SlideShare a Scribd company logo

Technology, policy, privacy and freedom

G
G Prachi

Technology, policy, privacy and freedom

Technology
1 of 17
Technology, Policy, Privacy and Freedom (Unit-6)
Contents • Medical Privacy Legislation, Policies and Best Practices • Examination of Privacy matters specific to World Wide Web • Protection provided by the freedom of Information Act or the requirement for search warrants
Medical Privacy Legislation, Policies and Best Practices
Legislation 1. State Laws • Different states separately regulate the privacy of healthcare information. • “Covered entity” more broadly includes virtually anyone or any entity coming into contact with PHI. • This definition comes into play particularly with marketing and re- identification, both of which require individual consent under the law.
Legislation 2. Sanctions and Penalties • Potential sanctions, in order of ascending severity: verbal/written warnings, probation, suspension, transfer, or termination of employment. • Penalties: Monetary penalty amounts. • Individuals, including employees of covered entities or business associates, may be criminally liable or subject to imprisonment.
Policies 1. Protecting Privacy of Patient Information: • Only share patient information with other faculty and staff who need the information to do their job. • Avoid accessing a patient’s record unless you need to do so for your job or you have written permission from the patient. • Do not access the record of your co-worker, spouse, or family member unless there is written authorization in the patient’s record.
Policies 2. E-MAIL: • Never send unencrypted information over the Internet that you would not place on a billboard. • You cannot control how a message you generate is forwarded or shared after you hit the “Send” button! • Never use the full nine-digit social security number in an electronic message unless the message has been encrypted or otherwise secured! • Do not use a patient’s full name associated with specific health information (e.g. reason for visit, diagnosis, procedures, or test results).
Policies 3. Telephone and Fax Precautions: • Only speak to the patient (or parent); • Do not leave message with identifying information; • Do not give your personal phone number; • Check fax number (more than once); • Fax with a permission form; • Use a cover sheet; • Check to see if the fax was received; • Do not fax plans, logs, reports to supervisors unless absolutely necessary and only if information is de-identified.
Policies 4. Files: • Store patient files, CDs/USB drives containing PHI and video/audiotapes in a locked file cabinet. • Never store PHI on personal hard drives. • Never take from clinic unless to off-site assessment and then you must immediately return the files.
Best Practices • Do not use patient’s whole name in earshot of others; • Cover charts so patient name is not visible; • Do not leave records & other PHI unattended; • Screen computers or locate so others cannot read the screen; • Keep secure patient reports and appointment schedules; • Back up disks; • Reports prepared on home computers must be prepared in de-identified format; • All reports sent as email attachments must be de-identified; • Video/audio tapes must be erased or destroyed before clinician graduates, unless being preserved in master patient file at the clinic for archival purposes.
Examination of Privacy matters specific to the World Wide Web
Points to ponder • Collection Limitation -There should be limits to the collection of personal data, and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. • Data Quality - Personal data should be relevant to the purposes for which they are to be used, and to the extent necessary for those purposes, should be accurate, complete, and kept updated. • Purpose Specification - The purposes for which personal data are collected should be specified not later than at the time of data collection, and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes, and as are specified on each occasion of change of purpose. • Use Limitation - Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified in accordance with [the Purpose Specification] except: • with the consent of the data subject; or • by the authority of law.
Points to ponder • Security Safeguards - Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data. • Openness - There should be a general policy of openness about developments, practices, and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. • Individual Participation - An individual should have the right to know whether a data controller has data relating to him/her, to obtain a copy of the data within a reasonable time in a form that is intelligible to him/her, to obtain a reason if the request for access is denied, to challenge such a denial, to challenge data relating to him/her, and, if the challenge is successful, to have the data erased, rectified, completed, or amended. • Accountability - A data controller should be accountable for complying with measures, which give effect to the principles stated above.
Protections provided by the Freedom of Information Act or the requirement for search warrants
Points to ponder • Right to access Health records, subject to specific and limited exemptions. • Personal privacy is protected as the FOIP Act regulates the way an organization collects, uses, and discloses personal information. • Right to access information that an organization has about the patient. • Right to request a correction of information that an organization has about the patient. • Right to request an independent review of decisions made by the organization.
Points to ponder • The practice is often asked for information about patients from insurance companies or solicitors. On no account will any information be given without the patient's written consent. • Information about a patient's medical condition will only be passed to other health professionals to help with treatment. • Staff at the surgery have access to personal information on a need-to-know basis only and are bound by rules relating to patient confidentiality.
References 1. www.uh.edu/legalaffairs/contract.../pdf.../HIPAA%20Guidelines%20% 207.14.11.pdf 2. https://www.ncbi.nlm.nih.gov/books/NBK9579/

