Ensuring Security & Privacy of Information Shared in Healthcare

This material covers federal laws, compliance processes, challenges with trust, data provenance, privacy concerns, policy modifications, tools for security, and threats in healthcare information sharing.

• Healthcare
• Privacy
• Security
• Data Provenance
• Compliance

scarberry_f Follow

Uploaded on Apr 12, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Care Coordination and Interoperable Health IT Systems Unit 10: Ensuring the Security and Privacy of Information Shared Lecture c Data Provenance This material (Comp 22 Unit 10) was developed by The University of Texas Health Science Center at Houston, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0006. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0/.

2. Ensuring the Security and Privacy of Information Shared Lecture c Learning Objectives Objective 1: Identify applicable federal laws and regulations related to protected health information shared during care coordination (Lecture a) Objective 2: Assess processes and systems to ensure compliance with applicable privacy and security regulations during care coordination (Lecture b) Objective 3: Explain the challenges of establishing, preserving, and restoring trust from multiple stakeholder perspectives (Lecture b) Objective 4: Review interoperable systems for weaknesses in structure or processes, which may result in a loss of trust (Lecture c) Objective 5: Discuss the need for data provenance (Lecture c) Objective 6: Analyze the system specifications and functionality to establish data provenance (Lecture c) 2

3. Ensuring the Security and Privacy of Information Shared Lecture c Learning Objectives (Cont d 1) Objective 7: Categorize privacy concerns appropriately (Lecture d) Objective 8: Modify privacy and security policies and procedures for sensitive protected health information and other special considerations (Lecture d) Objective 9: Employ appropriate tools and methods to ensure privacy and security during care coordination processes (Lecture d) 3

4. Threats When Using an Interoperable System Unencrypted Networks and Devices Untrained Users Consumers and Healthcare Workers Devices Used Inappropriately Phishing via e-mail Hackers Ransomware Stealing Identities What will come next?! 4

5. Top 10 Steps for Cybersecurity 1. Establish a Security Culture 2. Protect Mobile Devices 3. Maintain Good Computer Habits 4. Use a Firewall 5. Install and Maintain Anti-Virus Software 5

6. Top 10 Steps for Cybersecurity (Cont d 1) 6. Plan for the Unexpected 7. Control Access to Protected Health Information 8. Use Strong Passwords and Change Them Regularly 9. Limit Network Access 10.Control Physical Access 6

7. Security Risk Assessment Required and Revealing RISK ANALYSIS (Required by the HIPAA Security Rule) Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization]. Tools to help at healthit.gov 7

8. Real-life Scenarios Follow this link to play the ONC Cybersecurity game: https://www.healthit.g ov/providers- professionals/privacy- security-training- games ("Health IT Security Training Games | Providers & Professionals | HealthIT.gov", 2013) 8

9. Where Does the Data Come From or Provenance Data Provenance Origin of clinical information when first created Important Because: Data can be segmented based on the data source Providers know where the data is coming from, i.e., another provider, patient, or device 9

10. Determinants of Trust Trust (assurance) is based on what is believed (or believable) Trust is traceable to a source of truth , i.e.: unaltered, original source health data/record content Trust is based on, and manifest in, evidence presented 10

11. ONC Standards & Interoperability Framework To help meet this challenge of trust in the data, the goals of the data provenance initiative include: Establish guidance for handling data provenance in content standards, including the level to which provenance should be applied Establish the minimum set of provenance data elements and vocabulary Standardize the provenance capabilities to enable interoperability 11

12. What Does the EHR System Need to Do? Source System Create or Originate Maintain or Retain Change or Update Assemble Compose Export or Transmit Receiving System Import or Receive Disassemble Decompose Maintain or Retain 12

13. Development of Data Provenance Guidance Standards & Interoperability Framework Tiger Team HL 7 Clinical Document Architecture (CDA) AND HL 7 Fast Healthcare Interoperability Resources (FHIR) To answer 3 very important questions: Where did the data come from? Has it been changed? Can I trust it (the data)? Development and Testing is ongoing! 13

14. Unit 10: Ensuring the Security and Privacy of Information Shared Summary Lecture c Data Provenance Interoperable systems requires security. Effective cybersecurity requires a security risk assessment. Interoperability is dependent upon provider and patient trust of the data. Standards and processes for establishing and acting on data provenance are under development. 14

15. Unit 10: Ensuring the Security and Privacy of Information Shared References Lecture c References Department of Health and Human Services,. (2010). Guidance on Risk Analysis Requirements under the HIPAA Security Rule. Retrieved from http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/rafi nalguidancepdf.pdf HealthIT.gov. (n.d.). Retrieved April 21, 2016, from https://www.healthit.gov/providers- professionals-newsroom/top-10-tips-cybersecurity-health-care HealthIT.gov. (n.d.). Retrieved April 21, 2016, from https://www.healthit.gov/providers- professionals/security-risk-assessment General Information. (n.d.). Retrieved April 21, 2016, from http://wiki.siframework.org/Data+Provenance+Initiative Office of the National Coordinator for Health Information Technology,. (2013). Data Provenance Environmental Scan. Retrieved from https://www.healthit.gov/sites/default/files/data_provenance.pdf Images Slide 8: HealthIT.gov. (n.d.). Retrieved April 21, 2016, from https://www.healthit.gov/providers-professionals/privacy-security-training-games 15

16. Unit 10: Ensuring the Security and Privacy of Information Shared Lecture c Data Provenance This material was developed by The University of Texas Health Science Center at Houston, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0006. 16