1 / 27

Patient Confidentiality and Electronic Medical Records

Julius S. Aronofsky Lecture in Health Care Information Systems:. Patient Confidentiality and Electronic Medical Records. Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning Vanderbilt University Medical Center June 19, 1999.

eliora
Download Presentation

Patient Confidentiality and Electronic Medical Records

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Julius S. Aronofsky Lecture in Health Care Information Systems: Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning Vanderbilt University Medical Center June 19, 1999

  2. Presentation delivered at 3rd Annual “Enhancing Your Clinical Practice - Internet and New Technology Trends” Sponsored by: The Office of Continuing Education of The University of Texas Southwestern Medical Center at Dallas

  3. http://www.mc.vanderbilt.edu/infocntr

  4. Objectives: • Understand • basic context for information security and confidentiality • current practices and risks regarding confidentiality • impact of EMR on ability to protect privacy • needs for organizational practices as well as technical practices (policies, agreements, and continuous learning) • Learn about directions in Washington and upcoming requirements for your practices • HIPPA security standards • Proposed health information privacy legislation • Know key sources of information about this topic

  5. Agenda • Key Concepts • Discussion: Current Practices & Concerns • Key Changes We Face • Expected Electronic Health Data Security Requirements • Questions & Discussion

  6. Health Care Resources • Health Care Delivery Processes Depend on Acquisition, Utilization, and Management of Many Kinds of Resources

  7. Financial Resources Human Resources Security Information & Knowledge Resources Physical Resources Health Care Delivery Depends On

  8. Key Concept: Information Security Components • Confidentiality (Privacy) • Access control • Disclosure requires authorization • Need to know • Availability • Accessible when & where needed • Integrity • Records are complete • No unauthorized changes

  9. Confidentiality Information Security Availability Health Information Security Information Systems Security Integrity Protection of Electronic Health Information

  10. Discussion: Current Practices and Concerns (1) Share one of the biggest challenges or risks to health information privacy in your practice today OR a health information privacy issue you have faced recently (2) Share a practice that has improved protection of health information in your office or clinic

  11. What Changes are We Facing? • Increased use of electronic medical records (EMR) and internet communications • Expectation that health records are on-line, with decision support • Information provided directly by health care consumers in on-line interactions with providers • Portable, hand-held computing

  12. EMR and Confidentiality • EMR Risks • Easy to disclose vast quantities of information • Ability to link records across systems • Insufficient security & training in many EMR environments • Hackers keep pace with technology

  13. EMR and Confidentiality • EMR Benefits • Audit trails • Encryption • Access controls • Can remove identifiers • Can share without making copies

  14. What Changes are We Facing? • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • DHHS rules governing security of electronic health information • Apply to all individual health care information electronically maintained or used in an electronic transmission • Federal legislation on health information privacy

  15. For the Record: Protecting Electronic Health Information • National Research Council Study of Current Best Practice (1997) • Recommendations: • Organizational practices • for immediate implementation • Technical practices • for immediate implementation • for future implementation • Basis for HIPAA Security Standard

  16. Organizational Practices • Security & Confidentiality Policies* • Security & Confidentiality Committees • Information Security Officers* • Education and Training* • Sanctions* • Improved Authorization Forms** • Patient Access to Audit Logs**

  17. Technical Practices • Individual authentication of users* • Access controls* • Audit trails* • Physical security & disaster recovery* • Protection of remote access points* • Protection of external electronic communications* • Software discipline* • System assessment*

  18. Scenario for Security Standards • Proposed Security Standard includes “Small or Rural Provider Example” • Outlines how the requirements might be implemented • Expectation that software vendors will provide support • Excerpts ...

  19. Joint Commission on Accreditation of Healthcare Organizations • Current JCAHO standards require classification and protection of information • Already at work to incorporate HIPAA standards

  20. Information Resources • DHHS web site has rules proposed under HIPAA and other information: http://aspe.os.dhhs.gov/admnsimp • Computer-based Patient Records Institute has very useful publications on information security: http://www.cpri.org

  21. http://aspe.os.dhhs.gov/admnsimp

  22. http://www.cpri.org

  23. Health Information Privacy Legislation • HIPAA required action by Congress by August 1999 on health information privacy or DHHS to issue final rules • None of bills introduced in 106th Congress likely to pass by HIPAA deadline • Expect amendment of HIPAA to extend deadline • For information on legislative proposals, see Library of Congress web site at http://thomas.loc.gov

  24. Common Elements of Proposals • Requirements for patient authorization for most kinds of disclosures • Patient notice about rights and use of health information • Patient right to review and amend • Limit disclosure to minimum information needed • Requirement to track disclosures • Require safeguards for confidentiality, security, accuracy, integrity • Criminal and civil penalties

  25. http://thomas.loc.gov

  26. Ann.Olsen@mcmail.Vanderbilt.edu

More Related