Internet2 Health Sciences Security SIG – Possible Collaborations Jere Retzer, Internet2 Health Sciences Security SIG Chair, August 3,

Slides:

Advertisements

Similar presentations

INTERNATIONAL HEALTHCARE STANDARDS LANDSCAPE

Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

2 The Use of Health Information Technology in Physician Practices.

Past, Present, Future December 6, 2004 Past, Present, Future December 6, 2004 Physicians, Hospitals and the Evolution of Electronic Medical Records (EMR)

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Training Adult Learners to Use EMR Technology Ruth Bowen Susan Thomas.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

The University of Kansas Medical Center Shadow Experience Training.

© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.

Current and Emerging Use of Clinical Information Systems

Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:

The Use of Health Information Technology in Physician Practices

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

HIMSS – January 28, 2002 Remote Servicing under HIPAA with proposed Solution A John F. Moehrke Chairmen of Remote Servicing Focus Group NEMA/COCIR/JIRA.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Chapter 2 Standards for Electronic Health Records McGraw-Hill/Irwin Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved.

Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.

Internet2 Health Sciences Security Jere Retzer, OHSU March 7, 2001.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,

BUSINESS PROCESS IMPROVEMENT PROPOSAL FOR MEDICAL CENTER ‘X’ CONVERTING INPATIENT SURGICAL MEDICAL RECORDS: From Patient Admissions To Patient Discharge.

+ National and Institutional Guidelines on Conflict of Interest in Physician-Industry Relationships.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Integrating Federated Identity and Web services in the RHIO Environment John Richardson Vice-Chair, Liberty Alliance eHealth SIG Intel Corporation Digital.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.

Lecture (1) Introduction to Health Informatics Dr.Fatimah Ali Al-Rowibah.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

Privacy, Confidentiality, and Security Component 2/Unit 8c.

HIPAA LAWS.  Under the privacy rule, the patient must give consent to use his or her Protected Health Information.  Examples in which consent must be.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

HIPAA Health Insurance Portability and Accountability Act of 1996.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.

10/29/2000 Internet2 Health Sciences Security Working Group Planning Jere Retzer,

Health Insurance portability and Accountability Act (HIPAA)‏

Chapter 19 Manager of Information Systems. Defining Informatics Process of using cognitive skills and computers to manage information.

Component 3-Terminology in Healthcare and Public Health Settings Unit 14-What is Health Information Management and Technology? This material was developed.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

The U. S. Health Care System Challenges, Opportunities and Solutions Fifth National HIPAA Summit Clinical Data Standards and the Creation of an Interconnected,

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.

1 Copyright © 2009, 2006, 2003, 2000, 1997, 1994 by Saunders, an imprint of Elsevier Inc. Chapter 23 Nursing Informatics.

Office of the Secretary Office for Civil Rights (OCR) Enforcement and Policy Challenges in Health Information Privacy Linda Sanches HIPAA Summit Special.

The Medical College of Georgia HIPAA Privacy Rule Orientation.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

The Health Insurance Portability and Accountability Act

Electronic Health Records (EHR)

Health Information Professionals

Understanding HIPAA Dr. Jennifer Lu.

Lesson 1- Introduction to Health Information Technology

Introduction to the PACS Security

Presentation transcript:

Internet2 Health Sciences Security SIG – Possible Collaborations Jere Retzer, Internet2 Health Sciences Security SIG Chair, August 3, 2003

Overview Why an Internet2 Health Sciences Initiative Why a Health Sciences Security SIG How health sciences security is different (and the same) as university security Who are the players? What are the opportunities?

Why Internet2 Health Sciences Internet2 Mission: Develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow’s Internet. Health sciences selected as a key applications focus due to the leading edge demands posed by the health sciences – security, high end imaging, very large and complex data sets

The Health Sciences Challenge Networking Health: Prescriptions for the Internet by the National Research Council – NAP.edu, 2000 Health care called the “trillion dollar cottage industry” -- perhaps most knowledge-intensive industry about where banking was in the 1960s Across the board, in health care, health education, public health, research, security cited as an important barrier

