The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
1 HIPAA Security Final Rule Overview April 9, 2003Karen Trudel.
HIPAA Security NWOAHU Presented by Barb Gerken 11/12/2013.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA and the GLB Connections Between Congress and Information Assurance.
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.
Compliance: A Traditional Risk-Based Audit Approach GR-ISSA Lloyd Guyot, MCS GSEC Sarbanes-Oxley USA PATRIOT Act Gramm-Leach-Bliley … more November, 2005.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Information Security Technological Security Implementation and Privacy Protection.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Design of Health Technologies lecture 22 John Canny 11/28/05.
Unit 6a System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.
1 HIPAA Administrative Simplification Standards Yesterday, Today, and Tomorrow Stanley Nachimson CMS Office of HIPAA Standards.
Working with HIT Systems
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
1 Security Planning (From a CISO’s perspective) by Todd Plesco 24OCT2007
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
HIPAA Security Final Rule Overview
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA Security Best Practices Clint Davies Principal BerryDunn
Public Health IT Privacy, Confidentiality and Security of Public Health Information This material (Comp13_Unit2) was developed Columbia University, funded.
Installation and Maintenance of Health IT Systems System Security Procedures and Standards Lecture a This material Comp8_Unit6a was developed by Duke University,
© 2016 Health Information Management Technology: An Applied Approach Chapter 10 Data Security.
The Health Insurance Portability and Accountability Act 
iSecurity Compliance with HIPAA
No audio. Recording preparation.
Health Insurance Portability and Accountability Act
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
Health Insurance Portability and Accountability Act
County HIPAA Review All Rights Reserved 2002.
Thursday, June 5 10: :45 AM Session 1.01 Tom Walsh, CISSP
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC

Privacy, Confidentiality, and Security Learning Objectives Define and discern the differences between privacy, confidentiality, and security (Lecture a) Discuss the major methods for protecting privacy and confidentiality, including through the use of information technology (Lecture b) Describe and apply privacy, confidentiality, and security under the tenets of HIPAA Privacy Rule (Lecture c) Describe and apply privacy, confidentiality, and security under the tenets of the HIPAA Security Rule (Lecture d) 2 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

HIPAA Security Rule Readable overview in Security 101 for Covered Entities (CMS, 2007) Aligned with terminology of Privacy Rule Aims to minimize specificity to allow scalability, flexibility, and changes in technology For covered entities and business associates, rules are either –Required – must be implemented –Addressable – if reasonable and appropriate to implement As with HIPAA Privacy Rule, some modifications under HITECH 3 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

General Provisions Covered entities (and now, business associates) must –Ensure confidentiality, integrity, and availability of electronic PHI that they create, receive, transmit, and maintain –Protect against reasonably anticipated threats and hazards to such information –Protect against reasonably anticipated uses or disclosures not permitted or required by Privacy Rule –Ensure compliance by work force HHS provides guidance on conducting risk assessments and helps determine whether something that is addressable should be addressed by the provider (2010) 4 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Required Safeguards Grouped into three categories –Administrative – policies and procedures designed to prevent, detect, contain, and correct security violations –Physical – protecting facilities, equipment, and media –Technical – implementing technological policies and procedures Following slides from Security Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Administrative Safeguards Security management process –Risk analysis (R) –Risk management (R) –Sanction policy (R) –Information system activity review (R) Assigned security responsibility (R) Workforce security –Authorization and/or supervision (A) –Workforce clearance procedure (A) –Termination procedures (A) Information access management –Isolating healthcare clearinghouse functions (R) –Access authorization (A) –Access establishment and modification (A) (R=required, A=addressable) 6 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Administrative Safeguards (continued) Security awareness and training –Security reminders (A) –Protection from malicious software (A) –Log-in monitoring (A) –Password management (A) Security incident procedures – response and reporting (R) Contingency plan –Data back-up plan (R) –Disaster recovery plan (R) –Emergency mode operation plan (R) –Testing and revision procedures (A) –Application and data criticality analysis (A) Evaluation (R) Business association contracts and other arrangements (R) 7 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Physical Safeguards Facility access controls –Contingency operations (A) –Facility security plan (A) –Access control and validation procedures (A) –Maintenance records (A) Workstation use (R) Workstation security (R) Device and media controls –Disposal (R) –Media re-use (R) –Accountability (A) –Data backup and storage (A) 8 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Technical Safeguards Access control –Unique user identification (R) –Emergency access procedure (R) –Automatic logoff (A) –Encryption and decryption (A) Audit controls (R) Integrity – mechanism to authenticate electronic PHI (A) Person or entity authentication (R) Transmission security –Integrity controls (A) –Encryption (A) 9 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Other Regulations Business associates are required to –Implement safeguards to protect covered entity’s PHI –Ensure its agents and subcontractors meet same standards –Report to covered entity any security incident Documentation of covered entity must –Be maintained for six years –Available to those responsible for implementing –Reviewed and updated periodically HITECH meaningful use criteria specify use of various encryption standards, e.g., AES, TLS, IPsec, SHA-2 10 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

In The End… Ongoing breaches of data are worsening, but –Complete security of all health information is impossible –Security is a trade-off with ease of use; a happy medium must be found –Will concerns be tempered when society sees more benefits of HIT? –Would other societal changes lessen the impact of this problem (e.g., changes in legal system, healthcare financing, etc.)? 11 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Privacy, Confidentiality, and Security Summary – Lecture d HIPAA Security Rule aims to be actionable but flexible Rules are either required or addressable Rules fall into three categories of administrative, physical, and technical 12 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Privacy, Confidentiality, and Security Summary Privacy is the right to keep information to one’s self Confidentiality is the right to keep information about one’s self from being disclosed to others Security in this context is the protection of sensitive health information There are many technologies to maintain security, but human vigilance is also required The HIPAA Privacy and Security Rules spell out the requirements for the United States 13 Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Privacy, Confidentiality, and Security References – Lecture d References Anonymous. (2007). Security 101 for Covered Entities. Baltimore, MD: Centers for Medicare and Medicaid Services. Retrieved Jan 2012 from Anonymous. (2010). Guidance on Risk Analysis Requirements under the HIPAA Security Rule. Washington, DC: Department of Health and Human Services. Retrieved Jan 2012 from Health IT Workforce Curriculum Version 3.0/Spring 2012 The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.