Lecture Electronic health records for allied health careers: Chapter 6 - Susan Sanderson
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (345.78 KB, 18 trang )
Cover goes here when ready
Electronic Health
Records for Allied
Health Careers
Chapter 6
The Privacy and
Security of
Electronic Health
Information
McGrawHill
Copyright © 2009 by The McGrawHill Companies, Inc. All Rights Reserved.
6-2
Learning Outcomes
After studying this chapter, you should be able to:
1.
Describe the purpose of the Administrative Simplification provisions
of the Health Insurance Portability and Accountability Act (HIPAA).
2.
Discuss how the HIPAA Privacy Rule protects patient health
information.
3.
Describe when protected health information can be released without
patients’ authorization.
4.
List three categories of threats to the security of electronic
information.
5.
Describe the safeguards outlined in the HIPAA Security Rule.
6-3
Learning Outcomes
After studying this chapter, you should be able to:
6.
7.
8.
Discuss the ways that increased use of information technology
places protected health information at greater risks.
Explain why the existing HIPAA laws may not be adequate in today’s
health care environment.
Explain why public trust is key to the development of electronic
health records and a nationwide health information network.
6-4
Key Terms
• administrative safeguards
• Administrative
Simplification
• antivirus software
• audit trails
• authentication
• authorization
• availability
• business associates
• clearinghouses
• confidentiality
• covered entities (CEs)
• de-identified health
information
• designated record set
(DRS)
• disclosure
• electronic protected health
information (ePHI)
• encryption
• firewall
6-5
Key Terms
• health information
exchange
• health plan
• HIPAA Privacy Rule
• HIPAA Security Rule
• integrity
• intrusion detection system
(IDS)
• minimum necessary
standard
• Notice of Privacy Practices
(NPP)
• passwords
• physical safeguards
• protected health
information (PHI)
• providers
• role-based authorization
• technical safeguards
• treatment, payment, and
operations (TPO)
6-6
The Health Insurance Portability and
Accountability Act of 1996 (HIPAA)
• HIPAA is the most significant legislation
affecting health care since Medicare and
Medicaid in 1965.
• Title I of HIPAA = Health Insurance Reform
• Title II of HIPAA = Administrative Simplification
Standards
6-7
The Privacy Rule
• Covered entities
– Health plans
– Providers
– Clearinghouses
6-8
The privacy Rule
• Business Associates
– not covered entities, but use PHI for business purposes
– covered entities must have contracts with Business
Associates stating that they will abide by HIPAA Privacy
Rule
6-9
The Privacy Rule
• Protected Health Information
– Individually identifiable health information
– Privacy Rule applies to PHI in any form whether it is
communicated and/or maintained verbally, on paper, or
electronically.
6-10
The Privacy Rule
• Minimum Necessary Standard
– Limiting information to minimum PHI necessary for
intended purpose.
• Designated Record Set (DRS)
– A group of records that contains PHI; contents depend
on the role of the organization or provider.
6-11
The Privacy Rule
• Disclosure of Personal Health Information (PHI)
• Release of Information for Purposes Other Than TPO
– An authorization (special permission) must be obtained from the
patient for uses and disclosures other than for TPO.
– Disclosures must be documented and provided to the patient if
requested.
– Use and disclosure rules do not apply to de-identified health
information which is information that neither identifies nor
provides a reasonable basis for identification of an individual.
6-12
The Privacy Rule
• Notice of Privacy Practices (NPP)
• Rights of Individuals
• HIPAA Enforcement
6-13
Threats to the Security of Electronic
Health Information
• The Actions of Individuals
• Environmental Hazards
• Computer Hardware, Software, or Network
Problems
6-14
The Security Rule
• Protects the confidentiality, integrity, and
availability of electronic protected health
information (ePHI) of covered entities
6-15
The Security Rule
• Administrative Safeguards
– Policies and procedures to protect ePHI.
• Physical Safeguards
– Mechanisms to physically protect electronic systems,
equipment, and data.
• Technical Safeguards
– Automated processes that protect and control access
to ePHI.
6-16
Privacy and Security Risks of Electronic
Health Information Exchange
• Clinical Data Available in Electronic Form
• Portable Computers and Storage Devices
• Problems Not Adequately Addressed by Existing
Privacy Laws
–
–
–
–
Private Sector Electronic Networks
Personal Health Records (PHRs)
Overseas Business Associates
Multistate Exchange of Data with Different Laws
6-17
The Importance of Public Trust
• If people don’t trust that their personal information
will be kept confidential, they won’t disclose it; this
can lead to a lack of appropriate care.
6-18
The Importance of Public Trust
• Public Attitudes Toward the Electronic Use
of Health Information
– Most people believe that the confidentiality of their
medical records is very important
– The majority of people express concern about the
privacy of their information.
– Regional or nationwide health information networks will
have to be proven to be safe to gain the public’s trust.
