Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Published byLeslie Hunt Modified over 8 years ago

Similar presentations

Presentation on theme: "How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other."— Presentation transcript:

1 How Hospitals Protect Your Health Information

2 Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other health information You can ask to change any wrong information in your file or add information to your file if you think something is missing or incomplete Receive a notice that tells you how your health information may be used and shared

3 Your Health Information Privacy Rights Get a report on when and why your health information was shared for certain purposes If you believe your rights are being denied or your health information isn’t being protected, you can file a compliant with your provider or health insurer or file a compliant with the Office of Civil Rights within the Department of Health and Human Services

4 Privacy and Security Law In 1996 Congress passed the Health Insurance Portability and Accountability Act The Act created the “Privacy Rule” which developed standards of privacy of individually identifiable health information The Act created the “Security Rule” which developed administrative and security standards to keep your health information private and protected

5 The Privacy Versus Security Rule The Privacy rule sets standards who may access health information while the Security rule sets the standards for ensuring that only those who should have access to the health information only obtain access

6 Who Must Comply Covered Health Care Providers- Any provider of medical or other health care services or supplies who transmits any health information in electronic form Health Plans- Any individual or group plan that provides or pays the cost of health care Health Care Clearinghouses-Any entity that processes another entity’s health care transactions

7 Security Standards Administrative safeguards Physical safeguards Technical safeguards

8 Administrative Safeguards Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce

9 Administrative Safeguards Implement policies and procedures to prevent, detect, contain and correct security violations Conduct an accurate and through assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information Implement security measures sufficient to reduce risks and vulnerabilities

10 Administrative Safeguards Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures

11 Sanction Policy Does an organization require employees to sign a statement of adherence to security policy and procedures as a prerequisite to employment as part of an employee handbook or confidentiality statement Does the sanction policy provide examples of potential violations of policy and procedures Does the sanction policy adjust the disciplinary action based on the severity of the violation

12 Administrative Safeguards Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports

13 Information System Activity Review What are the audit and activity review functions of the current system What logs or reports are generated by the information systems Is there a policy that establishes what reviews will be conducted Is there a procedure that describes specifics of the review

14 Administrative Safeguards Identify the security official who is responsible for the development and implementation of the policies and procedures required by the Security Rule

15 Security Official Would it serve the organization’s needs to designate the same individual as both the Privacy and Security Official Has the organization agreed upon, and clearly identified and documented, the responsibilities of the Security Official How are the roles and responsibilities of the Security Official crafted to reflect the size, complexity and technical capabilities of the organization

16 Administrative Safeguards Implement policies and procedures to ensure that all members of the workforce have appropriate access and to prevent those workforce members who do not have access from obtaining access Implement procedures for terminating access to electronic protected health information when the employment of a workforce member ends

17 Administrative Safeguards Implement a security awareness and training programs for all members of the workforce Security Reminders Protection from Malicious Software Log-In Monitoring Password Management

18 Security Awareness and Training Security Reminders- organizations must document the security reminders they implement Protection from Malicious Software- Organizations must implement procedures for guarding against, detecting, and reporting malicious software. The workforce must also be trained regarding its role in protecting against malicious software through programs downloaded from the internet or through email attachments

19 Security Awareness and Training Log-In Monitoring- The purpose of this is to make workforce members aware of log-in attempts that are not appropriate Password Management-Procedures for creating, changing, and safeguarding passwords must be developed. Are there policies in place that prevent workforce members from sharing passwords

20 Administrative Safeguards Implement policies and procedures to address security incidents Identify and respond to suspected or known security incidents, mitigate to the extent possible harmful effects of security that are known, and document security incidents and their outcomes

21 Administrative Safeguards Contingency Plan-Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information

22 Contingency Plan Data Backup Plan Disaster Recovery Plan Emergency Mode Operation Plan Testing and Revision Procedures Applications and Data Criticality Analysis

23 Contingency Plan What data must be backed up What is the method of back up What data is going to be restored Does the workforce know where to find the back up plan How do you test the back up plan

24 Administrative Safeguards Business Associate Contracts-A covered entity may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity’s behalf ONLY if that business will appropriately safeguard the information

25 Physical Safeguards Implement policies and procedures to limit physical access to its electronic information systems and the facility in which they are housed Locked doors, signs of warning, surveillance cameras, alarms

26 Physical Safeguards Implement procedures to control and validate a person’s access to facilities based on their role or function Does management regularly review the lists of individuals with physical access to sensitive facilities

27 Physical Safeguards Implement physical safeguards for workstation use and access Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security, for example hardware, doors, locks

28 Physical Safeguards Implement policies and procedures that govern the receipt and removal of hardware and electronic media in and out of a facility and the movement within a facility Have all types of hardware and electronic media that must be tracked been identified, such as hard drives, magnetic tapes or disks, optical disks or digital memory cards

29 The Device and Media Controls Disposal Media Re-Use Accountability Data Backup and Storage

30 Technical Safeguards Assign a unique name and/or number for identifying and tracking user identity Establish procedures for obtaining necessary electronic protected health information during an emergency Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity Implement a mechanism to encrypt and decrypt information

31 Assure integrity of data Implement policies and procedures to protect electronic protected health information from improper alteration or destruction Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner Technical Safeguards

32 Conclusion Patients have privacy rights Healthcare organizations have the legal obligation to secure patients healthcare information

Download ppt "How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA, Computer Security, and Domino/Notes Chuck Connell, www.chc-3.comwww.chc-3.com.

HIPAA, Computer Security, and Domino/Notes Chuck Connell,
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
1 HIPAA Privacy & Security Overview Know HIPAA Presents.

1 HIPAA Privacy & Security Overview Know HIPAA Presents.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards

Similar presentations

Ads by Google