SlideShare a Scribd company logo

EMR security risks and controls

Download as PPTX, PDF
A
Abhishek sharma

Electronic medical records (EMRs) digitize patient health information, maintaining privacy while reducing costs. However, EMRs also present security, usability, and financial risks if not properly controlled. Under HIPAA, EMRs require stringent access, authentication, storage, transmission, and auditing standards to protect confidential patient data. Key controls focus on ensuring data confidentiality, integrity, and availability through administrative, physical and technical safeguards.

Education
1 of 14
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke
CONTENT • BACKGROUND • RISKS • CONTROLS
DEFINITION •“An electronic medical record (EMR) is a digital version of a paper chart that contains all of a patient's medical history from one practice.”
BENEFITS OF EMR • EMR maintains patient privacy • Fewer forms to fill out during a visit. • Fewer repetitive questions- regarding past medical history. • Reduces cost of Healthcare.
RISKS: SECURITY • Risk of inappropriate access • Unauthorized user access • Data breaches • Risk of record loss due to natural disasters • Risk of record tampering • Back dating • Fraudulent entries, or other modifications
RISKS: USABILITY • Multiple screens and mouse clicks • Alert fatigue • Standardization • can lead to mindless repetition of entries rather than thoughtful documentation. • Lack of uniform communication standards for systems
RISKS: LOGISTICS AND COST • System inefficiency • Obsolete Technology • Huge Financial cost
HIPAA • Health Insurance Portability and Accountability Act (HIPAA) • Passed in the US in 1996 • Establishes rules for access, authentications, storage and auditing, and transmittal of electronic medical records • Restrictions for electronic records more stringent than those for paper records. • Concerns as to the adequacy of these standards
• PHI protected information under this act are: • Information doctors and nurses input into the electronic medical record • Conversations between a doctor and a patient that may have been recorded • Billing information • Under this act there is a limit as to how much information can be disclosed, and as well as who can see a patients information. Patients also get to have a copy of their records if they desire, and get notified if their information is ever to be shared with third parties • Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person • Medical and health care providers experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012 HIPAA (2)
The core of implementing controls in Electronic Medical Records center on ensuring the security and privacy of patients’ health information and records under the following key categories: • Confidentiality: Patients should have the right to decide who can examine and alter what part of their medical records • Integrity: Complete and accurate records • Availability: Ensuring patients' access to their complete medical information while protecting their privacy These fall under the auspice of key areas in Information Security IMPLEMENTING EMR CONTROLS
• Administrative safeguards • Policies and procedures to protect the security, privacy, and confidentiality patients’ PHI (Personal Health Information) • Required by both the HIPAA Privacy Rule and the HIPAA Security Rule • Physical safeguards • measures to protect the hardware and the facilities that store PHI • Includes: • Facility access control • Workstation use • Workstation security • Device and media controls EMRs: Controls
• Technical safeguards Safeguards that are built into your health IT system to protect health information and to control access to it Includes: • Access Controls • Audit Controls • Integrity • Person or entity authentication • Transmission security EMRs: Controls(2)
• Establish a security framework • Data Encryption (stored and in transit) • Controlled Interoperability • Access Control Lists • Trainings for EMR staff Conclusion
Thoughts/Questions?

Recommended

HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedGretchen Husted
 
Telemedicine: safety and security
Telemedicine: safety and securityTelemedicine: safety and security
Telemedicine: safety and securityLeizl Guantero-Tomelden
 
Six pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicineSix pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicineirvinbalagosa
 
Health information security system
Health information security systemHealth information security system
Health information security systemDiana Fernandez
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialityJake Facer
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityMohammed Quadri
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynchplynch2012
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 

Recommended

HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedGretchen Husted
 
Telemedicine: safety and security
Telemedicine: safety and securityTelemedicine: safety and security
Telemedicine: safety and securityLeizl Guantero-Tomelden
 
Six pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicineSix pillars of security and privacy in telemedicine
Six pillars of security and privacy in telemedicineirvinbalagosa
 
