Tunitas Group is a healthcare consulting firm that assists clients to plan and implement their electronic business and communications initiatives.  We analyze policies, evaluate market trends, assess new technology and forecast the implications to the health care industry.  We offer expertise in information technology and health care applications:  IP networks, directory services, electronic messaging, EDI, certificate services and public key infrastructure. 

This site contains information that we have prepared and assembled in the course of our consulting activities.  Each main topic begins with an abstract that hyperlinks to the complete article.  In the blue column on each page, you will find tips, notices, items of interest that we have abstracted from conferences, trade press, contacts, and personal knowledge. 

If you are looking for information about the ways Internet and health information technology are merging, we hope you find this site useful.  If you would like to send us a question or two, we will include answers in the FAQ section.  Comments on the contents or suggestions for additional material are always welcome. 

Tunitas Group
PO Box 278
6693 Sierra Vista Lookout
Mountain Ranch, CA 95246-0278
209-754-9130
209-754-9135 (fax)
ageyer@tunitas.com

1st Look at the HIPAA Claims Attachment Rule. Electronic health claims attachments provide the HIPAA mechanism by which providers supply plans supplemental clinical and administrative information in support of claims adjudication. Claims attachments are subject to HIPAA transaction rules which CMS published in NPRM form on September 23, 2005. To help HIPAA covered entities understand the Rule and plan their response to it, the Tunitas Group offers a series of free seminars on the NPRM in October and November. For more information and to register.

Keeping Your E-records Healthy. Ann Geyer, Consultant,Tunitas Group presents a pre-conference workshop at the AHIMA 2005 conference. The workshop provides practical, down-to-earth guidance, drawn from a number of best practice authorities and real life experiences, on the general principles for managing and securing electronic records. Topics covered include: setting EMR policies, authenticating e-records, managing access, preserving legal status, signatures on e-records, co-mingling records from different service organizations, complying with record access and security laws. Throughout the presentation, key EMR security topics will be introduced and explained in the context of EMR management. If you ever anticipate working with electronic health records, you should attend this course. Workshop presentation will be available for download shortly.

Tunitas Group and VHA Team Up to Promote Electronic Signatures at 2005 HealthSec Conference. Ann Geyer, Consultant,Tunitas Group and Mike Davis, Enterprise Security Architect at Veteran's Health Administration are presenting their work on implementing electronic signatures at HealthSec conference on Sept 29 at the Hyatt Regency Hotel in San Francisco. Both presenters have indepth experience implementing e-signatures and will discuss their insights with attendees. The presentation lays out the key facts that all healthcare security officers should know to help their organization migrate to e-signatures in a risk controlled manner. Download ppt

Information Risk Assessment in the Large, Complex Healthcare Organization. Ann Geyer,Consultant,Tunitas Group and Chuck Steen, Privacy and Data Security Officer at Catholic Healthcare West jointly presented on this topic at RSA 2005. Download zipped ppt.

Tunitas Group Offers Risk Assessment Methology Customized for Healthcare Organizations. Tunitas Group has taken the best of the qualitative risk assessment metholodogies and developed a simplified approach that can be used to streamline assessments of a large number of systems. Find out more.

Tunitas Group Awarded Competitive Bid Contract to Provide HIPAA Consulting Services to California Department of Alcohol and Drug Programs. Press Release

Information Risk Management: Key Component for HIPAA Security Compliance. Presentation to the California Health Information Association discussing the role of health information managers in determining privacy and security risks to electronic health information. Download ppt

Implementing Electronic Signature. Tutorial presented at TEPR 2004, Ft.Lauderdale. Material addresses the business issues and impacts that should be considered prior to implementing electronic signatures by healthcare organizations. Download pdf

Crossing PKI's 'Gulf of Disillusionment'. TEPR 2004 Ft.Lauderdale. Presentation describes current innovations in PKI and describes several new models for implementing public key based authentication and signature. Download zipped ppt

HIPAA Security Rule. Detailed presentation that addresses new compliance requirements created by the HIPAA Security Rule. Download pdf

Tunitas Group Invited Speaker at OPEN GROUP Meeting. Bill Pankey, Tunitas Group consulting partner will host an exchange of information and perspectives on the barriers to implementing effective electronic messaging security at the February meeting of the OPEN GROUP in San Diego.

Tunitas Group invited to UCSF to discuss HIPAA Security Rule. On Nov 12 at the UCSF Campus, Ann Geyer will discuss how the HIPAA Security Rule changes infosec decision making and what's ahead for healthcare organizations. Download pdf

Tunitas Group publishes White Paper on Healthcare Transformation. The latest Tunitas Group White Paper authored by Dr. Prashila Dullabh presents the methods and benefits of automating the management of healthcare operations. Download pdf

Best Practices for Securing Healthcare Email. Too often the focus of email security is limited to the debate about whether encryption is necessary. Tunitas Group recommends healthcare organizations implement a set of security controls that address systems, data storage, network connectivity and user authentication, in addition to encryption. Download pdf

Transaction Business Practices White Paper. Ann Geyer, Tunitas Group consultant and co-chair of the WEDI SNIP Business Issues Workgroup will present an update on the Transaction Business Practices Under HIPAA White Paper at the AFEHCT Annual Washington Policy Forum Nov 21 in Washington D.C. The paper addresses the growing concern that certain business practices, stipulated as a trading partner requirements, violate the Transaction Rule requirement that a covered health plan must not refuse to conduct a standard transaction. The session is designed to obtain input from HIPAA Covered Entities on relevant issues and their causes and effects.