Recommended

Health Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability ActHealth Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability Actসারন দাস
 
Hippa health admin week 1 question 2
Hippa health admin week 1 question 2Hippa health admin week 1 question 2
Hippa health admin week 1 question 2Ashford Univeristy
 
Hippa new requirement to clinical study processes
Hippa new requirement to clinical study processesHippa new requirement to clinical study processes
Hippa new requirement to clinical study processesKavya S
 
2012 HIPAA Refresher
2012 HIPAA Refresher2012 HIPAA Refresher
2012 HIPAA Refreshererikalsm
 
Your role in confidentiality
Your role in confidentialityYour role in confidentiality
Your role in confidentialityTrisha Ballard
 
Hipaa Refresher Training
Hipaa Refresher TrainingHipaa Refresher Training
Hipaa Refresher TrainingBrian
 
Patients’ privacy and confidentiality
Patients’ privacy and confidentialityPatients’ privacy and confidentiality
Patients’ privacy and confidentialitybernardsanch
 
MODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYMODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYDr Ghaiath Hussein
 

Recommended

Health Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability ActHealth Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability Actসারন দাস
 
Hippa health admin week 1 question 2
Hippa health admin week 1 question 2Hippa health admin week 1 question 2
Hippa health admin week 1 question 2Ashford Univeristy
 
Hippa new requirement to clinical study processes
Hippa new requirement to clinical study processesHippa new requirement to clinical study processes
Hippa new requirement to clinical study processesKavya S
 
2012 HIPAA Refresher
2012 HIPAA Refresher2012 HIPAA Refresher
2012 HIPAA Refreshererikalsm
 
Your role in confidentiality
Your role in confidentialityYour role in confidentiality
Your role in confidentialityTrisha Ballard
 
Hipaa Refresher Training
Hipaa Refresher TrainingHipaa Refresher Training
Hipaa Refresher TrainingBrian
 
Patients’ privacy and confidentiality
Patients’ privacy and confidentialityPatients’ privacy and confidentiality
Patients’ privacy and confidentialitybernardsanch
 
MODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYMODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYDr Ghaiath Hussein
 
Hipaa 42 cfr review
Hipaa 42 cfr reviewHipaa 42 cfr review
Hipaa 42 cfr reviewrobint2125
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentialityHemang Patel
 
Clinical trials First Year M. Pharmacy.
Clinical trials First Year M. Pharmacy.Clinical trials First Year M. Pharmacy.
Clinical trials First Year M. Pharmacy.Rushi Somani
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcareQueen Myers
 
Health Information Technology_272_Presentation_CookDaryle.docx.
Health Information Technology_272_Presentation_CookDaryle.docx.Health Information Technology_272_Presentation_CookDaryle.docx.
Health Information Technology_272_Presentation_CookDaryle.docx.Daryle Cook
 
The importance of patient privacy
The importance of patient privacyThe importance of patient privacy
The importance of patient privacytbella
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality trainingtwhit0623
 
Confidentiality
Confidentiality Confidentiality
Confidentiality Rhonda Williams
 
Confidentiality
ConfidentialityConfidentiality
Confidentialityblutoothe
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Hipaa-2015
Hipaa-2015Hipaa-2015
Hipaa-2015pssurgery
 
Mike smith power point florida telehealth summit
Mike smith power point florida telehealth summitMike smith power point florida telehealth summit
Mike smith power point florida telehealth summitSamantha Haas
 