Health information security system
Health information security systemHealth information security system
Health information security systemDiana Fernandez
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialityJake Facer
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityMohammed Quadri
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynchplynch2012
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Training powerpoint mha
Training powerpoint mhaTraining powerpoint mha
Training powerpoint mhaThereseS
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture ECMDLearning
 
Health information system security
Health information system securityHealth information system security
Health information system securitykristinleighclark
 
Hipaa slideshare ppt
Hipaa slideshare pptHipaa slideshare ppt
Hipaa slideshare pptKasey Durbin
 
Confidentiality manager training mha 690
Confidentiality manager training mha 690Confidentiality manager training mha 690
Confidentiality manager training mha 690nikki1919
 
Electronic medical record
Electronic medical recordElectronic medical record
Electronic medical recordFrank James
 
Security & Privacy for Health Data
Security & Privacy for Health DataSecurity & Privacy for Health Data
Security & Privacy for Health DataNawanan Theera-Ampornpunt
 
Hipaa privacy rule
Hipaa privacy ruleHipaa privacy rule
Hipaa privacy rulecomplianceonline123
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
Introduction hippaa
Introduction hippaaIntroduction hippaa
Introduction hippaaTina Peña
 
Security Risks Concerning Healthcare Apps 
Security Risks Concerning Healthcare Apps Security Risks Concerning Healthcare Apps 
Security Risks Concerning Healthcare Apps Centextech
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaadigitalpractice
 
Hippa
HippaHippa
HippaBetty Davis
 
One page
One page One page
One page Devi Sri
 
Confidentiality
ConfidentialityConfidentiality
Confidentialitymshaner
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health recordssamuelerie
 
Helium EHR Overview
Helium EHR OverviewHelium EHR Overview
Helium EHR Overviewemrceo
 
Hi103 week 5 chpt 12
Hi103 week 5 chpt 12Hi103 week 5 chpt 12
Hi103 week 5 chpt 12BealCollegeOnline
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Tina Norris
 
HIPAA
HIPAAHIPAA
HIPAAAlanoud Alqoufi
 
Healthcare Data Ecosystem 101
Healthcare Data Ecosystem 101Healthcare Data Ecosystem 101
Healthcare Data Ecosystem 101Lynne Frederickson
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 

More Related Content

What's hot

Training powerpoint mha
Training powerpoint mhaTraining powerpoint mha
Training powerpoint mhaThereseS
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture ECMDLearning
 
Health information system security
Health information system securityHealth information system security
Health information system securitykristinleighclark
 
Hipaa slideshare ppt
Hipaa slideshare pptHipaa slideshare ppt
Hipaa slideshare pptKasey Durbin
 
Confidentiality manager training mha 690
Confidentiality manager training mha 690Confidentiality manager training mha 690
Confidentiality manager training mha 690nikki1919
 
Electronic medical record
Electronic medical recordElectronic medical record
Electronic medical recordFrank James
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
Introduction hippaa
Introduction hippaaIntroduction hippaa
Introduction hippaaTina Peña
 
Security Risks Concerning Healthcare Apps 
Security Risks Concerning Healthcare Apps Security Risks Concerning Healthcare Apps 
Security Risks Concerning Healthcare Apps Centextech
 
Confidentiality
ConfidentialityConfidentiality
Confidentialitymshaner
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health recordssamuelerie
 
Helium EHR Overview
Helium EHR OverviewHelium EHR Overview
Helium EHR Overviewemrceo
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Tina Norris
 

What's hot (19)

Training powerpoint mha
Training powerpoint mhaTraining powerpoint mha
Training powerpoint mha
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
 
Health information system security
Health information system securityHealth information system security
Health information system security
 
Hipaa slideshare ppt
Hipaa slideshare pptHipaa slideshare ppt
Hipaa slideshare ppt
 
Confidentiality manager training mha 690
Confidentiality manager training mha 690Confidentiality manager training mha 690
Confidentiality manager training mha 690
 
Electronic medical record
Electronic medical recordElectronic medical record
Electronic medical record
 
Security & Privacy for Health Data
Security & Privacy for Health DataSecurity & Privacy for Health Data
Security & Privacy for Health Data
 
Hipaa privacy rule
Hipaa privacy ruleHipaa privacy rule
Hipaa privacy rule
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
 
