Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.

Slides:

Advertisements

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

Advertisements

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

The Physician’s Answer to Compliance to Privacy Legislation November 2, 2001.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

HIPAA Health Insurance Portability and Accountability Act.

Westbrook Technologies from Document Management’s Role in HIPAA.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

Health Insurance Portability and Accountability Act (HIPAA)

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Data Classification & Privacy Inventory Workshop

 Group: GTR ver M  Grace Chen  Taru Singhal  Robert Szymanek  Michael Parker.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

1 Record Management Medical Center Administrative Group Fall Symposium November 15, 2000 University Audit.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.

HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)

© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.

Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:

The Use of Health Information Technology in Physician Practices

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.

Financial Services Privacy - the interaction of the privacy and financial services regulatory systems Chris Connolly Financial Services Consumer Policy.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Securing Patient-Related Data: The Impact of HIPAA Module VI NUR 603 Russ McGuire.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Eliza de Guzman HTM 520 Health Information Exchange.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

BC Public Libraries November, 2008 Privacy Principles.

Working with HIT Systems

HIPAA Health Insurance Portability and Accountability Act of 1996.

CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.

HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Health Insurance Portability and Accountability Act By Bradley Gleich.

Security Methods for Statistical Databases. Introduction  Statistical Databases containing medical information are often used for research  Some of.

HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.

Human Subjects Update E. Wethington, Chair, UCHS.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.

The legal aspects of eHealth: the specific case of telemedicine Céline Deswarte ICT for Health Unit, European Commission TAIEX Multi-country seminar on.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

Electronic Health Records (EHR)

Employee Privacy and Privacy of Employee Information

American Health Information Management Association

HIPAA Security Standards Final Rule

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Lesson 1: Introduction to HIPAA

ETHICAL PRINCIPLES IN RECORD KEEPING

Presentation transcript:

Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh Cryptography & Internet Commerce January 29, 2001

Overview The Basics: Info-Privacy Principles General Trends: Global Privacy Law Getting Specific: Medical Privacy

The Basics: Information Privacy Principles

Information Privacy Principles [1] Accountability of Data Maintainer Purpose for Data Collection Consent for Data Collection Limits on Data Collection Limits on Storage, Use & Disclosure

Accuracy of Information Safeguards Openness of Policies & Practices User Access & Challenges Compliance & Auditing Information Privacy Principles [2]

General Trends: Global Privacy Law

World: Privacy Law Trends Countries around the world are: –Adopting comprehensive laws to protect privacy –Basing them on OECD and Council of Europe models

EU: Standardizing Privacy EU Privacy Directive prevents unauthorized transmission of personal info to any country that does not adequately protect privacy. Encourages countries to adopt strong privacy legislation and standardize privacy policy across borders.

Canada: Personal Privacy 1983 Privacy Act –Protection for information held by Govt. –Covers ~110 Federal Departments 2000 Personal Information Protection and Electronic Documents Act.

USA: Financial Privacy 1978: Right to Financial Privacy Act 1991: Telephone Consumer Protection Act 1992: Fair Credit Reporting Act 1996: Electronic Fund Transfer Act 1999: Gramm-Leach-Biley Act (Title V) 2000: Safe Harbour Principles (E.U./1998)

Getting Specific: Medical Privacy Regulations “The Only Crypto that Survives is Medical Crypto.”

USA: the HIPAA $tandard 1996 Health Insurance Portability & Accountability Act Improves efficiency of healthcare delivery by standardizing electronic data interchange. Protects health data confidentiality and security by setting and enforcing standards. All Healthcare organizations are affected. Covers all personally identifiable health info in electronic form. Includes paper records and oral communications.

Regulatory Comparisons

Regulatory Criteria [1] Access Controlling access and limiting patient info display. Backup Secure backups to prevent medical data loss. Unique ID Every patient or practicioner is unique like all the others. Logoff Automated signoff after period of inactivity. Audits Capture a historical record of medical data use.

Regulatory Criteria [2] eSignatures & Chart Signing Replacing paper-based signatures. Tracking patient-practicioner interactions. Encryption Protecting, hiding and transmitting confidential records. Patient Access Patients should can see their chart and know who’s looked. Sensitive Info Patient data disclosure control & perfect forward secrecy. Locking Data Original entries cannot be altered or deleted.

Regulatory Comparison criteria:

“I’m a privacy-rights person… the marketplace can function without sacrificing the privacy of individuals.” – George “Dubya” Bush (Business Week, 5 June 2000)

CryptoRights Foundation Mac-Crypto Conference on Macintosh Cryptography & Internet Commerce January 29, 2001 Robert Guerra CryptoRights.org