Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding HIPAA Dr. Jennifer Lu.

Published byShannon McLaughlin Modified over 5 years ago

Similar presentations

Presentation on theme: "Understanding HIPAA Dr. Jennifer Lu."— Presentation transcript:

1 Understanding HIPAA Dr. Jennifer Lu

2 Introduction HIPAA = Heath Insurance Portability and Accountability Act

3 Historical Framework Increasing automation in healthcare has created increasing awareness about the security of protected health information 1997: National Research Council reports widespread weaknesses in healthcare security (user authentication, access controls, audit trails, external communications, physical security and disaster recovery)

4 Historical Framework 1990’s: Public begins to have serious concerns about the privacy and security of health information. This is due to breaches such as Press disclosures of individuals’ HIV status Disclosure of patient information for financial gain Misdirected patient s

5 Violation Examples A Michigan based health system accidentally posted the medical records of ten thousand patients on the internet An employee of the Tampa health department took the names of 4,000 people who were HIV and tried to blackmail individuals. A patient in a Boston hospital discovered her medical information had been viewed by more than 200 hospital employees. A banker who sat on a county heath board gained access to patient’s records with cancer and called in their mortages.

6 Violation Examples A candidate for congress nearly saw her campaign derailed when newspapers published her medical records showing she had sought psychiatric help. A physician diagnosed with AIDS in the hospital he worked in. His surgical privileges were suspended. Johnson and Johnson marketed the names and addresses of elderly incontinent women to drug compaanies

7 So how did we change things?

8 Historical Framework 2003 HIPAA is passed and includes a mandate for assurance of the security and integrity of health information 1998: Privacy concerns cause an investigation by government 2003: Security Rule is finalized and published in the Federal Register on February 20, 2003

9 HIPAA Security Rule Applicability:
Protected Health Information ( PHI) applies to all individually identifiable health information that is in electronic form (stored or transmitted) All healthcare entities, health plans and clearinghouses which store health information or transmit it to others must comply

10 HIPAA Security Rule Security Threats Internal
More likely to occur than external threats Careless staff unaware of security issues Malicious insiders

11 HIPAA Security Rule General Rule
Information Security must be followed– no single policy or tool can effectively assure overall security and cultural and organizational issues must also be addressed. Federal standard is set to a minimum or floor level and organizations may choose to exceed these standards

12 HIPAA Security Rule In order to address these principles, HIPAA security makes specific recommendations in 3 areas: Business Associate (Business Rules) Physical Safeguards (Ability to use a machine) Technical Safeguards (Ability to access data)

13 HIPAA: Administrative Safeguards
These are ,mandatory formal practices that are designed to manage the integrity and execution of security measures Intended to disclose health information only to the appropriate parties and protect this information from all others

14 HIPAA: Administrative Safeguards
Security Awareness and Training In order for an organization to work securely, the employees must be educated about security practices Identifying threats Monitoring LOGIN failures Review of policies Virus Protection

15 HIPAA: Administrative Safeguards
Security Incident Procedures Organizations are required to formalize their procedures for dealing with security breaches Employees should be instructed on how to report security compromises Roles and responsibilities during an incident should be published

16 HIPAA: Administrative Safeguards
Evaluation Evaluate compliance of existing security practices Identify deficiencies Correct deficiencies This is a continuous process

17 HIPAA: Physical Safeguards
Workstation Security Have policies that govern workstation placement to avoid violations Orient workstations to prevent potential viewing by unauthorized individuals Installation of shields to protect screen contents Use of monitoring and video surveillance as necessary

18 HIPAA: Technical Safeguards
Physical restrictions that enable the need for timely access with risk for breach of confidentiality Ensure the security of transmitted information over open networks

19 HIPAA: Technical Safeguards
Access Control A documented procedure for granting authorized access to data Provision for care The optional use of and decryption Provision for an _logoff after idling for a period of time

20 HIPAA: Technical Safeguards
Person or Entity Authentication Organizations must take steps to protect against unauthorized access by an entity attempting to access data Many solutions exist for this ( encrypted passwords, PIN numbers, tokens and telephone callback procedures)

21 Here are some common ways that staff members can protect patient privacy
Always ensure privacy when discussing patients protected health information. Move away from any open doorway when talking about a specific patient‘s care. Avoid discussions about patients in elevators and cafeteria lines. Do not leave messages on answering machines regarding patients medical information Avoid patients using telephones to receive results. Encourage portal use

22 Questions

Download ppt "Understanding HIPAA Dr. Jennifer Lu."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1.

Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.

Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Similar presentations

Ads by Google