HIPAA Requirements for Computer-based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD

Slides:



Advertisements
Similar presentations
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
ISecurity Compliance with HIPAA. Part 1 About HIPAA.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Privacy, Security, Confidentiality, and Legal Issues
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 9 Tests, Procedures, and Codes.
Configuration Management
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Health Insurance Portability and Accountability Act (HIPAA)
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.
Washington County Health System Amendment to Internal Revenue Code H ealth I information P ortability & A ccountability A ct November 2001.
UNIT 8 Seminar.  According to Sanderson (2009), the Practice Partner is an electronic health record and practice management program for ambulatory practices.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Chapter 7—Privacy Law and HIPAA
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Is HIPAA Ready for the EHR? Practical and Legal Considerations of the Interoperable Electronic Health Record Barry S. Herrin, CHE, Esq. Smith Moore LLP.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
ICD-10 Operational and Revenue Cycle Impacts Wendy Haas, MBA, RN Dell Services Healthcare Consulting.
Research Tools Brought to you by the Clinical and Translational Science Institute Presented by: Terri Shkuda Systems Analyst Research Informatics The Penn.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
iSecurity Compliance with HIPAA
10 Patient Confidentiality and HIPAA
HIPAA.
Final HIPAA Security Rule
The HIPAA Privacy Rule and Research
County HIPAA Review All Rights Reserved 2002.
Health Care: Privacy in a Digital Age
HIPAA Security Standards Final Rule
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Analysis of Final HIPAA Privacy Modification Rule
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Privacy and Security Update - 5 Years After Implementation
Presentation transcript:

HIPAA Requirements for Computer-based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD

JHITA November, Overview CPR Functional Requirements to Support HIPAA Implementation –Procedural –Technical –Implementation-Dependant CPRI-Host CPR Selection Toolkit –What is it? –Target Population – Users –Target Population - Vendors –How Does it Work?

JHITA November, CPR System Requirements for HIPAA Procedural Most of the new HIPAA Requirements are largely Procedural –Appointment of Security Officer –Security Programs and Training –Consent and Authorization Requirements –Patient rights –Security procedures (audits, assessments, etc.)

JHITA November, CPR System Requirements for HIPAA Technical: Encryption for messages sent “in the clear” Capability to limit functions/access by role Capability to attribute actions to an individual Capability to treat information at a granular level Capability to produce audit trails

JHITA November, CPR System Requirements for HIPAA Implementation-dependent System Implementation vrs System Capability –Example - System may be capable of role- based access, but can be implemented such that all users can access all information. This would result in non- compliance with HIPAA requirements

JHITA November, CPR System Requirements for HIPAA Implementation-dependent For currently installed products –Table modifications (codes, redefinitions) –Upgrades (encryption) –New access categories (patient) –Password functionality (expiration) –Customizations (warning screens)

JHITA November, CPR System Features for HIPAA Support Patient Access to His/Her Record System Requirement: –Print-out of the record or –Access to the electronic record Access to ONLY the patient’s own record If remote access – secure access

JHITA November, CPR System Features for HIPAA Support Patient-requested Amendment System Requirements: –System capable of capturing patient- submitted amendment if accepted –System supports notification of persons who are know to have received previous information –If denied, system captures request/denial

JHITA November, CPR System Features for HIPAA Support Consents System Requirements: –System captures patient consent –System captures revocation of consent

JHITA November, CPR System Features for HIPAA Support Authorization (if supported by CPR) System Requirements: –System captures authorization –System captures revocation, expiration of authorization, and can fire alert based on date –System captures name, address of entity getting the released information –System captures the description of the information released

JHITA November, CPR System Features for HIPAA Support Authorizations (cont.) –System captures a description of the information released –System captures the purpose of the release –System can produce a record of all disclosures for a given patient with all relevant information (enumerated above) covering preceding 6 years

JHITA November, CPR System Features for HIPAA Support Minimum Necessary [Not applicable for treatment purposes] –Role-based access –Database retains and reports information at a granular level –Audits report individual access at a granular level

JHITA November, CPR System Features for HIPAA Support Research [Requirements largely procedural, IRB] –Ability to de-identify information, remove: Name Address All identification numbers All dates except year Etc [regulation contains a complete list] –Ability to report de-identified aggregate data

JHITA November, CPR System Features for HIPAA Security Requirements [final rule pending] Authorization controls Role-based access Emergency access Authentication control Password controls Audit controls Data integrity Workstation time- out Automatic back- up Virus Protection

JHITA November, CPR Selection Toolkit Web-based Service Database of Feature/Functions of a Computer-based Patient Record (CPR) system (over 350 items) Vendor-submitted specifications

JHITA November, CPR Selection Toolkit Target Population - Users Practicing Physicians, Solo and Group Practices Small Clinics Target Vendors CPR Vendors with and without Practice Management partners Niche Vendors supporting medical practice (Rx, Patient call-back, dictation, etc.)

JHITA November, CPR Selection Toolkit Function User Selects Priority features, practice setting and price constraints Toolkit software lists CPR products meeting the specified criteria Search parameters modifiable to repeat search in order to adjust length of candidate list Complete feature/function list and contact information of candidate systems reported

JHITA November, Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.