Introduction hippaa
Introduction hippaaIntroduction hippaa
Introduction hippaa
 
Security Risks Concerning Healthcare Apps 
Security Risks Concerning Healthcare Apps Security Risks Concerning Healthcare Apps 
Security Risks Concerning Healthcare Apps 
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaa
 
Hippa
HippaHippa
Hippa
 
One page
One page One page
One page
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health records
 
Helium EHR Overview
Helium EHR OverviewHelium EHR Overview
Helium EHR Overview
 
Hi103 week 5 chpt 12
Hi103 week 5 chpt 12Hi103 week 5 chpt 12
Hi103 week 5 chpt 12
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2
 

Similar to EMR security risks and controls

Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
Week 7 issues and challenges
Week 7 issues and challengesWeek 7 issues and challenges
Week 7 issues and challengesRoy Dahildahil
 
Standards and Best Practices for Confidentiality of Electronic Health Records
Standards and Best Practices for Confidentiality of Electronic Health RecordsStandards and Best Practices for Confidentiality of Electronic Health Records
Standards and Best Practices for Confidentiality of Electronic Health RecordsMEASURE Evaluation
 
Remote Health Technology- E Healthcare Technology
Remote Health Technology- E Healthcare TechnologyRemote Health Technology- E Healthcare Technology
Remote Health Technology- E Healthcare Technologysaranya188949
 
Issues and challenges in electronic health records
Issues and challenges in electronic health recordsIssues and challenges in electronic health records
Issues and challenges in electronic health recordsronaldoyacatjr
 
Standards of dental informatics, security issues
Standards of dental informatics, security issuesStandards of dental informatics, security issues
Standards of dental informatics, security issuesEbtissam Al-Madi
 
Use of Electronic Health Record Data in Clinical Investigation Guidance for I...
Use of Electronic Health Record Data in Clinical Investigation Guidance for I...Use of Electronic Health Record Data in Clinical Investigation Guidance for I...
Use of Electronic Health Record Data in Clinical Investigation Guidance for I...Sungpil Han
 
Personal Health Records: iTriage Review
Personal Health Records: iTriage ReviewPersonal Health Records: iTriage Review
Personal Health Records: iTriage ReviewGrace Villareal
 
Building a Consensus for EHR
Building a Consensus for EHRBuilding a Consensus for EHR
Building a Consensus for EHRDanielle Jean
 
C. Gibbs MHA 690 week 1 discussion 2
C. Gibbs MHA 690 week 1 discussion 2C. Gibbs MHA 690 week 1 discussion 2
C. Gibbs MHA 690 week 1 discussion 2CGibbs3121
 
Universal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPIIUniversal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPIIFrank Avignone
 
Health Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsHealth Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsJil Wright
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?TriageLogic
 

Similar to EMR security risks and controls (20)

HIPAA
HIPAAHIPAA
HIPAA
 
Healthcare Data Ecosystem 101
Healthcare Data Ecosystem 101Healthcare Data Ecosystem 101
Healthcare Data Ecosystem 101
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
Week 7 issues and challenges
Week 7 issues and challengesWeek 7 issues and challenges
Week 7 issues and challenges
 
Standards and Best Practices for Confidentiality of Electronic Health Records
Standards and Best Practices for Confidentiality of Electronic Health RecordsStandards and Best Practices for Confidentiality of Electronic Health Records
Standards and Best Practices for Confidentiality of Electronic Health Records
 
Remote Health Technology- E Healthcare Technology
Remote Health Technology- E Healthcare TechnologyRemote Health Technology- E Healthcare Technology
Remote Health Technology- E Healthcare Technology
 
Issues and challenges in electronic health records
Issues and challenges in electronic health recordsIssues and challenges in electronic health records
Issues and challenges in electronic health records
 
DHCA-Chapter5
DHCA-Chapter5DHCA-Chapter5
DHCA-Chapter5
 
Standards of dental informatics, security issues
Standards of dental informatics, security issuesStandards of dental informatics, security issues
Standards of dental informatics, security issues
 
Use of Electronic Health Record Data in Clinical Investigation Guidance for I...
Use of Electronic Health Record Data in Clinical Investigation Guidance for I...Use of Electronic Health Record Data in Clinical Investigation Guidance for I...
Use of Electronic Health Record Data in Clinical Investigation Guidance for I...
 
