MHA 690: Health Care Capstone
Instructor: Dr. Hwang-ji Lu
Health Care Capstone
Created by: Seynabou Ndiaye
Monday, September 23rd, 2013
• The need to store electronic health information have raised concerns about the
privacy of patients and the security of the data collected.
• Ensuring adequate protection of confidentiality and integrity of patients’
information while at the same time making the information readily available to all
authorized healthcare providers has been a dilemma for healthcare organizations.
• In 1996, the United States Congress passed the Health Insurance Portability and
Accountability Act (HIPAA) to protect the freedom, security, privacy and
confidentiality of individuals.
• Health information data consists of extremely sensitive information, the security of this
information has been an important issue since health care information systems have been
• The increasing need for exchange of healthcare information within
the healthcare industry have revealed issues with system and
• The interoperability of systems can be improved by developing
Health information security standards for all healthcare organizations
• The goal of Health Information Management Systems Society is to
have all health organizations who use, send or store health
information to meet the requirements for confidentiality, integrity
and availability and accountability using sound risk management
practices based on recognized standards and protocols by 2014.
Challenges of managing Health Information Systems
• Liability issues
• Ethical issues
• Security issues
• Data access and storage
• Ownership of data
• Controlling and Monitoring employees behaviors
• Ensuring compliance with HIPAA and other
standards of patient privacy and confidentiality
• Lack of interoperability of systems and
• Research revealed that there are two categories of security
concerns when using Electronic Health information :
Inappropriate release of patient information by health
organizations and concerns about the flow of information
across the healthcare industry.
• Technological security tools are available and they serve five
3. Perimeter identification
4. Controlling access
5. Comprehensibility and control
Research sources Continued
• Health Information Portability and Accessibility Act
provide a basic framework for handling health
• The healthcare industry recognized the need for more
guidance in protecting health information
• Healthcare providers have access to a range of
technical and organizational practices that can help
protect patients’ health information
Health Insurance Portability and Accountability Act
• In the light of increasing sharing of patient information within the
healthcare industry, the HIPAA rulings were developed to protect the
freedom, security, privacy and confidentiality of Individuals
• “In, 1996, Congress passed Public law 104-191 , otherwise known as
HIPAA” (Tan, 2010, pg 281)
• HIPAA required the Department of Health and human services to
establish new guidelines, key principles and national standards for
handling electronic health transactions.
• Adherence to these HIPAA imposed principles, guidelines and standards
is required from all healthcare Professionals and all healthcare entities in
• HIPAA protects all personal health information either stored
on paper or electronically, located in any US-based health
organization, regardless of the source of this information.
• HIPAA requires that healthcare organizations educate their
employees on how to respect and safeguard the privacy and
confidentiality of the information collected from patients.
• Given the current and future advances in data interchange
technology, HIPAA establishes strategies for health
organizations to stay in compliance with the federal law
Recommendations for Health Information Systems Security
Establish Security Policies and Procedures for healthcare organizations
Protecting the confidentiality and integrity of patients’ information.
Train healthcare employee thoroughly on HIPAA regulations and
Monitoring and enforcing guidelines and regulations
Control and Monitor employee behaviors
Technical solutions include using role-based access control, encryption
and authentication mechanisms
• New technologies are being incorporated in the Healthcare Information systems to improve
care management and coordination of patients’ care.
• There are many benefits to the use of new technologies but there are also privacy and security
issues associated with the use of these technologies.
• Health information security and patient privacy have been a very important issue in healthcare
• There are many technical mechanisms available to guarantee privacy, confidentiality and data
security as well as policies, practices and procedures that can be put in place to protect patients’
• Security law, which is a component of HIPAA can help build a relationship based on trust
Between patients and their healthcare providers.
• Albena, R. I., & Susan Meyer-Goldstein. (2013). Impact of standards adoption on healthcare transaction performance:
The case of HIPAA. International Journal of Production Economics, 141(1), 277. Retrieved from
• Hagland, M. (1997). Confidence and confidentiality. Health Management Technology, 18(12), 20-2, 24, 56. Retrieved
• Klein, R. (2007). Internet-based patient-physician electronic communication applications: Patient acceptance and trust.
E - Service Journal, 5(2), 27-38,40-51. Retrieved from
• McGraw, D., Dempsey, J. X., Harris, L., & Goldman, J. (2009). Privacy as an enabler, not an impediment: Building trust
into health information exchange. Health Affairs, 28(2), 416-27. Retrieved from
• Tan, J.K.H. (2010). Adaptive Health Management Information Systems (3rd ed.) Sudbury: Jones and Bartlett. ISBN:
• Thomas, C. R. (1997). Privacy, information technology, and health care. Association for Computing Machinery.
Communications of the ACM, 40(8), 92-100. Retrieved from