Understanding HIPAA Dr. Jennifer Lu.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Privacy and Information Security Training ( ) VUMC Privacy Website

David Assee BBA, MCSE Florida International University

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.

NAU HIPAA Awareness Training

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

Privacy, Security, Confidentiality, and Legal Issues

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Eliza de Guzman HTM 520 Health Information Exchange.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Working with HIT Systems

Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.

Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.

Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.

The Health Insurance Portability and Accountability Act

HIPAA Privacy Rule Training

Health Insurance Portability and Accountability Act of 1996

iSecurity Compliance with HIPAA

East Carolina University

HIPAA Privacy & Security

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA Basic Training for Privacy and Information Security

Paul T. Smith Davis Wright Tremaine LLP

Disability Services Agencies Briefing On HIPAA

Final HIPAA Security Rule

County HIPAA Review All Rights Reserved 2002.

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

HIPAA Security Standards Final Rule

Drew Hunt Network Security Analyst Valley Medical Center

HIPAA Privacy & Security

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Introduction to the PACS Security

Presentation transcript:

Understanding HIPAA Dr. Jennifer Lu

Introduction HIPAA = Heath Insurance Portability and Accountability Act

Historical Framework Increasing automation in healthcare has created increasing awareness about the security of protected health information 1997: National Research Council reports widespread weaknesses in healthcare security (user authentication, access controls, audit trails, external communications, physical security and disaster recovery)

Historical Framework 1990’s: Public begins to have serious concerns about the privacy and security of health information. This is due to breaches such as Press disclosures of individuals’ HIV status Disclosure of patient information for financial gain Misdirected patient emails

Violation Examples A Michigan based health system accidentally posted the medical records of ten thousand patients on the internet An employee of the Tampa health department took the names of 4,000 people who were HIV and tried to blackmail individuals. A patient in a Boston hospital discovered her medical information had been viewed by more than 200 hospital employees. A banker who sat on a county heath board gained access to patient’s records with cancer and called in their mortages.

Violation Examples A candidate for congress nearly saw her campaign derailed when newspapers published her medical records showing she had sought psychiatric help. A physician diagnosed with AIDS in the hospital he worked in. His surgical privileges were suspended. Johnson and Johnson marketed the names and addresses of elderly incontinent women to drug compaanies

So how did we change things?

Historical Framework 2003 HIPAA is passed and includes a mandate for assurance of the security and integrity of health information 1998: Privacy concerns cause an investigation by government 2003: Security Rule is finalized and published in the Federal Register on February 20, 2003

HIPAA Security Rule Applicability: Protected Health Information ( PHI) applies to all individually identifiable health information that is in electronic form (stored or transmitted) All healthcare entities, health plans and clearinghouses which store health information or transmit it to others must comply

HIPAA Security Rule Security Threats Internal More likely to occur than external threats Careless staff unaware of security issues Malicious insiders

HIPAA Security Rule General Rule Information Security must be followed– no single policy or tool can effectively assure overall security and cultural and organizational issues must also be addressed. Federal standard is set to a minimum or floor level and organizations may choose to exceed these standards

HIPAA Security Rule In order to address these principles, HIPAA security makes specific recommendations in 3 areas: Business Associate (Business Rules) Physical Safeguards (Ability to use a machine) Technical Safeguards (Ability to access data)

HIPAA: Administrative Safeguards These are ,mandatory formal practices that are designed to manage the integrity and execution of security measures Intended to disclose health information only to the appropriate parties and protect this information from all others

HIPAA: Administrative Safeguards Security Awareness and Training In order for an organization to work securely, the employees must be educated about security practices Identifying threats Monitoring LOGIN failures Review of policies Virus Protection

HIPAA: Administrative Safeguards Security Incident Procedures Organizations are required to formalize their procedures for dealing with security breaches Employees should be instructed on how to report security compromises Roles and responsibilities during an incident should be published

HIPAA: Administrative Safeguards Evaluation Evaluate compliance of existing security practices Identify deficiencies Correct deficiencies This is a continuous process

HIPAA: Physical Safeguards Workstation Security Have policies that govern workstation placement to avoid violations Orient workstations to prevent potential viewing by unauthorized individuals Installation of shields to protect screen contents Use of monitoring and video surveillance as necessary

HIPAA: Technical Safeguards Physical restrictions that enable the need for timely access with risk for breach of confidentiality Ensure the security of transmitted information over open networks

HIPAA: Technical Safeguards Access Control A documented procedure for granting authorized access to data Provision for care The optional use of and decryption Provision for an _logoff after idling for a period of time

HIPAA: Technical Safeguards Person or Entity Authentication Organizations must take steps to protect against unauthorized access by an entity attempting to access data Many solutions exist for this ( encrypted passwords, PIN numbers, tokens and telephone callback procedures)

Here are some common ways that staff members can protect patient privacy Always ensure privacy when discussing patients protected health information. Move away from any open doorway when talking about a specific patient‘s care. Avoid discussions about patients in elevators and cafeteria lines. Do not leave messages on answering machines regarding patients medical information Avoid patients using telephones to receive results. Encourage portal use

Questions