Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.

Slides:



Advertisements
Similar presentations
1.04 Patient Rights Legislation
Advertisements

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Privacy Rule Training
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Prentice Hall © PowerPoint Slides to accompany THE LEGAL ENVIRONMENT OF BUSINESS AND ONLINE COMMERCE 5E, by Henry R. Cheeseman Chapter 20 Employment.
MEDICARE: PAST, PRESENT AND FUTURE James G. Anderson, Ph.D. Department of Sociology & Anthropology.
MEDICARE: PAST, PRESENT AND F UTURE James G. Anderson, Ph.D. Department of Sociology & Anthropology.
Conflicts of Interest James G. Anderson, Ph.D. Department of Sociology & Anthropology.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)
© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.
The Use of Health Information Technology in Physician Practices
Capital Formation Montana Money School State Auditor John Morrison.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
Spotlight on the Federal Health Care Reform Law. 2. The Health Care and Education Affordability Reconciliation Act of 2010 was signed March 30, 2010.
Health Insurance Portability and Accountability Act (HIPAA)
CONFIDENTIALITY The promise of NOT to share personal information inappropriately. Grounded in an individual’s right of privacy.  “DO NO HARM” Slide 2.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Vendor Relations Policy. Why Is There A Policy? The Patient Protection and Affordable Care Act was signed into law March 23, The new law contains.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Chapter 2 Health Care Systems. Largest and fastest growing industry in the US Over 13 million workers Expenditures-4 billion dollar per day business and.
Medical Manager Unit 9 ICBS 170. Medical Manager Electronic Data Interchange (EDI)  Ability to request, receive, transfer and integrate information electronically.
HIPAA LAWS.  Under the privacy rule, the patient must give consent to use his or her Protected Health Information.  Examples in which consent must be.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Chapter 20 Employment Compensation and Worker Protection Law.
Government, Non- profit agencies, & Insurance Plans.
Healthcare Delivery System Foundation Standard Understand the healthcare delivery system (public, private, government and non-profit)
 Agreed upon fees paid for coverage of medical benefits for a defined benefit period. Premiums can be paid by employers, unions, employees, or shared.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Regulations 201: Thorny Issues What is Research? Exempt and Expedited Reviews.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Prepared by The Office of the Registrar Youngstown State University February, 2009.
The Protection of Personal Information Bill 13 February
Protecting Yourself from Fraud including Identity Theft Personal Finance.
© 2010 Pearson Education, Inc., publishing as Prentice-Hall 1 EMPLOYMENT, WORKER PROTECTION, AND IMMIGRATION LAWS © 2010 Pearson Education, Inc., publishing.
CONFIDENTIALITY. Three Confidentiality Laws 1.FERPA-Family Education Rights and Privacy Act (State Policy 4350: Procedures for the Collection, Maintenance.
THE UNITED STATES HEALTH CARE SYSTEM Combining Business, Health, and Delivery CHAPTER Copyright ©2012 by Pearson Education, Inc. All rights reserved. The.
Section 6.1 Government and Laws Chapter 6 legal and ethical issues Section 6.2 Social Responsibilities and Ethics.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Information Security and Privacy in HRIS
Chapter 2 Health Care Systems.
HIPAA Privacy Rule Training
1.04 Patient Rights Legislation
Us Healthcare System.
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
1.04 Patient Rights Legislation
Health Insurance.
1.04 Patient Rights Legislation
Government, Non-profit agencies, & Insurance Plans
Disability Services Agencies Briefing On HIPAA
Government, Non-profit agencies, & Insurance Plans
Lesson 1: Introduction to HIPAA
Tobey Clark, Director*, Burlington USA
1.04:PP4 Patient Rights Legislation
1.04 Patient Rights Legislation
Presentation transcript:

Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University

Growth of Health Care Information Technology The health care industry spends $15 billion annually. The industry is expected to grow 20% annually. There are 35 publicly traded companies with market capitalization of $25 billion.

Dilemma How can we provide data required by the health care industry and protect the privacy of patients?

Public Concerns about Privacy 24% of health care providers reported violations of patients’ privacy. 18% of the public felt that it was inappropriate to use patient data without consent. 75% of the public felt that it was inappropriate to use prescription data to detect fraud. 11% of the public reported not filing insurance claims to protect their privacy.

Threats from Authorized Users Errors Curiosity Financial reasons Personal reasons

Case - Errors A certified sex therapist operated a Web site to treat people for sexual dysfunction. In March 1999, the sexual and medical histories of 15 women and 75 men who had consulted the doctor were inadvertently posted on a public Web site.

Case - Curiosity The medical team caring for a local celebrity became concerned about the level of interest in their patient’s well-being. Staff members noted that a large number of hospital employees, some of whose names they didn’t recognize, had accessed the patient’s electronic medical record.

Case Financial Reasons The London Sunday Times reported that detailed medical records for any individual in the U.K. could be purchased for a fee of 150 pounds Private investigators advertised that with the name, address and date of birth of an individual they could provide a summary of anybody’s medical records within three hours.

Case Personal Reasons A banker who served on a state health commission had access to a computer registry of cancer patients in the state. He called in th4e loans that his bank had made to all of the patients whose names were included in the registry.

Secondary Uses of Health Information Employers Insurance companies Sale of information to third parties

Case Employers Mr F worked for Adolph Coors Co. The company sponsors a wellness center where employees can work out, visti a medical clinic and attend health promotion classes. To qualify for use of the center employees complete a health hazard appraisal form. In 1992 Mr. F died of a heart attack and his widow filed for survivor’s benefits and claimed her husband’s death was due to job-related causes. The company used information about Mr. F’s smoking to persuade an administrative judge to deny his widow benefits.

Case Insurance Companies Mr. D tried to increase his life insurance and was turned down by three insurance companies. He later learned that information that he had given to his physician in confidence had been included in thre MIB files that are used by insurance companies to determine eligibility of applicants.

Case Sale of Medical Information CVS Corporation and Giant Foods sold confidential prescription information, names, addresses and personal information to Elensys Inc. Elensys arranged for drug manufactures to pay pharmacies for the right to send educational material to customers who had specific medical conditions promoting their drugs.

Public Policy Issues Existing laws only cover data collected by federal agencies. These laws do not cover secondary users of health information. There is a lack of incentives for institutions to invest in security of health information.

The Health Insurance Portability and Accountability Act of Only covers health information transmitted electronically. Does not cover insurance companies, pharmacies and direct marketers of personal data. Permits use of health information with patient identifiers for health care operations.

The Health Insurance Portability and Accountability Act of May allow sale of patient data for secondary use. Privately funded research is exempt form the regulations. There is concern over the use of a unique patient identifier. There are differences in regulations between the E.U. and the U.S.

The Need for Public Policy EMR systems are critical to support integrated health care delivery systems EMRs are vulnerable to inappropriate use. A policy framework is needed to direct future development and private investment in IT. Absence of policies creates confusion about privacy rights Pending legislation contains conflicting proposals that will need to be resolved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.