Health information confidentiality
Health information confidentialityHealth information confidentiality
Health information confidentialityJames Noon
 
Ethics committee
Ethics committeeEthics committee
Ethics committeePristyn Research Solutions
 
Patient Confidentiality
Patient ConfidentialityPatient Confidentiality
Patient Confidentialitymarosemond
 
Icmr ethical guidelines for biomedical research on human subject
Icmr ethical guidelines for biomedical research on human subjectIcmr ethical guidelines for biomedical research on human subject
Icmr ethical guidelines for biomedical research on human subjectSuraj Pamadi
 
INFORMED CONSENT FORM
INFORMED CONSENT FORMINFORMED CONSENT FORM
INFORMED CONSENT FORMTuracoz Healthcare Solutions
 
MHA 690 week 2 discussin
MHA 690 week 2 discussinMHA 690 week 2 discussin
MHA 690 week 2 discussinBrooke A Thomas
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Trainingridley27
 
PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy GuidelinesRomsty
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection ActsJoseph White MPA CPM
 
Health care confidentiality and privacy
Health care confidentiality and privacyHealth care confidentiality and privacy
Health care confidentiality and privacysawanda
 

More Related Content

What's hot

Hipaa 42 cfr review
Hipaa 42 cfr reviewHipaa 42 cfr review
Hipaa 42 cfr reviewrobint2125
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentialityHemang Patel
 
Clinical trials First Year M. Pharmacy.
Clinical trials First Year M. Pharmacy.Clinical trials First Year M. Pharmacy.
Clinical trials First Year M. Pharmacy.Rushi Somani
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcareQueen Myers
 
Health Information Technology_272_Presentation_CookDaryle.docx.
Health Information Technology_272_Presentation_CookDaryle.docx.Health Information Technology_272_Presentation_CookDaryle.docx.
Health Information Technology_272_Presentation_CookDaryle.docx.Daryle Cook
 
The importance of patient privacy
The importance of patient privacyThe importance of patient privacy
The importance of patient privacytbella
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality trainingtwhit0623
 
Confidentiality
ConfidentialityConfidentiality
Confidentialityblutoothe
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Mike smith power point florida telehealth summit
Mike smith power point florida telehealth summitMike smith power point florida telehealth summit
Mike smith power point florida telehealth summitSamantha Haas
 
Health information confidentiality
Health information confidentialityHealth information confidentiality
Health information confidentialityJames Noon
 
Patient Confidentiality
Patient ConfidentialityPatient Confidentiality
Patient Confidentialitymarosemond
 
Icmr ethical guidelines for biomedical research on human subject
Icmr ethical guidelines for biomedical research on human subjectIcmr ethical guidelines for biomedical research on human subject
Icmr ethical guidelines for biomedical research on human subjectSuraj Pamadi
 
MHA 690 week 2 discussin
MHA 690 week 2 discussinMHA 690 week 2 discussin
MHA 690 week 2 discussinBrooke A Thomas
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Trainingridley27
 

What's hot (19)

Hipaa 42 cfr review
Hipaa 42 cfr reviewHipaa 42 cfr review
Hipaa 42 cfr review
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentiality
 
Clinical trials First Year M. Pharmacy.
Clinical trials First Year M. Pharmacy.Clinical trials First Year M. Pharmacy.
Clinical trials First Year M. Pharmacy.
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in Healthcare
 
Health Information Technology_272_Presentation_CookDaryle.docx.
Health Information Technology_272_Presentation_CookDaryle.docx.Health Information Technology_272_Presentation_CookDaryle.docx.
Health Information Technology_272_Presentation_CookDaryle.docx.
 