Tunitas Group consultant to speak at the 14th Annual Northern California Information Security Conference. Ann Geyer, Tunitas Group Consultant and Founder of the Mobile Healthcare Alliance, will present an industry perspective on HIPAA and its impact on wireless security on Nov 5 from 10:30 to 11:30 am. InfoSeCon 2003 is sponsored by the Sacramento Valley Chapter of the Information Systems Security Association. This year the conference has a HIPAA Privacy and Security Track with special focus on wireless. Download pdf

Tunitas Group invited to the American Health Lawyers Association Health and Technology Conference, October 16-17, 2003 at the Renaissance 55 Parc Hotel, San Francisco. Consultants will discuss strategies and services for lawyers who need to stay ahead of the health technology curve. Find out more

Tumbleweed and Tunitas Group partner to offer quick-start program for HIPAA-compliant secure email. Find out more

New 802.11 Security Standards for Authentication and Encryption
Tunitas Group presentation at MRI/MoHCA Conference on m-Health and EOE in Minneapolis, MN. Download ppt.

Relevant RISK -- Conducting and Documenting Your HIPAA Risk Analysis
October 21-23, San Francisco.
Tunitas Group, in conjunction with Impruve certified OCTAVE instructors, has organized a national conference on security risk analysis. This conference will walk attendees through the tasks necessary to conduct and document their HIPAA required risk analysis.

Tunitas Group Presentations at TEPR 2003. Tunitas Group consultants co-present with Microsoft healthcare specialists on email security topics, and offer insight into electronic signature and healthcare business transformation. Download zipped ppt presentations

HIMSS of Northern California presents the 'Wireless Healthcare Challenge'. Ann Geyer, Tunitas Group presents an overiew of the benefits and challenges of using wireless networks with specific focus on new security trends for WLANs. Download zipped ppt.

Community Trial for Secure Messaging Begins in April. The Community Trial is a collaborative effort of California Healthcare Organizations to establish standards based solutions for exchanging encrypted email. Participation is open to any healthcare organization interested in developing implementation best practices. For more information contact Ann Geyer, Tunitas Group.

ASTM Publishes Standard Practice for Healthcare Certificate Policy
The new standard is now available at the ASTM website. ASTM is currently working on an Implementation Guide to accompany the Standard. For more information contact Ted Cooper, Kaiser, ASTM committee chair.

Tunitas Group webinar on new possibilities for healthcare use of digital signatures. Tunitas Group, in collaboration with Algorithmic Research (AR), offers a free webinar on digital signatures during the weeks of January 14 and January 21. Download zipped ppt

Prashila Dullabh, M.D. Joins Tunitas Group
Tunitas Group is pleased to announce that Prashila Dullabh, M.D. has joined the firm to launch Tunitas Group's health information consulting practice in the area of automated workflow design and management. read more

Tunitas Group Whitepaper on HIPAA's Electronic Signature Rule
HHS has yet to release required standards for the "electronic transmission and authentication of signatures with respect to the [HIPAA] transctions". Per public comments of HHS personnel, the electronic signature reccomendations included in the August 1998 'Security NPRM' have been withdrawn pending further study and analysis. On the basis of its analysis of the use of signature in the healthcare reimbursment process and of the proposed "Claim Attachment" standard, Tunitas Group is able to make very specific reccomendations for the HIPAA electronic signature standard. download zipped word document

Tunitas Group Workshop on Healthcare Industry use of Electronic Signature. Tunitas Group, in collaboration with Lexign and MEDePass, will offer free comprehensive workshops at various California locations during the week of May 21. download zipped powerpoint of session materials.

TEPR 2002
For copies of Tunitas Group presentations at TEPR 2002, click here.

ASTM completes work on Standard Practice for a Healthcare Certificate Policy
The ASTM PKI Taskgroup has completed preparation of its draft Standard Practice for a certificate policy and profile. The draft will be ballotted by ASTM membership in March after which the Taskgroup will prepare formal responses to all comments. Membership is required to submit comments. If you are interested in membership or in obtaining a copy of the completed Standard, contact Dan Smith, ASTM staff manager for the Health Informatics Committee

Electronic Signatures for Medical Records
Tunitas Group presentation at RSA Conference 2002 held February 18-22, 2002 in San Jose. Presentation describes industry events creating new interest in electronic signature and derives a number of signature and signer attributes that could be implemented in PKCS7 or XML-DSIG signatures.
download zipped powerpoint

Using Biometrics for Improving Healthcare Authentication
Tunitas Group presentation to Windows on Healthcare Conference held October 29-31, 2001 in San Diego. Presentation describes how biometric systems work, how to understand the different error types associated with biometric matching, reviews commonly used biometric methods, and discusses implementation factors for healthcare environments.
download zipped powerpoint

ABA Releases PKI Assessment Guidelines for Public Comment
The Science and Technology Section of the American Bar Association has released its 361 page guidelines intended to provide guidelines for the assessment of PKI implmenentations. The document is extremely well written and will have value to anyone, not just assessors, interested in PKI. Of particular utility are Section C which discusses the legal framework for digital signatures and PKI based authentication and Section D which describes the intent of each section of the standard certificate policy or practice statement.

