Healthcare Data Security

Views:
 
Category: Entertainment
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Healthcare Data Security : 

Healthcare Data Security Timothy Simpson

Electronic Protected Health Information (ePHI): 

Electronic Protected Health Information ( ePHI ) Name Address Medical record number Phone number E-mail address Many more Healthcare providers have an obligation to keep patients health information confidential unless it is used in the course of treatment, or for educational or quality assurance purposes. PHI is defined by HIPAA as being “any information that identifies a patient and relates or links to their health or healthcare history”. Including; 1

Why we need improved Data Security in Healthcare: 

Why we need improved Data Security in Healthcare From Sept. 2009 to Sept. 2010 there were 166 major healthcare data breaches that affected a minimum of 500 patients each. Those 166 breaches combined released protected health care information of 4.9 million patients. 2 Data breaches increased 32% in 2011. 3

Risks of laptops, Smart Phones and Tablets.: 

Risks of laptops, Smart Phones and Tablets. Today 49% of all ePHI data breaches are caused by lost or stolen mobile device. 3 81% of healthcare providers now use mobile devices to store, record, and transfer patient healthcare information. 3 49% of healthcare providers surveyed admit that they do not add any security protection to providers mobile devices that contain patient healthcare information. 3

HIPAA Security Rule: 

HIPAA Security Rule The HIPAA Security Rule went into effect in 1996. Covered entities that maintain or transmit protected health information are required by the Security Rule to: “Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits Protect against any reasonably anticipated threat, and hazards to the security or integrity of such information or unauthorized use or access to such information. Ensure compliance with these rules by all employees.” 1

HITECH Act: 

HITECH Act The HITECH Act, part of the Recovery and Reinvestment Act went into affect in February 2010. 4 Intended to increase security measures started under the HIPAA law as well as bring it up to date. There are 4 major rules: If a healthcare provider discovers that a patient’s ePHI is accessed without authority, then the provider must notify the patient. A patient will have the right to receive from a health care provider an record, dating back three years, of disclosures of their protected information to anyone outside the organization. A patient can request that a provider not disclose certain information to a “health plan.” A provider that uses patient information or discloses it to another provider must (if the purpose is for something other than treatment) limit the information to what is necessary for the purpose. 4

Penalties for Healthcare Data Breaches: 

Penalties for Healthcare Data Breaches The HIPPA law called for fines to healthcare provides that lost, or allowed unauthorized access to protected patient healthcare information. The fines could be up to $100 per each patient disclosure , but could not exceed $25,000 total per calendar year. 5 The HITECH Act increased the maximum fines per calendar year to $1.5 million. 5 Blue Cross Blue Shield of Tennessee was the first organization to receive a $1.5 million fine for not protecting patient healthcare information on March 13, 2012. 6

Steps to ensure your ePHI is protected: 

Steps to ensure your ePHI is protected Encrypt and decipher messages Log and archive e-mails Utilize password security Limit access Back up data Ensure good physical security 7

Benefits of having Data Security System in Place: 

Benefits of having Data Security System in Place Effective data security ensures that healthcare providers’ medical records will be there when they are needed. A good system will help employees become aware of security risks, and teach them how to prevent a data breach. Although complying with HIPAA and The HITECH Act may require an investment in data security, it is much less costly than not complying.

References: 

References 1. Department of Health and Human Services. Dec. 28 2006. HIPAA Security Guidance . Accessed on 4/5/2012 from http://www.hhs.gov/ocr/privacy/hipaa/a dministrative / securityrule /remoteuse.pdf 2. Kaufman and Rossin . (no date) Preventing a Data Breach and Protecting Health Records . Accessed on 04/12/2012 from http://www.fafp.org/Resources/DataBreachWhitePaper.pdf 3. Lewis, Nicole December 7, 2011. Patient Data Losses Jump 32%. Information Week . Accessed on 04/07/2012 from http://www.informationweek.com/news/h ealthcare /security-privacy/232300099 4. Wright, Benjamin April 2011. Health-care Data Tracking, Electronic Health Record (EHR). Accessed on 4/12/2012 from http://legal- beagle.typepad.com/ wrights_legal_beagle /2009/08/secure-computer-medical- files.html 5. Anonymous, 2010. HIPAA/HITECH compliance for healthcare organizations . Sophos . Accessed on 4/14/2012 from http://www.himss.org/content/files/sophos-hipaa- hitech-compliance-for-healthcare-organizations-sbna.pdf 6. Bortnick , R. J. and Rotella S. G. Jr. April 2, 2012. United States: WARNING: HHS Now Combating HIPAA Violations With HITECH Weaponry . Mondaq . Accessed on 04/16/2012 from http://www.mondaq.com/unitedstates/x/170982/Healthcare/WARNING+HHS+ Now+Combating+HIPAA+Violations+with+HITECH+Weaponry 7. Anonymous, (No date) HIPAA Security Compliance Workbook . UC Davis Health System. Accessed on 4/20/2012 from http://www.universityofcalifornia.edu/hipaa/docs/mu_workbook.pdf