August 21-24, 2007 Privacy and Security Leaders as Partners in Patient-Centered Care Presented by Samuel P. Jenkins, FACHE Director, Defense Privacy Office.

Slides:



Advertisements
Similar presentations
VOLUNTARY PRINCIPLES ON SECURITY & HUMAN RIGHTS. What are the Voluntary Principles? Tripartite, multi-stakeholder initiative Initiated in 2000 by UK Foreign.
Advertisements

| Implications for Health Information Exchange – MetroChicago January 2011.
Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
Capacity Task Force Virginia Health Reform Initiative January 14, 2011
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Health Information Technology Nationwide Activities and Issues Roy H. Wyman, Jr. May 7, 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Health IT Policy Committee Federal Health IT Strategic Plan September 9, 2015.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
The 2009 HIMSS Security Survey: Insights into the Status of Healthcare Security Implementation sponsored by Symantec Meeting of the HIT Standards Committee,
Local Public Health System Assessment using the NPHPSP Local Instrument Essential Service 6 Enforce Laws and Regulations that Protect Health and Ensure.
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
State Alliance for e-Health Conference Meeting January 26, 2007.
Georgia Department of Human Services Division of Aging Services (DAS): Data Breach Presenter:Harold Johnson Acting General Counsel Presentation to: Board.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
Health Information Technology The Texas Landscape Presentation to TASSCC 2010 Nora Belcher Texas e-Health Alliance August 3, 2010.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
Personal Health Records: Increasing Health Care Value Through Enhanced Patient Engagement National Health Policy Conference February 5, 2008 Jodi G. Daniel,
Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.
Eliza de Guzman HTM 520 Health Information Exchange.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
© 2004 Moses & Singer LLP HIPAA and Patient Privacy Issues Raised by the New Medicare Prescription Drug Program National Medicare Prescription Drug Congress.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Western Asset Protection
Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Overview of ONC Report to Congress on Health Information Blocking Presented to the Health IT Policy Committee, Task Force on Clinical, Technical, Organizational,
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.
Consumer and Provider Education and Engagement Breakout Session Betsy Abramson, Wisconsin Coalition Against Domestic Violence Alison Bergum, UW Population.
1 An Overview of Process and Procedures for Health IT Collaboration GSA Office of Citizen Services and Communications Intergovernmental Solutions Division.
Confidential: The contents of this document are internal pre-decisional records of the DHS and individuals receiving and reviewing this document must not.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
© 2014 By Katherine Downing, MA, RHIA, CHPS, PMP.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.
CIS 170 MART Teaching Effectively/cis170mart.com FOR MORE CLASSES VISIT HCA 497 MART Inspiring Minds/hca497mart.com FOR MORE CLASSES.
HCA 497 MART Experience Tradition /hca497mart.com FOR MORE CLASSES VISIT
Red Flags Rule An Introduction County College of Morris
American Health Information Management Association
Enforcement and Policy Challenges in Health Information Privacy
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Presentation transcript:

August 21-24, 2007 Privacy and Security Leaders as Partners in Patient-Centered Care Presented by Samuel P. Jenkins, FACHE Director, Defense Privacy Office The Privacy Symposium – Summer 2007 Cambridge, MA

2 Agenda Military Health System (MHS) Background Patient-Centered Privacy and Security Landscape The Case for Privacy and Security Leaders as Partners in Patient-Centered Care

3 MHS is a leader in the healthcare industry as a government provider and payor

4 What Makes the Military Health System Unique? CharacteristicsDescription Size of staffSupport staff of 132,500+ individuals (more for HIPAA training) Mobile and relocatingReach a highly mobile workforce with frequent changes in work location Global locationsServe facilities and beneficiaries stationed in many countries and the battlefield Distinct Branches of Service Integrate large organizational units with distinct business processes (Army, Navy, Air Force and Coast Guard) Multiple time zonesConduct business in almost every time zone Diverse patient and employee population Require knowledge of many diverse cultures Foreign language requirements Perform work in multiple languages

Patient-Centered Privacy and Security Landscape

6 Privacy and security leaders can be powerful and effective partners in protecting patient data "While comprehensive data do not exist, available evidence suggests that breaches of sensitive personal information have occurred frequently and under widely varying circumstances. –For example, more than 570 data breaches were reported in the news media from January 2005 through December 2006, according to lists maintained by private groups that track reports of breaches. These incidents varied significantly in size and occurred across a wide range of entities, including federal, state, and local government agencies; retailers; financial institutions; colleges and universities; and medical facilities. –The extent to which data breaches have resulted in identity theft is not well known, largely because of the difficulty of determining the source of the data used to commit identity theft." Source: GAO , June 4, 2007