Health Sciences Challenge – Institute of Medicine “To Err is Human” estimates 44,000 – 98,000 accidental US deaths annually due to medical errors Hospitals more dangerous than highways Many preventable with computer systems such as electronic patient records, and computerized physician order entry Culture evolved around paper records before privacy and security became concerns

Health Sciences Challenge – 3 Explosive growth of high end imaging and genetic data – petabytes of valuable and often sensitive data

Why a Health Sciences Security SIG Promote policies, practices, and projects that overcome security and privacy-related barriers to the adoption of emerging Internet technologies in the health sciences. While the health sciences are especially fertile for advanced applications like interactive digital video, large-scale data mining, simulation, imaging and remote instrumentation that can benefit from Internet2, the need to ensure the security and privacy of patient data has slowed the adoption of these high value applications

HIPAA: Health Insurance Portability and Accountability Act of 1996 requires privacy and security in three parts: transaction code sets, privacy and security Privacy rule compliance date April 14, 2003 Final security rule published Feb 20, 2003, compliance required April 21, 2005 (small plans have extra year) Most of us who have been involved with security for a while would call these mainly good common sense Requires risk analysis, physical security, backup and disaster recovery in addition to system security

Health Sciences and University Security – the Same, but Different Both want to use leading edge applications Both need to protect privacy – students, patients Both want inter- institutional access, remote and mobile access But HS often needs to add security to advanced apps Protected Health Information (PHI) is mission critical for HS HS relationships involve PHI, need RBAC and auditability

HS Need High Performance Apps Real-time, interactive video emerging as a mission critical application But PHI must be encrypted Need policies, procedures, forms Needs to be simple, reliable Needs to work through firewalls Emerging need: real-time monitoring, supervision and control of high end imaging, monitoring and diagnostic devices

Complex Systems & Relationships Admitting Patient Records (Paper) Insurance HL7 Radiology EMR PACS Pathology LAB Physicians Research Labs Transcription Government Law Enforcement Residents Patients Marketing Accounting Pharmacy Academic Medical Center Billing

Access to Protected Health Information (PHI) The main order of business for health care An extremely valuable asset Must be encrypted across the Internet Complicated by HIPAA Most would like Role-Based Access and Control (RBAC) Must provide ability to audit access and tell patient who saw their record Special rules for emergencies, law enforcement, AIDS, or “on patient request” Researchers have special rules to “de-identify” data

Mobile/Wireless Devices Use is taking off in health care Present all the usual security headaches How do you control access to PHI once it gets into a PDA? How do you audit access? How do you ensure it is accurate or current?

Electronic Mail Over two thirds of surveyed patients would like to use e- mail to communicate with their physician, and physicians like it too, however is not secure, timely, or assured Generally stored and transmitted in the clear – employer and family access issues How do you know the doc even read it, or when? How do you even know it got there and some error didn’t get inserted in the text? (“Do [not] take with aspirin”) How do you get it into the patient’s record?

So, is HS Security Different? The fundamental issues are really the same The need for security is more critical in some cases, particularly for PHI Access issues are significantly more complex But we’ve already begun to demonstrate standards-based middleware can work In some cases, I think HS is simply the first to confront issues that education in general will need to confront in the future

Who are the Players? Educause/Internet2 Security Task Force Internet2 Medical Middleware - Shibboleth AAMC – American Association of Medical Colleges Group on Information Resources NIH – NLM – National Library of Medicine NCRR – National Center for Research Resources NIBIB – National Institute for Biomedical Imaging and Bioengineering NCI – National Cancer Institute HHS AHRQ – Agency for Healthcare Research & Quality

The Players - 2 NIST – National Institute for Standards & Technology AMIA – American Medical Informatics Association eHealthinitiative, NHII HL7 – Health Level 7 working group WEDI – Workgroup on Electronic Data Interchange HIMSS - Healthcare Information and Management Systems Society RSNA – Radiological Society of North America Corporate: GE, Phillips, Siemens, Johnson & Johnson, EI Lilly, Pfizer …

What are the Opportunities? Security at line speed Standards-based access between entities Role-based Auditable Verified integrity Security everywhere

An Invitation Join the Please dive in – the need is great and money is possible for worthy projects Please join us at the Internet2 Fall Member Meeting in Indianapolis in October for an organizational discussion of the Internet2 Health Sciences SIG (to be scheduled)