Health Care: Privacy in a Digital Age

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA
Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Health Insurance Portability and Accountability Act (HIPAA)
The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Confidentiality and Drug Courts Carson Fox Esq. Steve Hanson M.S. Ed.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Working with HIT Systems
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Aged and Disabled Waiver (ADW) Health Insurance Portability and Accountability Act (HIPAA) Training 2015 October 2015.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Privacy Rule Training
FERPA AND HIPAA COMPLIANCE AS COMMUNITY PARTNERS
10 Patient Confidentiality and HIPAA
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Employee Privacy and Privacy of Employee Information
CompTIA Security+ Study Guide (SY0-401)
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Enforcement and Policy Challenges in Health Information Privacy
The Health Insurance Portability and Accountability Act
Presentation transcript:

Health Care: Privacy in a Digital Age Concordia School of Management October 18, 2001 Chris Apgar, Data Security & HIPAA Compliance Officer Providence Health Plans

Presentation Overview Electronic Records & You Risks & Valid Concerns Legal Protections Providence Health Plan - Case Study Tips for Protecting Privacy Resources Q&A October 18, 2001 Presenter - Chris Apgar

Electronic Records & You Health care information users Providers (I.e., doctors, chiropractors, EAP, etc.) Health insurance companies Government & government contractors Third parties (I.e., billing services, medical management, etc.) How much control do you really have? Marketing, research and other “hidden” uses October 18, 2001 Presenter - Chris Apgar

Electronic Records & You Moving information around E-mail FTP (file transfer protocol) Other forms of magnetic media US Postal Service and other carriers Secure web sites & other forms of secure messaging Storage and internal organization information transfer October 18, 2001 Presenter - Chris Apgar

Presenter - Chris Apgar Risks & Valid Concerns Unprotected Internet Web browsing & cookies - tracking your travel Authentication or who can look at my record Networks, firewalls and the lack thereof Inappropriate information use for marketing and other sales activities Government, courts and data sharing October 18, 2001 Presenter - Chris Apgar

Presenter - Chris Apgar Risks & Valid Concerns Hackers and other illegal activity Internal mischief or the disgruntled employee Carelessness or “my record on the counter” Lack of physical security (“it’s not locked up”) Lack of defined policies, confidentiality practices, etc. October 18, 2001 Presenter - Chris Apgar

Presenter - Chris Apgar Legal Protections Oregon statute & rule Health Information Portability & Accountability Act of 1996 (HIPAA) Gram-Leach-Bliley Act Children’s On-line Privacy Protection Rule Other federal statute & rule Litigation October 18, 2001 Presenter - Chris Apgar

Legal Protections: HIPAA Example Privacy Release of information Consent form for treatment billing & healthcare operations Only providers required to obtain consent Consent revocation & what it means Authorization for all other activities (I.e., some research activities, release to attorney, etc.) October 18, 2001 Presenter - Chris Apgar

Legal Protections: HIPAA Example Privacy Vendor & “business associate agreements” Business associates definition (versus “covered entities” governed by HIPAA) Business associate in practice covered by HIPAA Administrative Simplification privacy requirements Required to assess compliance requirements and document Statutory & rule limitations October 18, 2001 Presenter - Chris Apgar

Legal Protections: HIPAA Example Privacy Access tracking & “need to know” Does not apply to treatment, billing & healthcare operations Yours for the asking “Minimum necessary” standard Applies to internal & external data access Access defined by role or permissions to use data Appropriate access controls & documentation required October 18, 2001 Presenter - Chris Apgar

Legal Protections: HIPAA Example Privacy Member/patient record access & amendment Who “owns” your medical records? Business associates do not “own” records Covered entities required to act on requests to amend records but not required to make amendments Forms of data or media covered (electronic, paper, etc.) October 18, 2001 Presenter - Chris Apgar

Legal Protections: HIPAA Example Data Security Risk Assessment Policy & procedure development Training & awareness Contingency Plan Information access control (“need to know”) Audit & certification Documentation Record access (release management & file access) Personnel security & authentication Chain of Trust/Business Associate Agreement Security & privacy management Security incident response Physical security October 18, 2001 Presenter - Chris Apgar

Providence Health Plan - Case Study Security & privacy officers appointed Data security & privacy standards developed & implemented Staff training & policies developed & communicated Use of firewalls and other tools to protect information October 18, 2001 Presenter - Chris Apgar

Providence Health Plan - Case Study On-going network & other access point monitoring Enforcement of secure transfer of information to authorized staff and external partners All accessing confidential information legally bound to enforce privacy & security Internal & external audit of policies, training plan & processes October 18, 2001 Presenter - Chris Apgar

Providence Health Plan - Case Study Collaboration with Providence Health System On-going work with external partners (providers, plans, government, etc.) Participation in local and national security/ privacy forums Privacy & confidentiality - Providence strategic objective October 18, 2001 Presenter - Chris Apgar

Tips for Protecting Privacy Talk to your provider and insurance carrier - what is their privacy policy, how do they protect your confidential health information, etc.) Check out web sites (I.e., security, privacy policies, etc.) Cookies and what to do with them October 18, 2001 Presenter - Chris Apgar

Tips for Protecting Privacy Avoid sharing health information over unsecured web sites Report on-line privacy violations as appropriate Avoid unsecured e-mail (even with your provider) Periodically request copies of your health record from provider and insurance carrier October 18, 2001 Presenter - Chris Apgar

Tips for Protecting Privacy Carefully read consent & authorization forms (I.e., information release, purpose of confidential data use, etc.) Question if in doubt and avoid signing when transmission of your health information not clearly defined Know your rights and exercise them October 18, 2001 Presenter - Chris Apgar

Presenter - Chris Apgar Resources Federal Trade Commission: http://www.ftc.gov HIPAA Web Site: http://aspe.hhs.gov/admnsimp National Institute of Health (regulatory information): http://list.nih.gov “Defend Your Medical Data” (ACLU): http://www.aclu.org/action/medregs/readstories.html October 18, 2001 Presenter - Chris Apgar

Presenter - Chris Apgar Resources Health Privacy Project: http://www.healthprivacy.org Department of Health & Human Services Office of Civil Rights: http://www.os.dhhs.gov/ocr/hipaa American Medical Association “Domain of Privacy”: http://www.ama-assn.org/ama/pub/category/3653.html October 18, 2001 Presenter - Chris Apgar

Presenter - Chris Apgar Resources American Psychology Association on Privacy: http://helping.apa.org/dotcomsense Providence (see privacy statement): http://www.providence.org Google (search engine; advanced search on “privacy health): http://www.google.com October 18, 2001 Presenter - Chris Apgar

Question & Answer Chris Apgar, Data Security & HIPAA Compliance Officer Providence Health Plan 3601 SW Murray Blvd., Suite 10 Beaverton, OR 97005 (503) 574-7927 (voice) (503) 574-8655 (fax) apgarc@providence.org October 18, 2001 Presenter - Chris Apgar

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.