Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Published byAmalija Tavčar Modified over 5 years ago

Similar presentations

Presentation on theme: "THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,"— Presentation transcript:

1 THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP 505 Montgomery St., Suite 600 San Francisco, CA

2 National Health Information Infrastructure
Executive Order 1335, April, 2004— Called for widespread adoption of interoperable EHRs within 10 years Created position of National Coordinator for Health Information Technology National Coordinator issued a Framework for Strategic Action issued July 21, 2004 Consists of 4 goals, each with 3 strategies

3 Goals of the NHII Informing Clinical Practice Promoting use of EHRs by
Incentivizing EHR adoption Reducing the risk of EHR investment

4 Goals of the NHII Interconnecting clinicians by creating interoperability through Regional health information exchanges National health information infrastructure Coordinating federal health information systems

5 Goals of the NHII Personalizing care
Promotion of personal health records Enhancing consumer choice by providing information about institutions and clinicians Promoting tele-health in rural and underserved areas

6 Goals of the NHII Improving population health
Unifying public health surveillance Streamlining quality of care monitoring Accelerating research and dissemination of evidence

7 Benefits for the Consumer
Providers make better decisions, because-- They have better information They use smart systems Improved public health surveillance and response Improved research and quicker adoption of best practices Consumers make better decisions because— They have access to their own health information They have qualitative information about providers

8 Regional Health Information Organization
Public health surveillance Quality accountability Research Others? Consumers RHIO Health Plan Provider Provider Provider Provider

9 What Am I Concerned About?
Is my information available on the network? Can I control this? Who is allowed access to my information on the network? Will I know this? Can I control it? What uses can be made of my information on the network? Do I have access to my information on the network? Can I change it? How secure is my health information on the network? What accountability is there for misuse of my information?

10 Consumer Rights under HIPAA
HIPAA gives consumers rights to-- Access health information Amend/annotate health information Request restrictions on use and disclosure Accounting of non-routine disclosures Notice of privacy practices

11 Consumer Rights under HIPAA
HIPAA does not give consumers rights to-- Decide whether to participate in electronic record exchange Know whether information about them is being made available through an electronic exchange Restrict what information is made available through the exchange, and to whom Know who has had routine access to the information in the exchange Get on-line access to information in the exchange Receive notice of breaches of security of data in the exchange Hold people accountable for misuses of data

12 Privacy under HIPAA All protected health information is the same
Regulation of use and disclosure of health information is permissive, except Disclosure to the individual Disclosure to HHS for compliance Disclosure is generally permitted without consumer authorization for— Treatment Health care operations (including payment) Public-interest related purposes

13 Privacy under HIPAA Will the network allow-- Access by providers for—
treatment payment health care operations Access by health plans for payment Access by public health authorities Access for research Access by law enforcement authorities Access by private litigants Access by social service agencies

14 Security under HIPAA Covered entities must maintain reasonable and appropriate administrative, technical and physical safeguards— To ensure confidentiality and integrity of information To protect against reasonably anticipated-- threats to security or integrity unauthorized uses or disclosures

15 Security under HIPAA Technology neutral, flexible and scalable
To be implemented in a manner that best suits the entity’s needs, circumstances and resources, taking into account-- Size and complexity Technical infrastructure and capabilities Potential risks to health information Cost of security measures

16 Security in an Information Exchange
Standards with implementation features, e.g. Standard: access control Implementation feature: Unique user identifier (password, PIN, biometric, etc.) Some implementation features are “addressable” (optional) – e.g., encryption

17 Security under HIPAA Authentication – who is this? Patient matching
Authorization – what information can this user access? Logging and auditing Enforcement

18 Policing the Exchange under HIPAA
Not directly regulated Covered entities disclosing health information are required to obtain & enforce contractual assurances that the business associate will-- Safeguard the data (security) Restrict uses and disclosures to those permitted to the covered entity (privacy) Return or destroy the data on termination, if feasible

19 Policing the Exchange A covered entity is liable for breaches by business associate if the covered entity-- Learns of a pattern or practice of violations, and Fails to take reasonable and appropriate remedial measures Weak standard No private right of action

Download ppt "THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,"

Similar presentations

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Health Information Technology Framework for Strategic Action U.S. Department of Health and Human Services Office of the National Coordinator for Health.

Health Information Technology Framework for Strategic Action U.S. Department of Health and Human Services Office of the National Coordinator for Health.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Confidentiality and HIPAA

Confidentiality and HIPAA
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.

Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey 07458 All rights reserved. Health Information Technology and Management Richard.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.

Update on Federal HIT Legislation Kirsten Beronio Mental Health America.

Similar presentations

Ads by Google