Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,

Slides:



Advertisements
Similar presentations
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Advertisements

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Are you ready for HIPPO??? Welcome to HIPAA
Health Insurance Portability and Accountability Act (HIPAA)
E-HIM ™ : It Will Transform Your Job! By Beth Hjort, RHIA, CHP National Health Information and Technology Week November 7–13, 2004.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,
Health Sciences.  Principles  Code of Conduct for right and wrong  Values  Core of all health care decisions.
The University of Kansas Medical Center Shadow Experience Training.
Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)
Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
State Alliance for e-Health Conference Meeting January 26, 2007.
Compliance with FDA Regulations: Collecting, Transmitting and Managing Clinical Information Dan C Pettus Senior Vice President iMetrikus, Inc.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
+ National and Institutional Guidelines on Conflict of Interest in Physician-Industry Relationships.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
HIPAA LAWS.  Under the privacy rule, the patient must give consent to use his or her Protected Health Information.  Examples in which consent must be.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI EMS Training Dept.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.
© 2014 By Katherine Downing, MA, RHIA, CHPS, PMP.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
Protection of Personal Information Act An Analysis on the impact.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
Health Insurance Portability and Accountability Act
The Ethics of Telepsychology
Electronic Health Records (EHR)
Privacy & Confidentiality
Health Insurance Portability and Accountability Act
Move this to online module slides 11-56
Disability Services Agencies Briefing On HIPAA
Healthcare Data Privacy and Security in the Era of Big Data
American Health Information Management Association
National Congress on Health Care Compliance
The Health Insurance Portability and Accountability Act
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Lesson 1: Introduction to HIPAA
Health Insurance Portability and Accountability Act
Health Insurance Portability and Accountability Act
Presentation transcript:

Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President, Privacy & Information Security, Assistant Counsel University of Pittsburgh Medical Center Adjunct Assistant Professor of Biomedical Informatics University of Pittsburgh School of Medicine Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President, Privacy & Information Security, Assistant Counsel University of Pittsburgh Medical Center Adjunct Assistant Professor of Biomedical Informatics University of Pittsburgh School of Medicine

2 Questions What is Privacy? What is Confidentiality? What is (Information) Security?

3 Security, Privacy & Confidentiality Privacy - the state of being free from intrusion or disturbance in one's private life or affairs. (Random House Dictionary) Confidentiality - The ethical principle or legal right that a physician or other health professional will hold secret all information relating to a patient, unless the patient gives consent permitting disclosure. (The American Heritage® Stedman's Medical Dictionary) Security - Protection against unauthorized access to, or alteration of, information and system resources including CPUs, storage devices and programs. (Free On-line Dictionary of Computing)

4 Security, Privacy & Confidentiality (Information) Security Keeping the bad guys out. Privacy Confidentiality Making sure that those people who have access to information, only access the information for appropriate purposes.

5 Health Privacy Laws in Pennsylvania PA Medical Records Laws HIPAA Privacy Rule ARRA Privacy Rule Federal & State “Sensitive Information laws

6 Observation We have reached a tipping point where the volume and complexity of privacy regulations have made compliance extremely difficult

7 Observation Even intelligent, well educated and informed individuals do not fully or accurately understand the privacy regulations

8 Result Many institutions inappropriately implement privacy regulations

9 Reality Timely, accurate and complete information is necessary to provide effective and efficient health care

10 Challenge To provide the right information to the right individual at the right time

11 Failure must be defined in terms of impacting patient care Patients often do not know what they really want Arbitrary or overly restrictive barriers HIPAA contemplates taking reasonable steps If we must error, error to the benefit of ensuring that good quality patient care is delivered Failure

12 Privacy Is a Balance Privacy is a balance between: An individual’s right to have his / her information kept confidential A provider’s need for information to support the delivery of effective and efficient healthcare Public / societal interests Practically speaking privacy is not an absolute

13 Privacy Is a Societal Value In good faith people have substantial differences of opinion regarding the value and importance of privacy

14 Reality The Healthcare industry is quickly moving towards a highly integrated and highly distributable electronic health records environment

15 Global Access to Information Health Information Exchanges Nationwide Health Information Network

16 The Move to Electronic Health Records The implementation of an electronic health records environment fundamentally changes the manner in which privacy must be viewed and addressed

17 How is Privacy Different? Local Availability vs. Global Availability

18 Paper Records - Local Availability Information is locked up in a file cabinet or the Medical Records Department

19 Electronic Records - Global Availability Information is: Accessible through an institution’s electronic health records system(s) Accessible via an HIE Accessible via the Internet on the NHIN(future)

20 Myth Institutions all operate a single monolithic health information system

21 Examples of Issues Impractical to honor patient request for additional privacy protections / consents Difficult to perform new accounting of disclosure requirements Difficult to comply with new “Pay for out of pocket in full” restrictions.

22 Computers are STUPID! WARNING!

23 The Evolution of Privacy in EHRs

24 System Flexibility It is difficult to develop / implement information system controls that support privacy while providing the flexibility necessary to ensure the efficient and effective delivery of health care

25 System Flexibility Due to the difficult in developing / implement information system controls that support privacy, institutions often establish structural barriers (separate systems, shadow records, paper records, etc).

26 Immediacy Prospective controls and structural barriers often impede access to information in emergent situations and significantly reduce efficiency

27 Should psychiatric information be segregated? Example – Psychiatric Information

28 Should psychiatric Information be segregated? Information results from services provided by a PCP or in an acute care setting Access is often important in emergent situations Drug – to – drug interactions Alternative diagnosis? Drug diversion? Example – Psychiatric Information

29 Where do you draw the line? Question

30 In The End Institutions must be diligent in training their work force Enforcement is vital

31 Commercial