Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy, Confidentiality, and Security M8120 Fall 2001.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy, Confidentiality, and Security M8120 Fall 2001."— Presentation transcript:

1 Privacy, Confidentiality, and Security M8120 Fall 2001

2 Scope and Standards of Informatics Practice The informatics nurse develops policies, procedures, and guidelines based on research and analytical findings, which may include: – Ensuring the validity and integrity of data – Ensuring the ethical use of informatics solution – Ensuring the confidentiality and security of data and privacy for individuals Ensures that the informatics solution is in compliance with recognized standards from accrediting and regulatory agencies

3 Informatics Competencies Beginning nurse – Seeks available resources to help formulate ethical decisions in computing – Describes patients’ rights as they pertain to computerized information management Experienced nurse – Interprets copyright issues in computing – Discusses features, capabilities and scope of user passwords – Devises strategies to protect confidentiality of computerized information – Differentiates issues surrounding confidentiality in computerized information management Staggers, Gassert, & Curran, 2001

4 Informatics Competencies Informatics specialist knowledge – Interprets copyright issues in computing – Discusses features, capabilities and scope of user passwords – Devises strategies to protect confidentiality of computerized information – Differentiates issues surrounding confidentiality in computerized information management Informatics specialist skills – Develops policies related to privacy, confidentiality, and security of patient and client data – Recommends procedures for achieving data integrity and security – Analyzes the capability of information technology to support programs of data integrity and security Staggers, Gassert, & Curran, 2001

5 Definitions Privacy - the right of individuals to be left alone and to be protected against physical or psychological invasion or the misuse of their property. It includes freedom from intrusion or invasion into one’s private affairs, the right to maintain control over certain personal information, and the freedom to act without outside interference. (ASTM E-31, 1997)

6 A Balance Privacy rights Access needs – Treatment – Public health – National security

7 Definitions Confidentiality – the status accorded to data or information indicating that it is sensitive for some reason and therefore it needs to be protected against theft, disclosure or improper use, or both, and must be disseminated only to authorized individuals or organizations with a need to know. (ASTM E-31, 1997)

8 What are some examples of confidential data?

9 Breaches of Confidentiality Accidental disclosures – inadvertent actions, unintensional mistakes Insider curiosity – insider’s accessing celebrities’ or friends’ information Insider subordination – insider revenge Uncontrolled secondary usage – for purposes other than intended without patient authorization Unauthorized access – hacking or use of another’s password

10 Definitions Security – the means to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction or loss (CPRI)

11 Definitions Data security – the result of effective protection measures; the sum of measures that safeguard data and computer programs from undesired occurrences and exposure to: – accidental or intentional disclosure to unauthorized persons – accidental or malicious alteration, – unauthorized copying, – loss by theft or destruction by hardware failures, software deficiencies, operating mistakes, or physical damage by fire, water, smoke, excessive temperature, electrical failure, or sabotage or combination thereof. ASTM-E31, 1997

12 Definitions System security – the result of all safeguards including hardware, personnel policies, information practice policies, disaster preparedness, and oversight of these components. Security protects both the system and the information contained within from authorized access from without and misuse from within. ASTM E-31, 1997

13 Health Insurance Portability and Accountability Act of 1996 (HIPAA) AKA – Administrative Simplification, Kennedy- Kasselbaum, K-2 Purposes – Improved efficiency in healthcare delivery by standardizing electronic data exchange – Protection of confidentiality and security of health data through setting and enforcing standards

14 Health Insurance Portability and Accountability Act of 1996 (HIPAA) Includes: – Standardization of electronic patient health, administrative, and financial data – Unique health identifiers for individuals, employers, health plans, and health care providers – Security standards protecting the confidentiality and integrity of “individually identifiable health information”, past, present, or future

15 Health Insurance Portability and Accountability Act of 1996 (HIPAA) Electronic health transactions standards Unique identifiers Security and electronic signature standards Privacy and confidentiality standards