Personal Health Records: iTriage Review
Personal Health Records: iTriage ReviewPersonal Health Records: iTriage Review
Personal Health Records: iTriage Review
 
Building a Consensus for EHR
Building a Consensus for EHRBuilding a Consensus for EHR
Building a Consensus for EHR
 
C. Gibbs MHA 690 week 1 discussion 2
C. Gibbs MHA 690 week 1 discussion 2C. Gibbs MHA 690 week 1 discussion 2
C. Gibbs MHA 690 week 1 discussion 2
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
Universal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPIIUniversal Unique Patient Information Identifier UUPII
Universal Unique Patient Information Identifier UUPII
 
Final copy 7
Final copy 7Final copy 7
Final copy 7
 
Health Information Technology & Nursing Informatics
Health Information Technology & Nursing InformaticsHealth Information Technology & Nursing Informatics
Health Information Technology & Nursing Informatics
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?
 

Recently uploaded

Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 

Recently uploaded (20)

Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 

EMR security risks and controls

  • 1. ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke
  • 3. DEFINITION •“An electronic medical record (EMR) is a digital version of a paper chart that contains all of a patient's medical history from one practice.”
  • 4. BENEFITS OF EMR • EMR maintains patient privacy • Fewer forms to fill out during a visit. • Fewer repetitive questions- regarding past medical history. • Reduces cost of Healthcare.
  • 5. RISKS: SECURITY • Risk of inappropriate access • Unauthorized user access • Data breaches • Risk of record loss due to natural disasters • Risk of record tampering • Back dating • Fraudulent entries, or other modifications
  • 6. RISKS: USABILITY • Multiple screens and mouse clicks • Alert fatigue • Standardization • can lead to mindless repetition of entries rather than thoughtful documentation. • Lack of uniform communication standards for systems
  • 7. RISKS: LOGISTICS AND COST • System inefficiency • Obsolete Technology • Huge Financial cost
  • 8. HIPAA • Health Insurance Portability and Accountability Act (HIPAA) • Passed in the US in 1996 • Establishes rules for access, authentications, storage and auditing, and transmittal of electronic medical records • Restrictions for electronic records more stringent than those for paper records. • Concerns as to the adequacy of these standards
  • 9. • PHI protected information under this act are: • Information doctors and nurses input into the electronic medical record • Conversations between a doctor and a patient that may have been recorded • Billing information • Under this act there is a limit as to how much information can be disclosed, and as well as who can see a patients information. Patients also get to have a copy of their records if they desire, and get notified if their information is ever to be shared with third parties • Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person • Medical and health care providers experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012 HIPAA (2)
  • 10. The core of implementing controls in Electronic Medical Records center on ensuring the security and privacy of patients’ health information and records under the following key categories: • Confidentiality: Patients should have the right to decide who can examine and alter what part of their medical records • Integrity: Complete and accurate records • Availability: Ensuring patients' access to their complete medical information while protecting their privacy These fall under the auspice of key areas in Information Security IMPLEMENTING EMR CONTROLS
  • 11. • Administrative safeguards • Policies and procedures to protect the security, privacy, and confidentiality patients’ PHI (Personal Health Information) • Required by both the HIPAA Privacy Rule and the HIPAA Security Rule • Physical safeguards • measures to protect the hardware and the facilities that store PHI • Includes: • Facility access control • Workstation use • Workstation security • Device and media controls EMRs: Controls
  • 12. • Technical safeguards Safeguards that are built into your health IT system to protect health information and to control access to it Includes: • Access Controls • Audit Controls • Integrity • Person or entity authentication • Transmission security EMRs: Controls(2)
  • 13. • Establish a security framework • Data Encryption (stored and in transit) • Controlled Interoperability • Access Control Lists • Trainings for EMR staff Conclusion

Editor's Notes

  1. the United States, information in electronic medical records is referred to as Protected Health Information (PHI) and its management is addressed under the Health Insurance Portability and Accountability Act (HIPAA) as well as many local laws