Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health Care: Privacy in a Digital Age

Published byMyrtle Kelly Modified over 5 years ago

Similar presentations

Presentation on theme: "Health Care: Privacy in a Digital Age"— Presentation transcript:

1 Health Care: Privacy in a Digital Age
Concordia School of Management October 18, 2001 Chris Apgar, Data Security & HIPAA Compliance Officer Providence Health Plans

2 Presentation Overview
Electronic Records & You Risks & Valid Concerns Legal Protections Providence Health Plan - Case Study Tips for Protecting Privacy Resources Q&A October 18, 2001 Presenter - Chris Apgar

3 Electronic Records & You
Health care information users Providers (I.e., doctors, chiropractors, EAP, etc.) Health insurance companies Government & government contractors Third parties (I.e., billing services, medical management, etc.) How much control do you really have? Marketing, research and other “hidden” uses October 18, 2001 Presenter - Chris Apgar

4 Electronic Records & You
Moving information around FTP (file transfer protocol) Other forms of magnetic media US Postal Service and other carriers Secure web sites & other forms of secure messaging Storage and internal organization information transfer October 18, 2001 Presenter - Chris Apgar

5 Presenter - Chris Apgar
Risks & Valid Concerns Unprotected Internet Web browsing & cookies - tracking your travel Authentication or who can look at my record Networks, firewalls and the lack thereof Inappropriate information use for marketing and other sales activities Government, courts and data sharing October 18, 2001 Presenter - Chris Apgar

6 Presenter - Chris Apgar
Risks & Valid Concerns Hackers and other illegal activity Internal mischief or the disgruntled employee Carelessness or “my record on the counter” Lack of physical security (“it’s not locked up”) Lack of defined policies, confidentiality practices, etc. October 18, 2001 Presenter - Chris Apgar

7 Presenter - Chris Apgar
Legal Protections Oregon statute & rule Health Information Portability & Accountability Act of 1996 (HIPAA) Gram-Leach-Bliley Act Children’s On-line Privacy Protection Rule Other federal statute & rule Litigation October 18, 2001 Presenter - Chris Apgar

8 Legal Protections: HIPAA Example
Privacy Release of information Consent form for treatment billing & healthcare operations Only providers required to obtain consent Consent revocation & what it means Authorization for all other activities (I.e., some research activities, release to attorney, etc.) October 18, 2001 Presenter - Chris Apgar

9 Legal Protections: HIPAA Example
Privacy Vendor & “business associate agreements” Business associates definition (versus “covered entities” governed by HIPAA) Business associate in practice covered by HIPAA Administrative Simplification privacy requirements Required to assess compliance requirements and document Statutory & rule limitations October 18, 2001 Presenter - Chris Apgar

10 Legal Protections: HIPAA Example
Privacy Access tracking & “need to know” Does not apply to treatment, billing & healthcare operations Yours for the asking “Minimum necessary” standard Applies to internal & external data access Access defined by role or permissions to use data Appropriate access controls & documentation required October 18, 2001 Presenter - Chris Apgar

11 Legal Protections: HIPAA Example
Privacy Member/patient record access & amendment Who “owns” your medical records? Business associates do not “own” records Covered entities required to act on requests to amend records but not required to make amendments Forms of data or media covered (electronic, paper, etc.) October 18, 2001 Presenter - Chris Apgar

12 Legal Protections: HIPAA Example
Data Security Risk Assessment Policy & procedure development Training & awareness Contingency Plan Information access control (“need to know”) Audit & certification Documentation Record access (release management & file access) Personnel security & authentication Chain of Trust/Business Associate Agreement Security & privacy management Security incident response Physical security October 18, 2001 Presenter - Chris Apgar

13 Providence Health Plan - Case Study
Security & privacy officers appointed Data security & privacy standards developed & implemented Staff training & policies developed & communicated Use of firewalls and other tools to protect information October 18, 2001 Presenter - Chris Apgar

14 Providence Health Plan - Case Study
On-going network & other access point monitoring Enforcement of secure transfer of information to authorized staff and external partners All accessing confidential information legally bound to enforce privacy & security Internal & external audit of policies, training plan & processes October 18, 2001 Presenter - Chris Apgar

15 Providence Health Plan - Case Study
Collaboration with Providence Health System On-going work with external partners (providers, plans, government, etc.) Participation in local and national security/ privacy forums Privacy & confidentiality - Providence strategic objective October 18, 2001 Presenter - Chris Apgar

16 Tips for Protecting Privacy
Talk to your provider and insurance carrier - what is their privacy policy, how do they protect your confidential health information, etc.) Check out web sites (I.e., security, privacy policies, etc.) Cookies and what to do with them October 18, 2001 Presenter - Chris Apgar

17 Tips for Protecting Privacy
Avoid sharing health information over unsecured web sites Report on-line privacy violations as appropriate Avoid unsecured (even with your provider) Periodically request copies of your health record from provider and insurance carrier October 18, 2001 Presenter - Chris Apgar

18 Tips for Protecting Privacy
Carefully read consent & authorization forms (I.e., information release, purpose of confidential data use, etc.) Question if in doubt and avoid signing when transmission of your health information not clearly defined Know your rights and exercise them October 18, 2001 Presenter - Chris Apgar

19 Presenter - Chris Apgar
Resources Federal Trade Commission: HIPAA Web Site: National Institute of Health (regulatory information): “Defend Your Medical Data” (ACLU): October 18, 2001 Presenter - Chris Apgar

20 Presenter - Chris Apgar
Resources Health Privacy Project: Department of Health & Human Services Office of Civil Rights: American Medical Association “Domain of Privacy”: October 18, 2001 Presenter - Chris Apgar

21 Presenter - Chris Apgar
Resources American Psychology Association on Privacy: Providence (see privacy statement): Google (search engine; advanced search on “privacy health): October 18, 2001 Presenter - Chris Apgar

22 Question & Answer Chris Apgar, Data Security & HIPAA Compliance Officer Providence Health Plan 3601 SW Murray Blvd., Suite 10 Beaverton, OR (503) (voice) (503) (fax) October 18, 2001 Presenter - Chris Apgar

Download ppt "Health Care: Privacy in a Digital Age"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Similar presentations

Ads by Google