Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Are you ready for HIPPO??? Welcome to HIPAA
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.
The Use of Health Information Technology in Physician Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Securing Patient-Related Data: The Impact of HIPAA Module VI NUR 603 Russ McGuire.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
Privacy, Confidentiality, and Security Component 2/Unit 8c.
Working with HIT Systems
Medical Manager Unit 9 ICBS 170. Medical Manager Electronic Data Interchange (EDI)  Ability to request, receive, transfer and integrate information electronically.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Health Insurance Portability and Accountability Act of 1996.
Unit 7 Seminar.  According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI EMS Training Dept.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Information Security and Privacy in HRIS
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Understanding HIPAA Dr. Jennifer Lu.
CSIA 412 Final Project 10 July 2015 By: Brandon D. Waugh
Health Care: Privacy in a Digital Age
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Enforcement and Policy Challenges in Health Information Privacy
Presentation transcript:

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning Vanderbilt University Medical Center June 19, 1999 Julius S. Aronofsky Lecture in Health Care Information Systems:

Presentation delivered at 3rd Annual “Enhancing Your Clinical Practice - Internet and New Technology Trends” Sponsored by: The Office of Continuing Education of The University of Texas Southwestern Medical Center at Dallas

Objectives: Understand –basic context for information security and confidentiality –current practices and risks regarding confidentiality –impact of EMR on ability to protect privacy –needs for organizational practices as well as technical practices (policies, agreements, and continuous learning) Learn about directions in Washington and upcoming requirements for your practices –HIPPA security standards –Proposed health information privacy legislation Know key sources of information about this topic

Agenda Key Concepts Discussion: Current Practices & Concerns Key Changes We Face Expected Electronic Health Data Security Requirements Questions & Discussion

Health Care Resources Health Care Delivery Processes Depend on Acquisition, Utilization, and Management of Many Kinds of Resources

Security Health Care Delivery Depends On Financial Resources Human Resources Physical Resources Information & Knowledge Resources

Key Concept: Information Security Components Confidentiality (Privacy) –Access control –Disclosure requires authorization –Need to know Availability –Accessible when & where needed Integrity –Records are complete –No unauthorized changes

Information Security Integrity Availability Confidentiality Information Systems Security Health Information Security Protection of Electronic Health Information

Discussion: Current Practices and Concerns (1) Share one of the biggest challenges or risks to health information privacy in your practice today OR a health information privacy issue you have faced recently (2) Share a practice that has improved protection of health information in your office or clinic

What Changes are We Facing? Increased use of electronic medical records (EMR) and internet communications –Expectation that health records are on-line, with decision support –Information provided directly by health care consumers in on-line interactions with providers –Portable, hand-held computing

EMR and Confidentiality EMR Risks –Easy to disclose vast quantities of information –Ability to link records across systems –Insufficient security & training in many EMR environments –Hackers keep pace with technology

EMR and Confidentiality EMR Benefits –Audit trails –Encryption –Access controls –Can remove identifiers –Can share without making copies

What Changes are We Facing? Health Insurance Portability and Accountability Act of 1996 (HIPAA) –DHHS rules governing security of electronic health information –Apply to all individual health care information electronically maintained or used in an electronic transmission Federal legislation on health information privacy

For the Record: Protecting Electronic Health Information National Research Council Study of Current Best Practice (1997) Recommendations: –Organizational practices for immediate implementation –Technical practices for immediate implementation for future implementation Basis for HIPAA Security Standard

Organizational Practices Security & Confidentiality Policies* Security & Confidentiality Committees Information Security Officers* Education and Training* Sanctions* Improved Authorization Forms** Patient Access to Audit Logs**

Technical Practices Individual authentication of users* Access controls* Audit trails* Physical security & disaster recovery* Protection of remote access points* Protection of external electronic communications* Software discipline* System assessment*

Scenario for Security Standards Proposed Security Standard includes “Small or Rural Provider Example” Outlines how the requirements might be implemented Expectation that software vendors will provide support Excerpts...

Joint Commission on Accreditation of Healthcare Organizations Current JCAHO standards require classification and protection of information Already at work to incorporate HIPAA standards

Information Resources DHHS web site has rules proposed under HIPAA and other information: Computer-based Patient Records Institute has very useful publications on information security:

Health Information Privacy Legislation HIPAA required action by Congress by August 1999 on health information privacy or DHHS to issue final rules None of bills introduced in 106th Congress likely to pass by HIPAA deadline Expect amendment of HIPAA to extend deadline For information on legislative proposals, see Library of Congress web site at

Common Elements of Proposals Requirements for patient authorization for most kinds of disclosures Patient notice about rights and use of health information Patient right to review and amend Limit disclosure to minimum information needed Requirement to track disclosures Require safeguards for confidentiality, security, accuracy, integrity Criminal and civil penalties

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.