Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Privacy Practices for Electronic Health Records Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT.

Published byCassandra Black Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and Privacy Practices for Electronic Health Records Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT."— Presentation transcript:

1 Security and Privacy Practices for Electronic Health Records Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT

2 Intermountain Healthcare Formed 1975 Not-for-profit Integrated system 20 Hospitals > 100 clinics 6M patient encounters/yr (2007) $3.6B revenue (2007) Clinical Programs

3 Information Systems Internally-developed systems Enterprise-wide, longitudinal record Nationally recognized leader Clinical decision-support –Chronic disease management –Hospital-acquired infection detection –Adverse drug event detection –Resistant strain infection monitoring

4 Outcomes at Intermountain Dartmouth Atlas of Healthcare “The Mayo Clinic and Intermountain Healthcare have reputations for excellence and are noted for their leading research efforts in rationalizing the clinical pathways for managing chronic illness. Because they provide higher quality care at lower cost, the utilization rates in Salt Lake City, Rochester, Minnesota, and Portland, Oregon are useful benchmarks for estimating the potential savings from a successful national effort to improve efficiency in managing chronic illness… The Salt Lake City benchmark results in the greatest estimated reduction in acute care hospital spending. If, over the four years of our study, hospital utilization rates had been at the level of Salt Lake City, Medicare spending for inpatient care would have been reduced by 32.4%, with physician visit savings of 34%.”

5 Outcomes at Intermountain Dennis A. Cortese, MD President and CEO, Mayo Clinic “If I were ever diagnosed with diabetes, I would want to be treated by Intermountain Healthcare in Salt Lake City. They have the best outcomes in the country – and the lowest costs.” KARE-NBC, Channel 11 (Minneapolis) “Utah Gets it Right,” February 8, 2008

6 Outcomes at Intermountain

7 Intermountain Information Systems Intermountain Healthcare is able to deliver –Consistent, high quality medical care –At the lowest possible cost …in part because of enterprise-wide information systems that permit users to –Share data across time and space between providers –Analyze data across populations to eliminate inappropriate variation

8 Technical Safeguards Harmonization of HIPAA, SOX, PCI, GLB Physical network security Encryption –Mobile devices –Backup media User security –Single master directory –Provisioned according to role using templates –Log user activity

9 Proactive Auditing and Monitoring Scan 16+ million access events per month Triggers for further investigation –employees looking at records of family members –Employees looking at records of co-workers Review ALL access to records of high profile patients (VIPs, individuals in the news, etc) –2008 – 47 patients audited, 0 inappropriate accesses –2007 – 50 patients audited, 4 inappropriate accesses Demonstrated reduction in inappropriate access violations over last 5 years through consistently auditing access and disciplining employees

10 Policy and Education

11 Policies and procedures on intranet Ongoing employee education – New employee orientation –Annual mandatory compliance training –Job-specific privacy training –Employee newsletter articles Annual risk assessment of privacy and security concerns

12 Holding Employees Accountable Matrix of recommended sanctions –Unintentional, intentional or malicious –Access or Disclosure –Number of records involved –First offense or repeat offense Employees have been terminated for privacy/security violations (incl. MDs) Ensures consistent application of sanctions for similar actions

13

14 Summary We use information systems in order to achieve consistent, high quality outcomes at lower cost for every patient We protect patient privacy through –“Best practices” in technical security –Establishing a culture of individual accountability

15 HIT Legislation Intermountain supports legislation that encourages adoption of HIT Intermountain is concerned about unrealistic expectations about HIT capacity –We currently do not have the capacity to fully comply with the proposed accounting for disclosures requirement contained in the Ways & Means and Energy & Commerce HIT bills

Download ppt "Security and Privacy Practices for Electronic Health Records Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT."

Similar presentations

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
MEDICAL HOME 1/2009 Mary Goldman, D.O., President of MAOFP.

MEDICAL HOME 1/2009 Mary Goldman, D.O., President of MAOFP.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Effective Integration of HIPAA Information Security with Privacy Compliance Richard B. Boyer, Privacy Officer Jody S. Hawkins, Information Security Officer.

Effective Integration of HIPAA Information Security with Privacy Compliance Richard B. Boyer, Privacy Officer Jody S. Hawkins, Information Security Officer.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Copyright ©2011 Freedman Healthcare, LLC All Payer Claims Datasets: Big Data is Coming to Public Health Officials, Providers and Patients Near You StrataRx.

Copyright ©2011 Freedman Healthcare, LLC All Payer Claims Datasets: Big Data is Coming to Public Health Officials, Providers and Patients Near You StrataRx.
Integrated Care for Patients With Late-Stage Chronic Illness Advanced Illness Management (AIM) Medical Foundations & Groups Home-Based Services Hospitals.

Integrated Care for Patients With Late-Stage Chronic Illness Advanced Illness Management (AIM) Medical Foundations & Groups Home-Based Services Hospitals.
Security Controls – What Works

Security Controls – What Works
Component 16/Unit 5 Health IT Workforce Curriculum Version 1/Fall 2010 1 Professionalism/Customer Service in the Health Environment Unit 5 Regulatory Issues:

Component 16/Unit 5 Health IT Workforce Curriculum Version 1/Fall Professionalism/Customer Service in the Health Environment Unit 5 Regulatory Issues:
Tracey Moorhead President and CEO May 15, 2015 No Disclosures ©AAHCM.

Tracey Moorhead President and CEO May 15, 2015 No Disclosures ©AAHCM.
BIG DATA AND THE HEALTHCARE REVOLUTION FORD+SSPG 2014.

BIG DATA AND THE HEALTHCARE REVOLUTION FORD+SSPG 2014.
2002 Quality Report Presented to the Board of Trustees March 2003.

2002 Quality Report Presented to the Board of Trustees March 2003.
August 12, 20151 Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.

August 12, Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Similar presentations

Ads by Google