Mha 690 discussion 2 Seynabou


Published on

Training staff on HIPAA regulations and Health information security

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mha 690 discussion 2 Seynabou

  1. 1. MHA 690: Health Care Capstone Instructor: Dr. Hwang-ji Lu Health Care Capstone Created by: Seynabou Ndiaye Monday, September 23rd, 2013
  2. 2. Introduction • The need to store electronic health information have raised concerns about the privacy of patients and the security of the data collected. • Ensuring adequate protection of confidentiality and integrity of patients’ information while at the same time making the information readily available to all authorized healthcare providers has been a dilemma for healthcare organizations. • In 1996, the United States Congress passed the Health Insurance Portability and Accountability Act (HIPAA) to protect the freedom, security, privacy and confidentiality of individuals. • Health information data consists of extremely sensitive information, the security of this information has been an important issue since health care information systems have been in use.
  3. 3. Introduction Continued • The increasing need for exchange of healthcare information within the healthcare industry have revealed issues with system and applications interoperability. • The interoperability of systems can be improved by developing Health information security standards for all healthcare organizations • The goal of Health Information Management Systems Society is to have all health organizations who use, send or store health information to meet the requirements for confidentiality, integrity and availability and accountability using sound risk management practices based on recognized standards and protocols by 2014.
  4. 4. Challenges of managing Health Information Systems • Liability issues • Ethical issues • Security issues • Data access and storage • Ownership of data • Controlling and Monitoring employees behaviors • Ensuring compliance with HIPAA and other standards of patient privacy and confidentiality • Lack of interoperability of systems and applications
  5. 5. Research Sources • Research revealed that there are two categories of security concerns when using Electronic Health information : Inappropriate release of patient information by health organizations and concerns about the flow of information across the healthcare industry. • Technological security tools are available and they serve five key functions: 1. Availability 2. Accountability 3. Perimeter identification 4. Controlling access 5. Comprehensibility and control
  6. 6. Research sources Continued • Health Information Portability and Accessibility Act provide a basic framework for handling health information • The healthcare industry recognized the need for more guidance in protecting health information • Healthcare providers have access to a range of technical and organizational practices that can help protect patients’ health information
  7. 7. Health Insurance Portability and Accountability Act • In the light of increasing sharing of patient information within the healthcare industry, the HIPAA rulings were developed to protect the freedom, security, privacy and confidentiality of Individuals • “In, 1996, Congress passed Public law 104-191 , otherwise known as HIPAA” (Tan, 2010, pg 281) • HIPAA required the Department of Health and human services to establish new guidelines, key principles and national standards for handling electronic health transactions. • Adherence to these HIPAA imposed principles, guidelines and standards is required from all healthcare Professionals and all healthcare entities in the US.
  8. 8. HIPAA continued • HIPAA protects all personal health information either stored on paper or electronically, located in any US-based health organization, regardless of the source of this information. • HIPAA requires that healthcare organizations educate their employees on how to respect and safeguard the privacy and confidentiality of the information collected from patients. • Given the current and future advances in data interchange technology, HIPAA establishes strategies for health organizations to stay in compliance with the federal law
  9. 9. Recommendations for Health Information Systems Security Establish Security Policies and Procedures for healthcare organizations Protecting the confidentiality and integrity of patients’ information. Train healthcare employee thoroughly on HIPAA regulations and compliance  Monitoring and enforcing guidelines and regulations Control and Monitor employee behaviors Technical solutions include using role-based access control, encryption and authentication mechanisms
  10. 10. Conclusion • New technologies are being incorporated in the Healthcare Information systems to improve care management and coordination of patients’ care. • There are many benefits to the use of new technologies but there are also privacy and security issues associated with the use of these technologies. • Health information security and patient privacy have been a very important issue in healthcare environments • There are many technical mechanisms available to guarantee privacy, confidentiality and data security as well as policies, practices and procedures that can be put in place to protect patients’ Information • Security law, which is a component of HIPAA can help build a relationship based on trust Between patients and their healthcare providers.
  11. 11. References • Albena, R. I., & Susan Meyer-Goldstein. (2013). Impact of standards adoption on healthcare transaction performance: The case of HIPAA. International Journal of Production Economics, 141(1), 277. Retrieved from • Hagland, M. (1997). Confidence and confidentiality. Health Management Technology, 18(12), 20-2, 24, 56. Retrieved from • Klein, R. (2007). Internet-based patient-physician electronic communication applications: Patient acceptance and trust. E - Service Journal, 5(2), 27-38,40-51. Retrieved from • McGraw, D., Dempsey, J. X., Harris, L., & Goldman, J. (2009). Privacy as an enabler, not an impediment: Building trust into health information exchange. Health Affairs, 28(2), 416-27. Retrieved from • Tan, J.K.H. (2010). Adaptive Health Management Information Systems (3rd ed.) Sudbury: Jones and Bartlett. ISBN: 9780763756918. • Thomas, C. R. (1997). Privacy, information technology, and health care. Association for Computing Machinery. Communications of the ACM, 40(8), 92-100. Retrieved from