Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

Slides:



Advertisements
Similar presentations
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Advertisements

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Dr. Yaseen Hayajneh Health Insurance Portability and Accountability Act Yaseen HayajnehYaseen Hayajneh RN, MPH, PhD.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
Informed Consent.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
14 May Privacy Requirements Phoenix Ambulatory Blood Pressure Monitoring System © 2006 Christopher J. Adams Copying and distribution of this document.
HIPAA Privacy and Research August 21, 2015
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
HIPAA – How Will the Regulations Impact Research?.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Eliza de Guzman HTM 520 Health Information Exchange.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Configuring Electronic Health Records Privacy and Security in the US Lecture c This material (Comp11_Unit7c) was developed by Oregon Health & Science University.
Working with HIT Systems
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Health Insurance Portability and Accountability Act of 1996.
Western Asset Protection
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
Public Health IT Privacy, Confidentiality and Security of Public Health Information This material (Comp13_Unit2) was developed Columbia University, funded.
Installation and Maintenance of Health IT Systems System Security Procedures and Standards Lecture a This material Comp8_Unit6a was developed by Duke University,
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA PRIVACY & SECURITY TRAINING
Health Information Privacy & Security
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
The Health Insurance Portability and Accountability Act
HIPAA & PHI TRAINING & AWARENESS
The Health Insurance Portability and Accountability Act
Office of Audit, Compliance & Privacy
Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.
The Health Insurance Portability and Accountability Act
Presentation transcript:

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC

Privacy and Security in the US Learning Objectives Compare and contrast the concepts of privacy and security (Lecture a) List the regulatory frameworks for an EHR (Lecture b, c) Describe the concepts and requirements for risk management (Lecture d) Describe authentication, authorization and accounting (Lecture d) Describe passwords and multi-factor authentication and their associated issues (Lecture d) Describe issues with portable devices (Lecture d) Describe elements of disaster preparedness and disaster recovery (Lecture e) Describe issues of physical security (Lecture e) Describe malware concepts (Lecture f) 2 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Legal and Regulatory Framework Federal laws Federal regulations State laws State regulations Institutional policy 3 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Use Primary Sources Do not depend on secondary sources Government Printing Office: –“…produce, protect, preserve, and distribute documents of our democracy.” (GPO, n.d.) 4 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Federal Laws “Health Insurance Portability and Accountability Act of 1996” –Public Law 104–191—Aug. 21, 1996 “American Recovery and Reinvestment Act of 2009” –Public Law 111–5—Feb. 17, Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

HITECH Title XIII—Health Information Technology “Health Information Technology for Economic and Clinical Health Act’’ or the ‘‘HITECH Act’’ Established the Office of the National Coordinator for Health Information Technology Established Meaningful Use Established training grants 6 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

HIPAA Privacy From SEC Recommendations with respect to privacy of certain health information. (b) SUBJECTS FOR RECOMMENDATIONS.—The recommendations under subsection (a) shall address at least the following: (1) The rights that an individual who is a subject of individually identifiable health information should have. (2) The procedures that should be established for the exercise of such rights. (3) The uses and disclosures of such information that should be authorized or required. 7 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

