logging in or signing up Healthcare Data Security TimSim Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 203 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: April 28, 2012 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Healthcare Data Security : Healthcare Data Security Timothy SimpsonElectronic Protected Health Information (ePHI): Electronic Protected Health Information ( ePHI ) Name Address Medical record number Phone number E-mail address Many more Healthcare providers have an obligation to keep patients health information confidential unless it is used in the course of treatment, or for educational or quality assurance purposes. PHI is defined by HIPAA as being “any information that identifies a patient and relates or links to their health or healthcare history”. Including; 1Why we need improved Data Security in Healthcare: Why we need improved Data Security in Healthcare From Sept. 2009 to Sept. 2010 there were 166 major healthcare data breaches that affected a minimum of 500 patients each. Those 166 breaches combined released protected health care information of 4.9 million patients. 2 Data breaches increased 32% in 2011. 3Risks of laptops, Smart Phones and Tablets.: Risks of laptops, Smart Phones and Tablets. Today 49% of all ePHI data breaches are caused by lost or stolen mobile device. 3 81% of healthcare providers now use mobile devices to store, record, and transfer patient healthcare information. 3 49% of healthcare providers surveyed admit that they do not add any security protection to providers mobile devices that contain patient healthcare information. 3HIPAA Security Rule: HIPAA Security Rule The HIPAA Security Rule went into effect in 1996. Covered entities that maintain or transmit protected health information are required by the Security Rule to: “Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits Protect against any reasonably anticipated threat, and hazards to the security or integrity of such information or unauthorized use or access to such information. Ensure compliance with these rules by all employees.” 1HITECH Act: HITECH Act The HITECH Act, part of the Recovery and Reinvestment Act went into affect in February 2010. 4 Intended to increase security measures started under the HIPAA law as well as bring it up to date. There are 4 major rules: If a healthcare provider discovers that a patient’s ePHI is accessed without authority, then the provider must notify the patient. A patient will have the right to receive from a health care provider an record, dating back three years, of disclosures of their protected information to anyone outside the organization. A patient can request that a provider not disclose certain information to a “health plan.” A provider that uses patient information or discloses it to another provider must (if the purpose is for something other than treatment) limit the information to what is necessary for the purpose. 4Penalties for Healthcare Data Breaches: Penalties for Healthcare Data Breaches The HIPPA law called for fines to healthcare provides that lost, or allowed unauthorized access to protected patient healthcare information. The fines could be up to $100 per each patient disclosure , but could not exceed $25,000 total per calendar year. 5 The HITECH Act increased the maximum fines per calendar year to $1.5 million. 5 Blue Cross Blue Shield of Tennessee was the first organization to receive a $1.5 million fine for not protecting patient healthcare information on March 13, 2012. 6Steps to ensure your ePHI is protected: Steps to ensure your ePHI is protected Encrypt and decipher messages Log and archive e-mails Utilize password security Limit access Back up data Ensure good physical security 7Benefits of having Data Security System in Place: Benefits of having Data Security System in Place Effective data security ensures that healthcare providers’ medical records will be there when they are needed. A good system will help employees become aware of security risks, and teach them how to prevent a data breach. Although complying with HIPAA and The HITECH Act may require an investment in data security, it is much less costly than not complying.References: References 1. Department of Health and Human Services. Dec. 28 2006. HIPAA Security Guidance . Accessed on 4/5/2012 from http://www.hhs.gov/ocr/privacy/hipaa/a dministrative / securityrule /remoteuse.pdf 2. Kaufman and Rossin . (no date) Preventing a Data Breach and Protecting Health Records . Accessed on 04/12/2012 from http://www.fafp.org/Resources/DataBreachWhitePaper.pdf 3. Lewis, Nicole December 7, 2011. Patient Data Losses Jump 32%. Information Week . Accessed on 04/07/2012 from http://www.informationweek.com/news/h ealthcare /security-privacy/232300099 4. Wright, Benjamin April 2011. Health-care Data Tracking, Electronic Health Record (EHR). Accessed on 4/12/2012 from http://legal- beagle.typepad.com/ wrights_legal_beagle /2009/08/secure-computer-medical- files.html 5. Anonymous, 2010. HIPAA/HITECH compliance for healthcare organizations . Sophos . Accessed on 4/14/2012 from http://www.himss.org/content/files/sophos-hipaa- hitech-compliance-for-healthcare-organizations-sbna.pdf 6. Bortnick , R. J. and Rotella S. G. Jr. April 2, 2012. United States: WARNING: HHS Now Combating HIPAA Violations With HITECH Weaponry . Mondaq . Accessed on 04/16/2012 from http://www.mondaq.com/unitedstates/x/170982/Healthcare/WARNING+HHS+ Now+Combating+HIPAA+Violations+with+HITECH+Weaponry 7. Anonymous, (No date) HIPAA Security Compliance Workbook . UC Davis Health System. Accessed on 4/20/2012 from http://www.universityofcalifornia.edu/hipaa/docs/mu_workbook.pdf You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.