Download presentation
Presentation is loading. Please wait.
Published byTabitha Stevens Modified over 9 years ago
2
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning Vanderbilt University Medical Center June 19, 1999 Julius S. Aronofsky Lecture in Health Care Information Systems:
3
Presentation delivered at 3rd Annual “Enhancing Your Clinical Practice - Internet and New Technology Trends” Sponsored by: The Office of Continuing Education of The University of Texas Southwestern Medical Center at Dallas
4
http://www.mc.vanderbilt.edu/infocntr
5
Objectives: Understand –basic context for information security and confidentiality –current practices and risks regarding confidentiality –impact of EMR on ability to protect privacy –needs for organizational practices as well as technical practices (policies, agreements, and continuous learning) Learn about directions in Washington and upcoming requirements for your practices –HIPPA security standards –Proposed health information privacy legislation Know key sources of information about this topic
6
Agenda Key Concepts Discussion: Current Practices & Concerns Key Changes We Face Expected Electronic Health Data Security Requirements Questions & Discussion
7
Health Care Resources Health Care Delivery Processes Depend on Acquisition, Utilization, and Management of Many Kinds of Resources
8
Security Health Care Delivery Depends On Financial Resources Human Resources Physical Resources Information & Knowledge Resources
9
Key Concept: Information Security Components Confidentiality (Privacy) –Access control –Disclosure requires authorization –Need to know Availability –Accessible when & where needed Integrity –Records are complete –No unauthorized changes
10
Information Security Integrity Availability Confidentiality Information Systems Security Health Information Security Protection of Electronic Health Information
11
Discussion: Current Practices and Concerns (1) Share one of the biggest challenges or risks to health information privacy in your practice today OR a health information privacy issue you have faced recently (2) Share a practice that has improved protection of health information in your office or clinic
12
What Changes are We Facing? Increased use of electronic medical records (EMR) and internet communications –Expectation that health records are on-line, with decision support –Information provided directly by health care consumers in on-line interactions with providers –Portable, hand-held computing
13
EMR and Confidentiality EMR Risks –Easy to disclose vast quantities of information –Ability to link records across systems –Insufficient security & training in many EMR environments –Hackers keep pace with technology
14
EMR and Confidentiality EMR Benefits –Audit trails –Encryption –Access controls –Can remove identifiers –Can share without making copies
15
What Changes are We Facing? Health Insurance Portability and Accountability Act of 1996 (HIPAA) –DHHS rules governing security of electronic health information –Apply to all individual health care information electronically maintained or used in an electronic transmission Federal legislation on health information privacy
16
For the Record: Protecting Electronic Health Information National Research Council Study of Current Best Practice (1997) Recommendations: –Organizational practices for immediate implementation –Technical practices for immediate implementation for future implementation Basis for HIPAA Security Standard
17
Organizational Practices Security & Confidentiality Policies* Security & Confidentiality Committees Information Security Officers* Education and Training* Sanctions* Improved Authorization Forms** Patient Access to Audit Logs**
18
Technical Practices Individual authentication of users* Access controls* Audit trails* Physical security & disaster recovery* Protection of remote access points* Protection of external electronic communications* Software discipline* System assessment*
19
Scenario for Security Standards Proposed Security Standard includes “Small or Rural Provider Example” Outlines how the requirements might be implemented Expectation that software vendors will provide support Excerpts...
20
Joint Commission on Accreditation of Healthcare Organizations Current JCAHO standards require classification and protection of information Already at work to incorporate HIPAA standards
21
Information Resources DHHS web site has rules proposed under HIPAA and other information: http://aspe.os.dhhs.gov/admnsimp Computer-based Patient Records Institute has very useful publications on information security: http://www.cpri.org
22
http://aspe.os.dhhs.gov/admnsimp
23
http://www.cpri.org
24
Health Information Privacy Legislation HIPAA required action by Congress by August 1999 on health information privacy or DHHS to issue final rules None of bills introduced in 106th Congress likely to pass by HIPAA deadline Expect amendment of HIPAA to extend deadline For information on legislative proposals, see Library of Congress web site at http://thomas.loc.gov
25
Common Elements of Proposals Requirements for patient authorization for most kinds of disclosures Patient notice about rights and use of health information Patient right to review and amend Limit disclosure to minimum information needed Requirement to track disclosures Require safeguards for confidentiality, security, accuracy, integrity Criminal and civil penalties
26
http://thomas.loc.gov
27
Ann.Olsen@mcmail.Vanderbilt.edu Ann.Olsen@mcmail.Vanderbilt.edu
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.