Health IT Workforce Curriculum Version 1.0/Fall 2010

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
The University of Kansas Medical Center Shadow Experience Training.
© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
The Use of Health Information Technology in Physician Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
1 SECURITY & HIPAA DATA ENSURE INC. 798 PARK AVE. NW SUITE 204 NORTON, VA (276) D E.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Introduction to Information and Computer Science Internet and the World Wide Web Lecture d This material (Comp4_Unit2d) was developed by Oregon Health.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Project MED INF 403 DL Winter 2008 Group 3. Group Members Michael Crosswhite Maureen Farrell Julia Hernandez R Steven McDonald Jennifer Ogg David Robbins.
Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Component 4: Introduction to Information and Computer Science Unit 7: Networks & Networking Lecture 1 This material was developed by Oregon Health & Science.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Computer Security Sample security policy Dr Alexei Vernitski.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
8 – Protecting Data and Security
Computers in the Ambulatory Care Setting
HIPAA PRIVACY & SECURITY TRAINING
East Carolina University
HIPAA Privacy & Security
Electronic Health Records (EHR)
Introduction to Computer Science
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
ONE® Mail Training Presentation
King Saud University- College OF Applied Studies
Web Servers / Deployment
Information Systems for Health:
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Overview.
The Health Insurance Portability and Accountability Act
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Lesson 1: Introduction to HIPAA
King Saud University- College OF Applied Studies
Communicating in the IT Industry
Introduction to the PACS Security
The Health Insurance Portability and Accountability Act
Presentation transcript:

Component 4: Introduction to Information and Computer Science Unit 8c: Security

Health IT Workforce Curriculum Version 1.0/Fall 2010 Unit Objectives List and describe common security concerns Describe safeguards against common security concerns, including firewalls, encryption, virus protection software and patterns, programming for security, etc. Describe security concerns for wireless networks and how to address them List security concerns/regulations for health care applications Describe security safeguards used for health care applications Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Security and Wireless Networking Wireless networks unsecure by their very nature. Home networks. Hot spots. Campus environments. Wireless networks everywhere in medical environment. Doctors & nurses move from room-to-room constantly. Hot spots include airports, coffee shops, hotels, and even city-wide wireless access.   Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Wireless Device Security Wireless Access Points (WAPs) must be configured for security: Change default password. Select unique SSID. Do not broadcast SSID. Require WPA2 authentication. Restrict access to known devices. Can program MAC addresses into WAP memory. WAPs are shipped with default passwords. Anyone can look up your WAPs default password on the Internet. The SSID is the service set identifier for the wireless network. It is the name for the network. If you do not broadcast your WAP’s SSID, it is harder, but not impossible, for others to find your wireless network. WEP (wireless equivalency protection) is an older technology that should not be used. WPA2 (wireless protected access, version 2) is a much better choice. All NICs have their own address, known as a MAC (media access control) address. Modern WAPs allow administrators to allow only recorded MAC addresses to authenticate their identify on the WAP. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Wireless Device Security (cont’d) Install digital certificates on sensitive devices. Only devices with known/valid certificates can communicate on network. Requires use of special servers. Not usually for small offices. Security with certificates is also a complex topic! Indeed, all security topics are complex. Certificates are used in wired and wireless environments. Every time you open a browser and perform online banking, your browser checks your bank’s certificate to ensure it is valid. In Windows Vista and Windows 7, the browser address bar turns green when the certificate is valid. If the address bar turns red, the certificate is invalid. You should not visit financial sites with an invalid certificate. The image shows a partial browser address bar with a valid bank certificate. Click the gold lock to view the bank’s certificate. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Wireless Device Security (cont’d) Smartphones All portable devices connecting to network need AV protection. Do not use a portable device for sensitive transactions unless it is AV protected. Do not open e-mail or attachments from unsolicited sources. Known sources might be virus infected, meaning that they did not send the e-mail/attachment. No exceptions. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Health Care Applications and Security U. S. Government’s stated goal: Most American’s to have access to electronic health records by 2014. Why EHRs? Mainly to... Improve quality of care. Decrease cost. Ensure privacy and security. Outsourcing introduces risk Medical transcriptionists in countries with different cultural values & EHR regulations. HHS, “HHS Announces Project to Help 3.6 Million Consumers Reap Benefits of Electronic Health Records”. Online: http://www.hhs.gov/news/press/2007pres/10/pr20071030a.html. Informatics Professor, “Meaningful Use: A Highly Useful Construct for Informatics”. Online: http://informaticsprofessor.blogspot.com/2010/05/meaningful-use-highly-useful-construct.html. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Concerned About Security of Health Data? Incorrect health data recorded. Someone else’s information in your record. Job discrimination. Denied employment or health coverage based on pre-existing condition. Personal privacy violated. Friends & family find out about embarrassing but non-infectious condition. Sharing of data between providers adds risk. Use of Internet always introduces risk. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Health IT Workforce Curriculum Version 1.0/Fall 2010 What is an EHR System? Collection of health data about the business, patients, doctors, nurses, etc. Health data stored as records in database system. Records represent a complete event. What is stored in a database as one record? A patient’s personal information An office visit to your doctor. A blood test. An x-ray. Etc. An EHR is an electronic health record system. It represents a wide collection of data which includes electronic medical records.   An EMR is an electronic medical record. Basically, an EMR is not an EHR because an EHR is made up of many EMRs. An EHR then provides the ability to accumulate EMR and other data to improve quality of care, reduce cost, etc. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

