Protecting Privacy and Security in Health IT Systems Lecture
Learn how to formulate strategies to minimize threats to privacy, security, and confidentiality in Health Information Technology (HIT) systems. Explore topics such as physical safeguards, device and media controls, technical safeguards, audit controls, and more in this informative lecture developed by Johns Hopkins University and updated by The University of Texas Health Science Center at Houston.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp 7 Unit 7) was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC00013. This material was updated by The University of Texas Health Science Center at Houston under Award Number 90WT0006. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0
Protecting Privacy, Security, and Confidentiality in HIT Systems Learning Objectives Lecture b Formulate strategies to minimize threats to privacy, security, and confidentiality in HIT systems 2
Physical Safeguards Image Courtesy of U.S. Department of Health and Human Services 3
Physical Safeguards (Contd 1) Examples Workstation Use Workstation Security Device and Media Controls (e.g., media disposal, access to backup and storage media) 4
Physical Safeguards (Contd 2) Examples Device and Media Controls media disposal access to backup and storage media Image Courtesy of Federal Trade Commission 5
Technical Safeguards Examples Access Control Unique user identification Emergency access Automatic logoff Encryption/decrypti on Image Courtesy of U.S. Dept. of Commerce 6
Technical Safeguards (Contd 1) Examples Audit Controls Integrity Perspecsys Photos, 2015, CC BY-NC-SA 2.0 7
Technical Safeguards (Contd 2) Examples Person or Entity Authentication Password/passphr ase/PIN Smart card/token/key Biometrics Two factor authentication Image Courtesy of National Science Foundation (NSF) 8
Technical Safeguards (Contd 3) Examples Transmission Security Integrity controls Encryption 9
Risk Analysis and Management Analysis Gather data on potential threats and vulnerabilities Assess current security measures Determine likelihood, impact and level of risk Identify needed security measures Management Develop a plan for implementation Evaluate and maintain security measures 10
Meaningful Use Criteria for meaningful use of EHRs related to privacy, security, and confidentiality meant to align with HIPAA Emphasizes need to conduct a risk analysis Some specific requirements for EHR vendors 11
Unit 7: Protecting Privacy, Security, and Confidentiality in HIT Systems Summary Lecture b Privacy, security, and confidentiality in HIT settings Common threats encountered when using HIT Strategies to minimize threats to privacy, security, and confidentiality in HIT systems 12
Protecting Privacy, Security, and Confidentiality in HIT Systems References Lecture b References AHIMA Home - American Health Information Management Association. Ahima.org. Retrieved 17 June 2016. Retrieved from: http://www.ahima.org Centers for Medicare and Medicaid Services, HIPPA Security Series: Security 101 For Covered Entities. 2nd ed. 2007. Web. 17 June 2016. Retrieved from: http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/security101.pdf Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services,. (2008). Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information. Retrieved from https://www.healthit.gov/sites/default/files/nationwide-ps-framework-5.pdf Cisco. Enterprise Mobility 7.3 Design Guide. Retrieved 24 June 2016 from: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73.html U.S. Department of Health and Human Services. Retrieved from: http://www.hhs.gov Ensuring Security of High-Risk Information in EHRs. 2008. Available from: http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_039956.hcsp?dDocName=b ok1_039956 U.S. Department of Health and Human Services. 17 June, 2016. Retrieved from: http://www.hhs.gov/ 13
Protecting Privacy, Security, and Confidentiality in HIT Systems References Lecture b Images Slide 3: HIPPA Security Bulletins. Courtesy HIPPA. Available from: http://www.hhs.gov/ocr/privacy Slide 5: Logo of the Federal Trade Commission. Courtesy Federal Trade Commission. Slide 6: Cloud Computing will Challenge Security Policies. Courtesy U.S. Dept. of Commerce Slide 7: Computer Security. 10 June, 2015. Available from: https://www.flickr.com/photos/111692634@N04/18657246306 Slide 8: A Sophisticated Users Station. Courtesy National Science Foundation (NSF) Available from: http://www.nsf.gov/od/lpa/news/press/00/stim5.htm 14
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC00013. This material was updated by The University of Texas Health Science Center at Houston under Award Number 90WT0006. 15
