1 / 16

Working with Health IT Systems

Working with Health IT Systems. Protecting Privacy, Security, and Confidentiality in HIT Systems. Lecture a.

sschumacher
Download Presentation

Working with Health IT Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC00013.

  2. Protecting Privacy, Security, and Confidentiality in HIT Systems Learning Objectives—Lecture a • Explain and illustrate privacy, security, and confidentiality in HIT settings. • Identify common threats encountered when using HIT. • Formulate strategies to minimize threats to privacy, security, and confidentiality in HIT systems. Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  3. Electronic Health Information Risks and Opportunities • Access to electronic vs. paper records • Public apprehension around digitization of health information • Success of HIT systems depends on ensuring patient privacy • Security can facilitate patient-centered care Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  4. Privacy, Confidentiality, Security Defined • Privacy: patient is in control • Confidentiality: only authorized individuals are allowed access • Security: controls/safeguards that ensure confidentiality Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  5. Security Management System Standards • International Organization for Standardization (ISO) 27001 • National Institute of Standards (NIST) 800-53 • Health Insurance Portability and Accountability Act (HIPAA) Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  6. Health Insurance Portability and Accountability Act (HIPAA) and Protected Health Information (PHI) • Health Insurance Portability and Accountability Act of 1996 • Privacy Rule (effective 2003) • Security Rule (effective 2005) • HITECH Act of 2009 • Civil and criminal penalties Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  7. Patients Rights Under HIPAA Under HIPAA , patients health information rights include: • Right to access their health information • Right to an accounting of disclosures of their health information • Right to correct or amend their health information • Right to notice of privacy practices • Right to file a complaint Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  8. Types of Security Safeguards • Administrative Safeguards • Physical Safeguards • Technical Safeguards Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  9. Administrative Safeguards • Security Management Process • Risk Analysis • Risk Management • Sanction Policy • System Activity Review Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  10. Administrative Safeguards • Assigned Security Responsibility • Security officer Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  11. Administrative Safeguards • Workforce Security, Information Access Management • Who can and who cannot have access • Who determines who can have access and how • Employee turnover • Contractors • User roles Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  12. Administrative Safeguards • Security Awareness and Training • Training • Security reminders • Log-in monitoring • Password management Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  13. Administrative Safeguards • Security Incident Procedures • Contingency Plan • Data backup • Disaster recovery • Emergency operation plan Courtesy of the US Centers for Disease Control and Prevention Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  14. Administrative Safeguards • Evaluation • Business Associate Agreements Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  15. Protecting Privacy, Security, and Confidentiality in HIT Systems Summary—Lecture a • Privacy, security, and confidentiality in HIT settings • Common threats encountered when using HIT • Strategies to minimize threats to privacy,security, and confidentiality in HIT systems Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

  16. Protecting Privacy, Security, and Confidentiality in HIT Systems References—Lecture a References • The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. c2008. Available from:http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10731_848088_0_0_18/NationwidePS_Framework-5.pdf Images Slide 5: Cover Sheet from an National Institute of Standards and Technology (NIST) Information Security Document. Courtesy National Institute of Standards (NIST). Slide 9: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. 2008. Available from: http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10731_848088_0_0_18/NationwidePS_Framework-5.pdf Slide 10: Security Operations in Action. Courtesy Centers for Disease Control. Slide 11: A New ISIS Video Camera. Courtesy Department of Homeland Security. Available from: http://www.dhs.gov/files/programs/gc_1273160563362.shtmI Slide 12: A Regularly Scheduled Security Awareness Training Session. Image courtesy CDC. Slide 13: “Symposium on Diversity, Leadership Development and Succession Planning” at the CDC. Courtesy CDC. Slide 14: Doctor Looking Through Medical Records. Courtesy HHS. Slide 15: Centers for Disease Control’s Activity Lead for the Division of Specialized Media, Pete Seidel. Courtesy CDC. Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems—Lecture a

More Related