The importance of patient privacy
The importance of patient privacyThe importance of patient privacy
The importance of patient privacy
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality training
 
Confidentiality
Confidentiality Confidentiality
Confidentiality
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
Hipaa-2015
Hipaa-2015Hipaa-2015
Hipaa-2015
 
Mike smith power point florida telehealth summit
Mike smith power point florida telehealth summitMike smith power point florida telehealth summit
Mike smith power point florida telehealth summit
 
Health information confidentiality
Health information confidentialityHealth information confidentiality
Health information confidentiality
 
Ethics committee
Ethics committeeEthics committee
Ethics committee
 
Patient Confidentiality
Patient ConfidentialityPatient Confidentiality
Patient Confidentiality
 
Icmr ethical guidelines for biomedical research on human subject
Icmr ethical guidelines for biomedical research on human subjectIcmr ethical guidelines for biomedical research on human subject
Icmr ethical guidelines for biomedical research on human subject
 
INFORMED CONSENT FORM
INFORMED CONSENT FORMINFORMED CONSENT FORM
INFORMED CONSENT FORM
 
MHA 690 week 2 discussin
MHA 690 week 2 discussinMHA 690 week 2 discussin
MHA 690 week 2 discussin
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
 

Similar to Technology, policy, privacy and freedom

PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy GuidelinesRomsty
 
Health care confidentiality and privacy
Health care confidentiality and privacyHealth care confidentiality and privacy
Health care confidentiality and privacysawanda
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?TriageLogic
 
Imac 2011
Imac 2011Imac 2011
Imac 2011sebmojo
 
Clinical research ethics and regulation
Clinical research ethics and regulationClinical research ethics and regulation
Clinical research ethics and regulationRoger Watson
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa trainingGina Ruggiero
 
EU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection RegulationEU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection RegulationErik Vollebregt
 
Hot materials hippa
Hot materials hippaHot materials hippa
Hot materials hippaWork Aholic
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2martykoepke
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Confidentiality Awareness
Confidentiality AwarenessConfidentiality Awareness
Confidentiality Awarenessitchomecare
 
HIPAA Privacy for Employers 101
HIPAA Privacy for Employers 101HIPAA Privacy for Employers 101
HIPAA Privacy for Employers 101benefitexpress
 
Media_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMedia_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMichelleSaver
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentationAlan Teh
 
MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014Infodec Communications
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 

Similar to Technology, policy, privacy and freedom (20)

PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy Guidelines
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
Health care confidentiality and privacy
Health care confidentiality and privacyHealth care confidentiality and privacy
Health care confidentiality and privacy
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?
 
Imac 2011
Imac 2011Imac 2011
Imac 2011
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Clinical research ethics and regulation
Clinical research ethics and regulationClinical research ethics and regulation
Clinical research ethics and regulation
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa training
 
EU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection RegulationEU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection Regulation
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
Hot materials hippa
Hot materials hippaHot materials hippa
Hot materials hippa
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Confidentiality Awareness
Confidentiality AwarenessConfidentiality Awareness
Confidentiality Awareness
 
HIPAA Privacy for Employers 101
HIPAA Privacy for Employers 101HIPAA Privacy for Employers 101
HIPAA Privacy for Employers 101
 
Media_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMedia_644046_smxx (1).pptx
Media_644046_smxx (1).pptx
 
Hipaa 2012
Hipaa 2012Hipaa 2012
Hipaa 2012
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
 
MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 

More from G Prachi

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architectureG Prachi
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security modelsG Prachi
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02G Prachi
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01G Prachi
 
Basic web security model
Basic web security modelBasic web security model
Basic web security modelG Prachi
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Administering security
Administering securityAdministering security
Administering securityG Prachi
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Program security
Program securityProgram security
Program securityG Prachi
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Information security introduction
Information security introductionInformation security introduction
Information security introductionG Prachi
 

More from G Prachi (20)

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Administering security
Administering securityAdministering security
Administering security
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
Program security
Program securityProgram security
Program security
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Technology, policy, privacy and freedom