The Healthcare PKI Value Proposition
Tunitas Group presentation to RSA2001 on the appropriate positioning of PKI projects. April 9, 2001.
download zipped powerpoint

HIPAA Final Privacy Rule
Tunitas Group briefing to the State of California Department of Health and Human Services, February 2, 2001.
download zipped powerpoint.

ABA Task Group for Health Information Protection and Security
The American Bar Association has formed the Health Information Protection and Security Task Group (HIPAS). The initial action of this group is to adapt the ABA's seminal work on Digital Signature Guidelines to create a recommendation for healthcare industry use of electronic signature. The initial efforts will address interoperability, CA licensing, education material, and legal interpretations. For more information contact Steve Fleisher, HIPAS Chair

Advances in Electronic Signature and Implications for Healthcare
Tunitas Group presentation to annual conference of the American Health Information Management Association (AHIMA), Chicago, September 29, 2000. download zipped powerpoint file

Mobile Healthcare Alliance to Enable Secure Mobile Healthcare Solutions.
AvantGo, California Medical Association, Certicom, eProcrates, MEDePASS, Palm Inc., PCS Health Systems and Tunitas Group to drive development of interoperable, regulatory-compliant security solutions for e-healthcare.  Press Release

HIPAA Implications for Mobile Devices and Wireless Communications
Healthcare providers are attracted to the convenience of mobile access to patient information and decision support applications that improve their patient care delivery processes.  At the same time, federal privacy and security regulations require healthcare organizations to increase their vigilance over access controls and information disclosure.  This presentation describes the HIPAA privacy and security regulations, discusses the implications for managing patient information in a mobile environment, and identifies key areas of concern for medical application developers.  Tunitas Group presentations at Certicom PKS2000 Conference, San Jose, September 19, 2000. 
download zipped powerpoint file

Planning a HIPAA Compliance Program &
Using PKI as a HIPAA Compliance Tool
Overview of HIPAA proposed regulations and recommendations for current activity leading to cost effective and productive compliance. Two Tunitas Group presentations at Vision SMS, the SMS Users' Conference, Salt Lake City, April 4, 2000.
download zipped powerpoint file

Healthcare Email
A Tunitas Group presentation to the Connecticut Hospital Association, on the appropriate use of Internet Email for the exchange of patient identifiable data. The presentation discusses eMail solutions which satisfy the HIPAA and HCFA health information security mandates. Topics covered include eMail authentication, encryption, and management. The presentation provides a brief tutorial on SMTP and s/MIME.
download zipped powerpoint file

Internet EDI 
A Tunitas Group presentation to the Healthcare EDI Coalition Annual Meeting, April 7-9, 1999. This presentation discusses two different methods for communicating X12 transactions securely over the public Internet: i) EDIINT and ii) X12.58 security structures.
download zipped powerpoint file

Extranet Strategies
A Tunitas Group presentation to the National Managed Health Care Congress' Annual Convention, March 29-April 1, 1999 in Atlanta, GA.  This presentation describes how a MCO's extranet can be used in conjunction with the EDIINT recommendation and HTML forms to satisfy the HIPAA EDI mandates and more.
download zipped powerpoint file

Connectivity Trends
A Tunitas Group critical view of the healthcare industry trends in support of electronic connectivity.  The Internet changes everything  despite of vendor efforts  to dull its impact by "balkanizing" it with falsely represented security "requirements".   Challenges, technology and opportunities. 
download zipped powerpoint file

HCFA Publishes "Pro-Internet Policy"
HCFA has published its long awaited policy which will provide HCFA contractors with guidelines for the appropriate use of the public Internet for the exchange of patient identifiable data.  The final policy can be simply found at HCFA's Internet site and is completely consistent with the drafts that we have published at this site ...background and Tunitas comments

Directory Standards are the Next Target for Health Care computing and Communications
"Standardizing the attribute names used to create personal entries in health care directories will become a priority for securing access to health information."...

Physicians At Risk in the Information Age
Physicians are at risk of becoming the most isolated segment of the health care industry.  See what the California Medical Association plans to do about this. Dr. Terry Fotre &  Ann Geyer 

Internet Technology in Healthcare Workshop  -  November 16, 1998
The State of New Jersey Department of Health Services subsidizes provider Internet connectivity.  The workshop educated grant holders about using the Internet to improve business and patient care processes .   Ann Geyer's presentation: Leveraging EDI and the Internet

CHIA Technology Symposium - September 10, 1998
California Health Information Association gathers medical records and information technology experts to discuss the new approaches to information integration, confidentiality, internet security, and CPRs.   Ann Geyer's presentation: Healthcare PKI for Internet Security..