7 The potential for identity theft presents a challenge to patient confidence and adoption of EHRs and PHRs More dangerous than financial identity theft, medical identity theft may also harm its victims by creating false entries in their health records at hospitals, doctors' offices, pharmacies, and insurance companies Rising healthcare costs are driving instances of medical identity theft, in which individuals use the names and medical records of others to obtain healthcare

8 Responding consumers indicate that loss of their personal healthcare information ranks among their top five concerns *Source: 2007 Survey on Consumer Privacy, June 2007

9 Responding consumers express most concern about potential data loss by healthcare organizations *Source: 2007 Survey on Consumer Privacy, June 2007

10 The Department of Health and Human Services (HHS) is working to address data protection challenges

11 HHS has engaged a range of U.S. healthcare industry stakeholders to support widespread EHR/PHR adoption

12 The AHIC Confidentiality, Privacy and Security (CPS) Workgroup recommends data protection measures to HHS Current working hypothesis under consideration –All persons and entities that participate in an electronic health information exchange network, at a local, state, regional or nationwide level, through which individually identifiable electronic health information is stored, compiled, transmitted, or accessed, should be required to meet privacy and security criteria at least equivalent to relevant HIPAA requirements. Potential Impacts –The working hypothesis, if adopted, would extend the HIPAA regulations and codify requirements to business associates and other non-covered entities. –This may impact structure and content of Business Associate Agreements, Data Use Agreements, Memoranda of Understanding between some healthcare partners.

13 Data protection interests are appearing in federal privacy and security legislation Key Privacy Legislation Proposed* Leahy-Spector Personal Data Privacy and Security Act of 2007 – S 495.IS Data Accountability and Trust Act – HR 958.IH Cyber Security Enhancement and Consumer Data Protection Act of 2007 – HR 836.IH Notification of Risk to Personal Data Act of 2007 – S 239.IS VIP Act – HR 1307.IH (applies to victims of the 2006 VA breach only) Prevention of Fraudulent Access to Phone Records – HR 936.IH Data Protection Issues Close watch on government “databanks” Review underway of present laws –DHS, Data Privacy and Integrity Advisory Committee –NIST, Information Security Privacy Advisory Board Recent security breaches –Increased sense of urgency –Covered personal information –Credit file freeze rules –Social security numbers usage Trigger notification –Acquisition or access? –“Reasonable” or significant risk of identity theft? –Actual harm? –When to notify regulators? –When to notify individuals at risk? Spyware inhibiting routine business process *As of June 2007

The Case for Privacy and Security Leaders as Partners in Patient-Centered Care

15 The movement from paper to electronic healthcare data is changing the landscape Governance issues are paramount in ensuring patient- centered privacy and security is implemented Roles and responsibilities and lines of authority must be clearly defined Policy requirements overlap privacy and security areas requiring collaboration Training messages can be consolidated to address both privacy and security concerns

16 The shifting threat requires privacy and security leaders to act together to prevent potential intrusions *Source: Electronic Privacy Information Center,

17 Privacy and security leaders can partner to implement controls to protect against probable causes Source: The Business Impact of Data Breach survey by Ponemon Institute, May 2007

18 Proactive measures must be taken to protect healthcare information from most frequent failures Source: The Business Impact of Data Breach survey by Ponemon Institute, May 2007

19 Privacy and security professionals can combine skills and resources to address threats to healthcare data Most serious threat to an organization is sometimes overlooked – that is, the formal and informal organizational boundaries erected between privacy and security Privacy and security must work hand in hand for true compliance in healthcare settings –Is it reflected in policies? –In organizational structure? –In roles and responsibilities? –In lines of authority? We must strive to build partnerships and a shared vision between the privacy and security leaders – focus on protecting patient data

20 What we have learned – there are risks that must be managed

21 Thank You 2007 Consumer Survey on Data Security by Ponemon Institute - Centers for Medicare and Medicaid Services (CMS) HHS Health IT Efforts - HHS Office for Civil Rights (OCR) - TMA Privacy Office - TMA Privacy Office Contact - The Business Impact of Data Breach survey by Ponemon Institute

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.