daily using automated monitoring features. Alerts are prioritized and reviewed, usage anomalies are investigated, and system performance is documented.
Data Protection: CMA’s architectural design and security strategy for NYS DOH ensured that all data is protected both while in transit and at rest. To counter the inherent risk that any data in transit may be intercepted and disclosed, CMA incorporated the most current encryption technology to ensure that any inbound or outbound transmission containing sensitive or confidential data across a public or non-trusted network was protected. Concerning data at rest, it is CMA’s policy to encrypt all data on portable data storage media including laptops and PCs.
Customers gained a secure and compliant data warehouse that reduced the overall project risk and provided cost savings.
CMA will present next week at the State Healthcare IT Connect Summit, a place for public and private sector thought leaders to share ideas about State Health IT Systems.
Join Tableau and CMA for a webinar on Dec. 4, 2018, to learn more about visual analytics in support of NYS – Medicaid Reform; and Tableau’s role as an accelerator within CMA’s Mosaic Insights solution.
$879 million is the amount of recoveries made in 2013, according to the recent Annual Report from New York’s Office of Medicaid Inspector General.
Speed Up Delivery, Reduce Risk, and Deliver a Great User Experience: At the recent Medicaid Innovations Forum in Orlando, Florida, CMA’s Brian Dougherty (Chief Technology Officer) and Joe Chiarella (Medicaid Practice Lead) gave a presentation on technology accelerators used for Medicaid innovation.
SHARP, CMA’s Secure Healthcare Analytics and Research Platform, meets MITA’s Enhanced Funding Requirements: Seven Conditions and Standards and the Business Objectives for CMS Certification.
A new Governing Institute case study has been published.
Last week, representatives from CMA attended the annual Medicaid Enterprise Systems Conference (MESC) in Baltimore, Maryland.
Jason Helgerson’s tenure as Medicaid Director of New York State ended last Friday, after more than seven years in the position. In an article posted on HealthAffairs.org, Helgerson discussed the current state of Medicaid, along with the five most important lessons he learned while Medicaid Director in first Wisconsin, then New York State.
CMA Founder and CEO Kay Stafford was recently honored by Memorial Sloan Kettering Cancer Center for her generosity to various hospital departments for cancer research.