HITECH Subtitle D—Privacy PART 1—IMPROVED PRIVACY PROVISIONS AND SECURITY PROVISIONS –Sec Application of security provisions and penalties to business associates of covered entities; annual guidance on security provisions. –Sec Notification in the case of breach. –Sec Education on health information privacy. –Sec Application of privacy provisions and penalties to business associates of covered entities. –Sec Restrictions on certain disclosures and sales of health information; accounting of certain protected health information disclosures; access to certain information in electronic format. –Sec Conditions on certain contacts as part of healthcare operations. –Sec Temporary breach notification requirement for vendors of personal health records and other non-HIPAA covered entities. –Sec Business associate contracts required for certain entities. –Sec Clarification of application of wrongful disclosures criminal penalties. –Sec Improved enforcement. –Sec Audits. 8 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Federal Regulations Code of Federal Regulations –The Code of Federal Regulations (CFR) annual edition is the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the Federal Government. It is divided into 50 titles that represent broad areas subject to Federal regulation. tionCfr.action?collectionCode=CFRhttp:// tionCfr.action?collectionCode=CFR Title 45: Public Welfare 9 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Privacy Rule “ The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, healthcare clearinghouses, and those healthcare providers that conduct certain healthcare transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. The Privacy Rule is located at 45 CFR Part 160 and Subparts A and E of Part 164.” (US Department of Health & Human Services, 2008) 10 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Security Rule “The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164.” (US Department of Health & Human Services,2009) 11 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Definitions: Covered Entity (1) A health plan. (2) A healthcare clearinghouse. (3) A healthcare provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter. 12 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Definitions: Business Associate (1) Except as provided in paragraph (2) of this definition, business associate means, with respect to a covered entity, a person who: (i) On behalf of such covered entity or of an organized healthcare arrangement (as defined in § of this subchapter) in which the covered entity participates, but other than in the capacity of a member of the workforce of such covered entity or arrangement, performs, or assists in the performance of: (A) A function or activity involving the use or disclosure of individually identifiable health information …; or (B) Any other function or activity regulated by this subchapter; or (ii) Provides … management, administrative, accreditation, or financial services to or for such covered entity, or to or for an organized healthcare arrangement in which the covered entity participates, where the provision of the service involves the disclosure of individually identifiable health information from such covered entity or arrangement, or from another business associate of such covered entity or arrangement, to the person. 13 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Protected Health Information From HITECH SEC Definitions: Protected Health Information. –The term ‘‘protected health information’’ has the meaning given such term in section of title 45, Code of Federal Regulations. 14 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

PHI From CFR Protected health information means individually identifiable health information: (1) Except as provided in paragraph (2) of this definition, that is: (i) Transmitted by electronic media; (ii) Maintained in electronic media; or (iii) Transmitted or maintained in any other form or medium. (2) Protected health information excludes individually identifiable health information in: (i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 USC. 1232g; (ii) Records described at 20 USC. 1232g(a)(4)(B)(iv); and (iii) Employment records held by a covered entity in its role as employer. 15 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Specific Items Items are listed in § (a): –Standard: de-identification of protected health information. Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information. 16 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Specific Items (continued) (2)(i) The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed: (A) Names; (B) All geographic subdivisions smaller than a State …; (C) All elements of dates (except year) for dates directly related to an individual, …; (D) Telephone numbers; (E) Fax numbers; (F) Electronic mail addresses; (G) Social security numbers; (H) Medical record numbers; (I) Health plan beneficiary numbers; (J) Account numbers; (K) Certificate/license numbers; (L) Vehicle identifiers and serial numbers, including license plate numbers; (M) Device identifiers and serial numbers; (N) Web Universal Resource Locators (URLs); (O) Internet Protocol (IP) address numbers; (P) Biometric identifiers, including finger and voice prints; (Q) Full face photographic images and any comparable images; and (R) Any other unique identifying number, characteristic, or code Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Privacy and Security in the US Summary – Lecture b Primary sources of Federal legislation and regulations Federal Privacy and Security in the US Legislation –HIPAA –HITECH –Code of Federal Regulations 18 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Privacy and Security in the US References – Lecture b References American Recovery and Reinvestment Act of 2009, Public Law 111-5, 123 Stat. 115 (2009). Health Information Technology for Economic and Clinical Health Act, Title XIII of Public Law 111-5, 123 Stat. 115 (2009). Health Insurance Portability and Accountability Act of 1996, Public Law 104–191, 110 Stat (1996). US Department of Health & Human Services. (2008). The Privacy Rule, from US Department of Health & Human Services. (2009). The Security Rule, from US Government Printing Office ( ). Strategic Plan; Mission. Retrieved Jan 2012 from Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture b

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.