EHRs Used by Health Care Providers EHRs are maintained by health care providers. EHRs are covered by HIPAA rules. EHRs utilize centralized database systems to integrate patient intake, medical care, pharmacy, billing, etc. into one system. Departments/entities may not be in same physical location, so patient data must travel over the Internet. People can view their own health record, taking ownership of its contents, ensuring accuracy, etc. Patient data must travel over the Internet, such as when a doctor's office bills an insurance company. HIPAA is the Health Insurance Portability and Accountability Act of 1996 (including subsequent amendments).   Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Health IT Workforce Curriculum Version 1.0/Fall 2010 EHR Security Q & A How is my data sent over the Internet? It should be sent in an encrypted, secure manner over the Internet. Is my data safe? Much depends on each organization’s physical record and network security practices. No data is 100% secure against theft or misuse. Who can view my health records? Only those who need to know or view the contents of your health record should be able to view it. You must authorize all other access. In some cases, courts can force a health care provider to disclose health record information.   Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Health IT Workforce Curriculum Version 1.0/Fall 2010 Federal Regulations HIPAA (Health Insurance Portability and Accountability Act) was enacted in 1996 by the federal government. HIPAA requires that health care providers, insurance companies, and employers abide by privacy and security standards. Wikipedia, Online: http://en.wikipedia.org/wiki/Hipaa, 2010. Information about HIPAA. Retrieved: July 6, 2010. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Health IT Workforce Curriculum Version 1.0/Fall 2010 HIPAA and Privacy Privacy Rule HIPAA requires those covered by the act to provide patients a “Notice of Privacy Practices” when care is first provided. The Privacy Rule covers paper and electronic private health information. Security Rule Goes further than the Privacy Rule in that it covers administrative, physical, and technical data safeguards that must be enacted to secure electronic health record data. Governs who views data, how data is transported electronically, security measures, etc. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Health IT Workforce Curriculum Version 1.0/Fall 2010 What is Privacy? Most privacy law revolves around privacy between a person and the government. According to Wikipedia, “The law of privacy regulates the type of information which may be collected and how this information may be used and stored.” i.e., privacy relates to people. Wikipedia, Online: http://en.wikipedia.org/wiki/Privacy_law, 2010. Information about privacy law. Retrieved: July 6, 2010. Privacy, in this context, means that the fact that I visited my doctor is nobody’s business. This is a private matter. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

What is Confidentiality? Not the same as privacy. According to Wikipedia, “Confidentiality is commonly applied to conversations between doctors and patients. Legal protections prevent physicians from revealing certain discussions with patients, even under oath in court. The rule only applies to secrets shared between physician and patient during the course of providing medical care.” i.e., confidentiality relates to data. Wikipedia, Online: http://en.wikipedia.org/wiki/Confidentiality, 2010. Confidentiality. Retrieved: July 6, 2010.   Confidentiality, in this context, means that the things discussed with my doctor is between me and my doctor. One could say that the fact that you visited your doctor is private and what you and your doctor discuss is confidential! Note that privacy and confidentiality are not mutually exclusive. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Steps to Secure EHR & Records Authenticate & authorize all record access Only those with ‘need to know’ can view. Only pertinent people can change records. Limit who can print electronic documents. All views and changes recorded for audit trail. Examples: A clerk can view the dates and charges related to an office visit but nothing about treatment. Nurses and doctors can view medical records for patients under their care and no one else. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Steps to Secure EHR & Records (cont’d) Device security Apply OS critical updates immediately. AV definitions always current. Restrict physical access to servers. Allow only authenticated device access. Secure electronic communications Encrypt all EHR communications. Client-server environment. Configure user accounts and groups. Implement network access protection mechanisms. Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Steps to Secure EHR & Records (cont’d) Web environment considerations Implement HTTPS for all Web transactions. Validate all data entered into Web forms. Perform regular audits of access and changes Implement redundant devices Ensures that devices are available as expected. Load balance heavily used hardware devices. Prosecute security violations vigorously Backup EHR data with secure storage Component 4/Unit 8c Health IT Workforce Curriculum Version 1.0/Fall 2010

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.