  • 1. Technology, Policy, Privacy and Freedom (Unit-6)
  • 2. Contents • Medical Privacy Legislation, Policies and Best Practices • Examination of Privacy matters specific to World Wide Web • Protection provided by the freedom of Information Act or the requirement for search warrants
  • 3. Medical Privacy Legislation, Policies and Best Practices
  • 4. Legislation 1. State Laws • Different states separately regulate the privacy of healthcare information. • “Covered entity” more broadly includes virtually anyone or any entity coming into contact with PHI. • This definition comes into play particularly with marketing and re- identification, both of which require individual consent under the law.
  • 5. Legislation 2. Sanctions and Penalties • Potential sanctions, in order of ascending severity: verbal/written warnings, probation, suspension, transfer, or termination of employment. • Penalties: Monetary penalty amounts. • Individuals, including employees of covered entities or business associates, may be criminally liable or subject to imprisonment.
  • 6. Policies 1. Protecting Privacy of Patient Information: • Only share patient information with other faculty and staff who need the information to do their job. • Avoid accessing a patient’s record unless you need to do so for your job or you have written permission from the patient. • Do not access the record of your co-worker, spouse, or family member unless there is written authorization in the patient’s record.
  • 7. Policies 2. E-MAIL: • Never send unencrypted information over the Internet that you would not place on a billboard. • You cannot control how a message you generate is forwarded or shared after you hit the “Send” button! • Never use the full nine-digit social security number in an electronic message unless the message has been encrypted or otherwise secured! • Do not use a patient’s full name associated with specific health information (e.g. reason for visit, diagnosis, procedures, or test results).
  • 8. Policies 3. Telephone and Fax Precautions: • Only speak to the patient (or parent); • Do not leave message with identifying information; • Do not give your personal phone number; • Check fax number (more than once); • Fax with a permission form; • Use a cover sheet; • Check to see if the fax was received; • Do not fax plans, logs, reports to supervisors unless absolutely necessary and only if information is de-identified.
  • 9. Policies 4. Files: • Store patient files, CDs/USB drives containing PHI and video/audiotapes in a locked file cabinet. • Never store PHI on personal hard drives. • Never take from clinic unless to off-site assessment and then you must immediately return the files.
  • 10. Best Practices • Do not use patient’s whole name in earshot of others; • Cover charts so patient name is not visible; • Do not leave records & other PHI unattended; • Screen computers or locate so others cannot read the screen; • Keep secure patient reports and appointment schedules; • Back up disks; • Reports prepared on home computers must be prepared in de-identified format; • All reports sent as email attachments must be de-identified; • Video/audio tapes must be erased or destroyed before clinician graduates, unless being preserved in master patient file at the clinic for archival purposes.
  • 11. Examination of Privacy matters specific to the World Wide Web
  • 12. Points to ponder • Collection Limitation -There should be limits to the collection of personal data, and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. • Data Quality - Personal data should be relevant to the purposes for which they are to be used, and to the extent necessary for those purposes, should be accurate, complete, and kept updated. • Purpose Specification - The purposes for which personal data are collected should be specified not later than at the time of data collection, and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes, and as are specified on each occasion of change of purpose. • Use Limitation - Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified in accordance with [the Purpose Specification] except: • with the consent of the data subject; or • by the authority of law.
  • 13. Points to ponder • Security Safeguards - Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data. • Openness - There should be a general policy of openness about developments, practices, and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. • Individual Participation - An individual should have the right to know whether a data controller has data relating to him/her, to obtain a copy of the data within a reasonable time in a form that is intelligible to him/her, to obtain a reason if the request for access is denied, to challenge such a denial, to challenge data relating to him/her, and, if the challenge is successful, to have the data erased, rectified, completed, or amended. • Accountability - A data controller should be accountable for complying with measures, which give effect to the principles stated above.
  • 14. Protections provided by the Freedom of Information Act or the requirement for search warrants
  • 15. Points to ponder • Right to access Health records, subject to specific and limited exemptions. • Personal privacy is protected as the FOIP Act regulates the way an organization collects, uses, and discloses personal information. • Right to access information that an organization has about the patient. • Right to request a correction of information that an organization has about the patient. • Right to request an independent review of decisions made by the organization.
  • 16. Points to ponder • The practice is often asked for information about patients from insurance companies or solicitors. On no account will any information be given without the patient's written consent. • Information about a patient's medical condition will only be passed to other health professionals to help with treatment. • Staff at the surgery have access to personal information on a need-to-know basis only and are bound by rules relating to patient confidentiality.