16 Definitions Individually identifiable health information – information that is a subset of health information, including demographic information collected from an individual, and that: – Is created by or received from a health care provider, health plan, employer, or health care clearing house – Relates to the past, present, or future physical or d health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and which identifies the individual or with respect to which there is a reasonable basis to believe that the information can be used to identify the individual

17 Protected health information – individually identifiable health information that is: – Transmitted by electronic media – Maintained in electronic media – Transmitted or maintained in any other form or medium Definitions

18 De-identified information – information that is not individually identifiable

19 HIPAA Privacy and Confidentiality Standards Limit the non-consensual use and release of personal health information Give patients new rights to access their medical records and to know who else has accessed them Restrict most disclosure of health information to the minimum needed for the intended purpose Establish new criminal and civil sanctions for improper use or disclosure Establish new requirements for access to records by researchers and others

20 HIPAA Privacy and Confidentiality Standards: 5 Principles Consumer control – the regulation provides consumers with critical new rights to control their medical information Boundaries – with few exceptions, an individual’s health care information should be used for health purposes only, including treatment and payment Accountability – specific penalties if right to privacy is violated Public responsibility – balance privacy with national priorities such as public health protection, medical research, improving quality of care, and fight health care fraud and abuse Security – organizational responsibility

21 HIPAA Security Standards Information systems security requiring the protection of all affected computers and data from compromise or loss Physical security requiring the protection of all buildings, facilities, and assets from compromise or threat Audit trails of access to patient-identifiable information Digital signature/data encryption requiring transmissions to be authenticated and protected from observation or change

22 Key Features of a Secure System and Network Authentication Authorization and access control Data integrity Accountability Availability Data storage Data transmission

23 Key Features of a Secure System and Network: Authentication Means of verifying the correct identity and/or group membership of individual or other entities Methods for authentication – User name – Known only by the user (e.g., password) – Held only by the user (e.g., digital signature, secure ID) – Attributable only to the user (e.g., finger print, retinal scan)

24 Key Features of a Secure System and Network: Authorization and Access Control Access control lists for predefined users – Reading – Writing – Modifications – Deletion of data – Deletion of programs

25 Key Features of a Secure System and Network: Data Integrity Used to support information accuracy to ensure that data have not been altered or destroyed in an unauthorized manner Error detection and error correction protocols

26 Key Features of a Secure System and Network: Accountability Ensures that the actions of any entity can be traced during the movement of data from its source to its recipient Audit trails – Identification of the user – Data source – Whose information – Date and time – Nature of the activity

27 Key Features of a Secure System and Network: Availability Ensures information is immediately accessible and usable by authorized entity Methods – Back ups – Protecting and restricting access – Protecting against viruses

28 Key Features of a Secure System and Network: Data Storage Protecting and maintaining the physical location of the data and the data itself Physical protection of processors, storage media, cables, terminals, and workstations Retention of data for mandated period of time

29 Key Features of a Secure System and Network: Data Transmission Exchange of data between person and program or program and program when the sender and receiver are remote from one another Encryption – Scrambles readable information – De-encrypt with proper key by recipient Firewall – Filtering mechanism so that only authorized traffic is allowed to pass

30 Unique Identifiers Employer Identifier Number (EIN) National Provider Identifier (NPI) – individual, group, or organization that provides medical or other health care services or supplies Unique health identifier – on hold

Download ppt "Privacy, Confidentiality, and Security M8120 Fall 2001."

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
ISecurity Compliance with HIPAA. Part 1 About HIPAA.

ISecurity Compliance with HIPAA. Part 1 About HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Compliance Training. Introduction The training in this presentation is an overview of State and Federal Regulations governing Fraud & Abuse and HIPAA.

Compliance Training. Introduction The training in this presentation is an overview of State and Federal Regulations governing Fraud & Abuse and HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems

Similar presentations

Ads by Google