Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Technological Security Implementation and Privacy Protection.

What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

Working with Health IT Systems HIT System Planning, Acquisition, Installation, & Training: Practices to Support & Pitfalls to Avoid Lecture b This material.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Working with Health IT Systems Health IT in the Future Lecture a This material (Comp7_Unit11a) was developed by Johns Hopkins University, funded by the.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Introduction to Project Management Managing Project Time, Cost, and Procurements Lecture a This material (Comp19_Unit6a) was developed by Johns Hopkins.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

HIPAA Compliance. What is it? The federal Health Insurance Portability and Accountability Act of Ensures the privacy rights of patients.

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Working with Health IT Systems Fundamentals of Usability in HIT Systems—What Does it Matter? Lecture b This material (Comp7_Unit5b) was developed by Johns.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.

Eliza de Guzman HTM 520 Health Information Exchange.

Configuring Electronic Health Records Meaningful Use and Implementation Lecture b This material (Comp11_Unit8b) was developed by Oregon Health & Science.

Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Unit 6a System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Component 7: Working with HIT Systems This material was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office.

Working with HIT Systems

Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.

Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.

Working with Health IT Systems HIT System Planning, Acquisition, Installation, & Training: Practices to Support & Pitfalls to Avoid Lecture a This material.

Working with HIT Systems Unit 8a: HIT system planning, acquisition, installation, and training: Practices to Support & Pitfalls to Avoid This material.

The IT Vendor: HIPAA Security Savior for Smaller Health Plans?

REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,

Component 8 Installation and Maintenance of Health IT Systems Unit 9b Creating Fault-Tolerant Systems, Backups, and Decommissioning This material was developed.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.

Working with Health IT Systems

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.

Introduction to Project Management Project Life Cycles Lecture b This material (Comp19_Unit2b) was developed by Johns Hopkins University, funded by the.

Component 9 – Networking and Health Information Exchange Unit 9-1 Privacy, Confidentiality, and Security Issues and Standards This material was developed.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,

Health Management Information Systems Health Information Systems Overview Lecture b This material Comp6_Unit2b was developed by Duke University, funded.

Installation and Maintenance of Health IT Systems System Security Procedures and Standards Lecture a This material Comp8_Unit6a was developed by Duke University,

© 2016 Health Information Management Technology: An Applied Approach Chapter 10 Data Security.

Working with Health IT Systems

No audio. Recording preparation.

Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.

Final HIPAA Security Rule

County HIPAA Review All Rights Reserved 2002.

The Practical Side of Meaningful Use:

Thursday, June 5 10: :45 AM Session 1.01 Tom Walsh, CISSP

HIPAA Security Standards Final Rule

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Presentation transcript:

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC00013.

Protecting Privacy, Security, and Confidentiality in HIT Systems Learning Objectives ─ Lecture a Explain and illustrate privacy, security, and confidentiality in HIT settings. Identify common threats encountered when using HIT. Formulate strategies to minimize threats to privacy, security, and confidentiality in HIT systems. 2 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Physical Safeguards Facility Access Controls 3 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Physical Safeguards Examples Workstation Use Workstation Security Device and Media Controls (e.g., media disposal, access to backup and storage media) 4 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Physical Safeguards Examples Device and Media Controls –media disposal –access to backup and storage media 5 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Technical Safeguards Examples Access Control –Unique user identification –Emergency access –Automatic logoff –Encryption/decryption 6 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Technical Safeguards Examples Audit Controls Integrity 7 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Technical Safeguards Examples Person or Entity Authentication –Password/passphrase/PIN –Smart card/token/key –Biometrics –Two factor authentication 8 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Technical Safeguards Examples Transmission Security –Integrity controls –Encryption 9 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Risk Analysis and Management Analysis –Gather data on potential threats and vulnerabilities –Assess current security measures –Determine likelihood, impact and level of risk –Identify needed security measures Management –Develop a plan for implementation –Evaluate and maintain security measures 10 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Meaningful Use Criteria for meaningful use of EHRs related to privacy, security, and confidentiality meant to align with HIPAA Emphasizes need to conduct a risk analysis Some specific requirements for EHR vendors 11 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Protecting Privacy, Security, and Confidentiality in HIT Systems Summary—Lecture b Privacy, security, and confidentiality in HIT settings Common threats encountered when using HIT Strategies to minimize threats to privacy, security, and confidentiality in HIT systems 12 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Protecting Privacy, Security, and Confidentiality in HIT Systems References—Lecture b References American Health Information Management Association. Available from: Ensuring Security of High-Risk Information in EHRs c2008. Available from: HIPAA Security Series: Security 101 for Covered Entities.c2004 Available from: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. c2008. Available from: 5.pdf 5.pdf Scribd. Mobility Infrastructure Solution Design Guide. c2008. Available from: U.S. Department of Health and Human Services. Available from: 13 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

Protecting Privacy, Security, and Confidentiality in HIT Systems References—Lecture b 14 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b Images Slide 3: HIPPA Security Bulletins. Courtesy HIPPA. Available from: Slide 5: Logo of the Federal Trade Commission. Courtesy Federal Trade Commission. Slide 6: Cloud Computing will Challenge Security Policies. Courtesy U.S. Dept. of Commerce Slide 7: The Field of Security Has to Adapt. Courtesy National Institutes of Health (NIH) Slide 8: A Sophisticated Users’ Station. Courtesy National Science Foundation (NSF) Available from: Slide 9: Transmission Security Controls Prevent Unauthorized Access to ePHI. Available from: