Securing health information
Download as PPT, PDF0 likes299 views
The document discusses the importance of securing patient health information (PHI) in accordance with HIPAA and HITECH regulations, emphasizing the confidentiality and protection of personal data. It outlines responsibilities, consequences of breaches, and best practices for maintaining data security. Furthermore, it details the penalties for violations, including fines and potential imprisonment for serious offenses.
Securing health information
- 1. Securing Health Information Darla Moore MHA 690 Health Care Capstone David Cole October 2, 2014
- 2. Keeping Patient Data Secure • Patient Health Information (PHI) 1. Contains names, birth dates, Social Security numbers, addresses, phone numbers, and health insurance information 2. Must be maintained 3. Responsibility of everyone to keep confidential
- 3. Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Covers the protection of any information in an individual’s personal records. Examples are: – diagnosis and treatment reports – progress notes – recommendations – conversations with personal caregivers • HIPAA clearly states that no information shall be released without written consent from the data owner (patient), unless otherwise legislated, such as in emergencies or unusual situations.
- 4. Health Information Technology for Economic and Clinical Health Act (HITECH) • In 2009 the HITECH act was put into place and hospitals were given incentives of up to $40,000 per provider for using EHR's and health information exchanges (HIE) at the state and regional levels. • HITECH safeguards the information that is processed into computer systems used by care providers for: 1. billing 2. medication 3. clinical evaluation reports 4. radiological images and reports 5. laboratory test results 6. any information collected by individuals or organizations that has a health semantic.
- 5. Penalties of Breeches • The Department of Health and Human Services (HHS) must be informed of data breeches as well as the individual (s) affected • HHS issued privacy rules through a publication of proposed rules and has the authority to enforce these rules to include investigations on complaints and conducting HIPPA compliance reviews¹. • HIPAA Violations 1. $100 per violation and up to $25,000 per year. • If the breech and misuse of PHI is intentional, the following penalties can occur: 1. Reprimand or warning 2. Dismissal from organization 2. Fines ranging from $50,000 per occurrence to $250,000 3. Between 1 to 10 years in prison².
- 6. Do’s and Don’ts Do • Keep information secure • Use passwords that are not obvious and change them regularly. • Keep your voice down when discussing patient information, both in person and over the phone. • Lock computer when you leave it. Don’t • Give out your password • Fail to log off computers. • Leave patient files easily accessible. • Post patient information online without ensuring it is de-identified. • Look up a patient’s medical record without a valid reason.
- 7. Questions 1. What are some examples of PHI? 2. What does HIPAA protect? 3. HITECH safeguards what information? 4. Name some consequences for security violations. 5. What are you suppose to do to keep information private? 6. What are you not suppose to do?
- 8. Answers 1. Names, birth dates, Social Security numbers, addresses, phone numbers, and health insurance information 2. diagnosis and treatment reports, progress notes, recommendations and conversations with personal caregivers 3. Billing, medication, clinical evaluation reports, radiological images and reports, laboratory test results, and any information collected. 4. Reprimand or warning, dismissal from organization, fines ranging from $50,000 per occurrence to $250,000, or 1 to 10 years in prison. 5. Keep information secure, use passwords that are not obvious, don’t give out your password, and lock computer when not in use. 6. Leave patient files easily accessible, post patient information online without ensuring it is de-identified, and look up a patient’s medical record without a valid reason
- 9. References 1. Karasz, H. N., PhD., Eiden, A., J.D., & Bogan, S., M.P.H. (2013). Text messaging to communicate with public health audiences: How the HIPAA security rule affects practice. American Journal of Public Health, 103(4), 617- 622. Retrieved from http://search.proquest.com/docview/1340553579?accountid=32521 2. Swim, R. (2012). Keeping data secure: Protected health information and medical equipment. Biomedical Instrumentation & Technology, 46(4), 278-80. Retrieved from http://search.proquest.com/docview/1036947767? accountid=32521
- 10. References 1. Karasz, H. N., PhD., Eiden, A., J.D., & Bogan, S., M.P.H. (2013). Text messaging to communicate with public health audiences: How the HIPAA security rule affects practice. American Journal of Public Health, 103(4), 617- 622. Retrieved from http://search.proquest.com/docview/1340553579?accountid=32521 2. Swim, R. (2012). Keeping data secure: Protected health information and medical equipment. Biomedical Instrumentation & Technology, 46(4), 278-80. Retrieved from http://search.proquest.com/docview/1036947767? accountid=32521
Editor's Notes
- #4: HIPPA was one of the first regulations placed into law that established the protection of health information. HIPAA clearly states that no information shall be released without written consent from the data owner (patient), unless otherwise legislated, such as in emergencies or unusual situations.
- #5: HITECH got government leadership involved in the implementation of electronic records and the security of PHI.
- #6: ¹Karasz, Eiden, & Bogan, 2013, pg. 618 ²Swim, 2012 p. 279