Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security of Health Information Nancy Clark, M.Ed. FSU College of Medicine

Similar presentations


Presentation on theme: "1 Security of Health Information Nancy Clark, M.Ed. FSU College of Medicine"— Presentation transcript:

1 1 Security of Health Information Nancy Clark, M.Ed. FSU College of Medicine

2 2 Objectives 1.Demonstrate knowledge of issues surrounding the privacy and security of clinical data, including: 2.Health Insurance Portability and Accountability Act (HIPAA) 3.Patient confidentiality 4. with patients and colleagues 5.Role of technology

3 3 Issues HIPAA and privacy Threats to security and privacy Using good passwords Using virus software Hardware/software options Backing up your system with Patients

4 4 HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act of Insurance Reform: Carry health insurance to different plans 2. Administrative Simplification: Standards for electronically stored and transmitted data Improve efficiency of sharing health data Protecting privacy and confidentiality

5 5 Security, Privacy, Confidentiality Privacy – The Right Right of individual to have anonymity Right of individual to have anonymity Confidentiality – The Expectation Obligation of the user of an individual’s information to respect and uphold that individual’s privacy Obligation of the user of an individual’s information to respect and uphold that individual’s privacy Security – The Mechanism Policies, procedures, mechanisms, tools, technologies, and accountability methods to support Privacy Policies, procedures, mechanisms, tools, technologies, and accountability methods to support Privacy PHI - Protected Health Information Patient identifiable information protected (paper or electronic) Patient identifiable information protected (paper or electronic)

6 6 Illustration Husband's note on refrigerator to his wife: Someone from the Gyna College called- They said Pabst beer is normal. Someone from the Gyna College called- They said Pabst beer is normal.

7 7 Compliance Deadlines Compliance Deadlines HIPAA Regulation Compliance Date Privacy April 14, 2003 Transactions and Code Sets October 16, 2003 Unique Employer Identifier July 30, 2004 Security April 21, 2005

8 8 Significance of HIPAA What You Need to Know About HIPAA Now What You Need to Know About HIPAA Now “In my opinion, … the unmistakable legacy of HIPAA will be to encourage computerization of all personal health information, regardless of who creates, stores or transmits it. How else can providers meet HIPAA's exhaustive requirements … The alternative to computerizing patients' medical information will be to maintain massive paper logs kept under lock and key. “ David C. Kibbe, MD, MBA

9 9 Categories of Security Regulations Administrative procedures Contingency planning Contingency planning Information access controls Information access controls Staff training Staff training

10 10 Categories of Security Regulations Administrative Procedures Physical safeguards Medical records storage areas Medical records storage areas Printers, copiers, fax machines Printers, copiers, fax machines Workstations Workstations Server locations Server locations

11 11 Categories of Security Regulations Administrative Procedures Physical safeguards Technical security Passwords Passwords Authentication Authentication Digital signatures Digital signatures Firewalls Firewalls Virus protection, VPN, encryption… Virus protection, VPN, encryption…

12 12 Security – The Three “A”s Authentication You are who you say you are You are who you say you areAuthorization You can see and do what you are permitted by policy to see and do You can see and do what you are permitted by policy to see and doAccountability You are held responsible for what you see and do You are held responsible for what you see and do

13 13 Authentication Passwords – simplest form of authentication Can be very secure, but one breach can spread rapidly Can be too secure – if you forget your password

14 14 Selecting Good Passwords Using Good Passwords Using Good Passwords Suggestions for Selecting Good Passwords Suggestions for Selecting Good Passwords not guessable by any program easily remembered privateSecret Change them regularly

15 15 Biometric Authentication Biometric Authentication Identify who you are by a physical attribute Signature Facial Points Voice Print Typing Style

16 16 Biometric Authentication Fingerprint Optical, Digital Optical, Digital Hmmm… would someone in a hospital have access to a severed finger? Hmmm… would someone in a hospital have access to a severed finger?Iris Highly accurate Highly accurate Same issue as with a dead finger Same issue as with a dead finger Requires a camera Requires a camera

17 17 Authorization I’m a valid user or the system, and I’ve been authenticated. I want to see EVERYTHING on EVERYONE!!! The system can define who is authorized to see and do what

18 18 Authorization Models User Based I have certain authorization rights based on who I am as an individual I have certain authorization rights based on who I am as an individual Role Based I have authority based on my role e.g. doctor vs. nurse vs. lab technologist I have authority based on my role e.g. doctor vs. nurse vs. lab technologist Context Based Who you are + Where you are + What you are + When you are What you are Who you are + Where you are + What you are + When you are What you are

19 19 Accountability You are held responsible for what you see and do Difficult to develop systems-based ways of ensuring accountability An ethics problem

20 20 Accountability Security can help ensure accountability Audit Logging – “We know where you’ve been” Audit Logging – “We know where you’ve been” Password policies Password policies Alert capabilities Alert capabilities

21 21 Ethics and Morals One definition Morals – choice between right and wrong Morals – choice between right and wrong Ethics – choice between right and right Ethics – choice between right and right Example 1 Example 1 Famous person in hospital, and you’re curious about their lab results

22 22 Workplace Ethics Many people may have access to patient data Trust Knowledge of Rules - Training Awareness of Consequences

23 23 Technology Solutions Data Encryption Data Aging – remove data after a certain time Data Transmission Security – can’t move what isn’t authorized Local Authentication Includes time-out function Includes time-out function

24 24 Threats to Data Security and Privacy Viruses, worms, etc Hackers/snoopersCrashesTheft Power failure/surges Trauma/loss

25 25 Virus Protection NortonMcAfee Others - Computer Security Software Computer Security SoftwareComputer Security SoftwareUpdating

26 26 Unauthorized Access Protection Firewalls Home PC Firewall Guide Home PC Firewall Guide Secure Network Devices Secure Modems Secure Modems Encryption devices Encryption devices Virtual Private Networks (VPN) Virtual Private Networks (VPN) Introduction to Network Security Introduction to Network Security

27 27 Hardware Solutions UPS –uninterruptible power supply Surge protector – power/modem APC APC APC Tape backup Tape backup RAID/mirrored system Protective cases (laptops and PDAs) Compucage

28 28 Backing Up Your Data What: files files word processor files word processor files databases databases web bookmarks web bookmarks files you directly create files you directly createWhere: Zip/Jaz disk CD-R or RW Compact Flash (PDA) DVD Tape Remote sites Backing up your data Backing up your data

29 29

30 30 Smart ing with Patients Smart ing with Patients Tips to avoid legal problems Get informed consent Include instructions when and how e- mail should escalate to phone call or office visit. Use password-protected screen savers. Never forward patient-identifiable information to 3 rd party Never use patient's address in marketing scheme.

31 31 Tips to avoid legal problems Don't share accounts with family members. Use encryption when available and practical. Double-check "to" fields before sending. Commit policy decisions to writing and electronic form. Save communication; electronically or on paper.

32 32 Wrap Up Keep HIPAA on radar screen Observe how clerkship faculty practices are dealing with security Read policies Ask questions Follow as unfolds


Download ppt "1 Security of Health Information Nancy Clark, M.Ed. FSU College of Medicine"

Similar presentations


Ads by Google