Presentation is loading. Please wait.

Presentation is loading. Please wait.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

Published byTabitha Stevens Modified over 8 years ago

Similar presentations

Presentation on theme: "Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning."— Presentation transcript:

1

2 Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning Vanderbilt University Medical Center June 19, 1999 Julius S. Aronofsky Lecture in Health Care Information Systems:

3 Presentation delivered at 3rd Annual “Enhancing Your Clinical Practice - Internet and New Technology Trends” Sponsored by: The Office of Continuing Education of The University of Texas Southwestern Medical Center at Dallas

4 http://www.mc.vanderbilt.edu/infocntr

5 Objectives: Understand –basic context for information security and confidentiality –current practices and risks regarding confidentiality –impact of EMR on ability to protect privacy –needs for organizational practices as well as technical practices (policies, agreements, and continuous learning) Learn about directions in Washington and upcoming requirements for your practices –HIPPA security standards –Proposed health information privacy legislation Know key sources of information about this topic

6 Agenda Key Concepts Discussion: Current Practices & Concerns Key Changes We Face Expected Electronic Health Data Security Requirements Questions & Discussion

7 Health Care Resources Health Care Delivery Processes Depend on Acquisition, Utilization, and Management of Many Kinds of Resources

8 Security Health Care Delivery Depends On Financial Resources Human Resources Physical Resources Information & Knowledge Resources

9 Key Concept: Information Security Components Confidentiality (Privacy) –Access control –Disclosure requires authorization –Need to know Availability –Accessible when & where needed Integrity –Records are complete –No unauthorized changes

10 Information Security Integrity Availability Confidentiality Information Systems Security Health Information Security Protection of Electronic Health Information

11 Discussion: Current Practices and Concerns (1) Share one of the biggest challenges or risks to health information privacy in your practice today OR a health information privacy issue you have faced recently (2) Share a practice that has improved protection of health information in your office or clinic

12 What Changes are We Facing? Increased use of electronic medical records (EMR) and internet communications –Expectation that health records are on-line, with decision support –Information provided directly by health care consumers in on-line interactions with providers –Portable, hand-held computing

13 EMR and Confidentiality EMR Risks –Easy to disclose vast quantities of information –Ability to link records across systems –Insufficient security & training in many EMR environments –Hackers keep pace with technology

14 EMR and Confidentiality EMR Benefits –Audit trails –Encryption –Access controls –Can remove identifiers –Can share without making copies

15 What Changes are We Facing? Health Insurance Portability and Accountability Act of 1996 (HIPAA) –DHHS rules governing security of electronic health information –Apply to all individual health care information electronically maintained or used in an electronic transmission Federal legislation on health information privacy

16 For the Record: Protecting Electronic Health Information National Research Council Study of Current Best Practice (1997) Recommendations: –Organizational practices for immediate implementation –Technical practices for immediate implementation for future implementation Basis for HIPAA Security Standard

17 Organizational Practices Security & Confidentiality Policies* Security & Confidentiality Committees Information Security Officers* Education and Training* Sanctions* Improved Authorization Forms** Patient Access to Audit Logs**

18 Technical Practices Individual authentication of users* Access controls* Audit trails* Physical security & disaster recovery* Protection of remote access points* Protection of external electronic communications* Software discipline* System assessment*

19 Scenario for Security Standards Proposed Security Standard includes “Small or Rural Provider Example” Outlines how the requirements might be implemented Expectation that software vendors will provide support Excerpts...

20 Joint Commission on Accreditation of Healthcare Organizations Current JCAHO standards require classification and protection of information Already at work to incorporate HIPAA standards

21 Information Resources DHHS web site has rules proposed under HIPAA and other information: http://aspe.os.dhhs.gov/admnsimp Computer-based Patient Records Institute has very useful publications on information security: http://www.cpri.org

22 http://aspe.os.dhhs.gov/admnsimp

23 http://www.cpri.org

24 Health Information Privacy Legislation HIPAA required action by Congress by August 1999 on health information privacy or DHHS to issue final rules None of bills introduced in 106th Congress likely to pass by HIPAA deadline Expect amendment of HIPAA to extend deadline For information on legislative proposals, see Library of Congress web site at http://thomas.loc.gov

25 Common Elements of Proposals Requirements for patient authorization for most kinds of disclosures Patient notice about rights and use of health information Patient right to review and amend Limit disclosure to minimum information needed Requirement to track disclosures Require safeguards for confidentiality, security, accuracy, integrity Criminal and civil penalties

26 http://thomas.loc.gov

27 Ann.Olsen@mcmail.Vanderbilt.edu Ann.Olsen@mcmail.Vanderbilt.edu

Download ppt "Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA

Similar presentations

Ads by Google