Presentation is loading. Please wait.

Presentation is loading. Please wait.

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.

Published byAshlie Grant Modified over 9 years ago

Similar presentations

Presentation on theme: "Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by."— Presentation transcript:

1 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC00013.

2 Protecting Privacy, Security, and Confidentiality in HIT Systems Learning Objectives ─ Lecture a Explain and illustrate privacy, security, and confidentiality in HIT settings. Identify common threats encountered when using HIT. Formulate strategies to minimize threats to privacy, security, and confidentiality in HIT systems. 2 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

3 Physical Safeguards Facility Access Controls 3 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

4 Physical Safeguards Examples Workstation Use Workstation Security Device and Media Controls (e.g., media disposal, access to backup and storage media) 4 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

5 Physical Safeguards Examples Device and Media Controls –media disposal –access to backup and storage media 5 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

6 Technical Safeguards Examples Access Control –Unique user identification –Emergency access –Automatic logoff –Encryption/decryption 6 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

7 Technical Safeguards Examples Audit Controls Integrity 7 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

8 Technical Safeguards Examples Person or Entity Authentication –Password/passphrase/PIN –Smart card/token/key –Biometrics –Two factor authentication 8 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

9 Technical Safeguards Examples Transmission Security –Integrity controls –Encryption 9 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

10 Risk Analysis and Management Analysis –Gather data on potential threats and vulnerabilities –Assess current security measures –Determine likelihood, impact and level of risk –Identify needed security measures Management –Develop a plan for implementation –Evaluate and maintain security measures 10 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

11 Meaningful Use Criteria for meaningful use of EHRs related to privacy, security, and confidentiality meant to align with HIPAA Emphasizes need to conduct a risk analysis Some specific requirements for EHR vendors 11 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

12 Protecting Privacy, Security, and Confidentiality in HIT Systems Summary—Lecture b Privacy, security, and confidentiality in HIT settings Common threats encountered when using HIT Strategies to minimize threats to privacy, security, and confidentiality in HIT systems 12 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

13 Protecting Privacy, Security, and Confidentiality in HIT Systems References—Lecture b References American Health Information Management Association. Available from: http://www.ahima.orghttp://www.ahima.org Ensuring Security of High-Risk Information in EHRs c2008. Available from: http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_039956.hcsp?dDocName=bok1_039956 http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_039956.hcsp?dDocName=bok1_039956 HIPAA Security Series: Security 101 for Covered Entities.c2004 Available from: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/security101.pdf http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/security101.pdf Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. c2008. Available from: http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10731_848088_0_0_18/NationwidePS_Framework- 5.pdf http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10731_848088_0_0_18/NationwidePS_Framework- 5.pdf Scribd. Mobility Infrastructure Solution Design Guide. c2008. Available from: http://www.scribd.com/doc/24975115/Procurve-Wifi-Network-Design-Guide http://www.scribd.com/doc/24975115/Procurve-Wifi-Network-Design-Guide U.S. Department of Health and Human Services. Available from: http://www.hhs.govhttp://www.hhs.gov 13 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b

14 Protecting Privacy, Security, and Confidentiality in HIT Systems References—Lecture b 14 Health IT Workforce Curriculum Version 3.0/Spring 2012 Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems─Lecture b Images Slide 3: HIPPA Security Bulletins. Courtesy HIPPA. Available from: http://www.hhs.gov/ocr/privacyhttp://www.hhs.gov/ocr/privacy Slide 5: Logo of the Federal Trade Commission. Courtesy Federal Trade Commission. Slide 6: Cloud Computing will Challenge Security Policies. Courtesy U.S. Dept. of Commerce Slide 7: The Field of Security Has to Adapt. Courtesy National Institutes of Health (NIH) Slide 8: A Sophisticated Users’ Station. Courtesy National Science Foundation (NSF) Available from: http://www.nsf.gov/od/lpa/news/press/00/stim5.htm http://www.nsf.gov/od/lpa/news/press/00/stim5.htm Slide 9: Transmission Security Controls Prevent Unauthorized Access to ePHI. Available from: http://blog.tsa.gov/2008/08/encryption-is-issue-in-case-of-missing.html.http://blog.tsa.gov/2008/08/encryption-is-issue-in-case-of-missing.html

Download ppt "Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
Working with Health IT Systems HIT System Planning, Acquisition, Installation, & Training: Practices to Support & Pitfalls to Avoid Lecture b This material.

Working with Health IT Systems HIT System Planning, Acquisition, Installation, & Training: Practices to Support & Pitfalls to Avoid Lecture b This material.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Working with Health IT Systems Health IT in the Future Lecture a This material (Comp7_Unit11a) was developed by Johns Hopkins University, funded by the.

Working with Health IT Systems Health IT in the Future Lecture a This material (Comp7_Unit11a) was developed by Johns Hopkins University, funded by the.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Introduction to Project Management Managing Project Time, Cost, and Procurements Lecture a This material (Comp19_Unit6a) was developed by Johns Hopkins.

Introduction to Project Management Managing Project Time, Cost, and Procurements Lecture a This material (Comp19_Unit6a) was developed by Johns Hopkins.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Similar presentations

Ads by Google