Tips for creating Effective & HIPPA compliant mobile.pptx
HCS485 final Tech Data Security Chg Technology of HC 5
1. Technical Data
Security in the
Changing
Technology of
Health Care.
By: Maile Andrus
HCS/483
April 6, 2015
Tanita Durant
2. Introduction
• How has technology changed?
• What new laws have been introduced in Health Care?
• What are some important needs in security in regards to the new
laws?
• Will the security levels put in place today work tomorrow?
• Will Management be able to determine any future needs in
security of Health Care Data?
• What kind of training and information will the staff need to know
and complete now and in the future to protect this Data the age of
computers and technology?
• Will the new EMR and EHR continue to change along with security
needs?
3.
4. Securing Medical Records withTechnology
• Information in an orderly and timely manner
• Less Duplicated files per patient
• Works to reduce document loss
5. Medical RecordsTransfers and storage changes over time
How to Keeping Files under Secured Conditions
• Flash Drives or Mini Storage
• When using such devises what can
happen?
• What can a breach like this mean for
the company or Medical Facility?
• When do you need to be notified of
a Breach?
• Who needs to be notified?
• What and how with this have been
prevented?
6. How and when there is a Break Down in
Information
Technology Data Security in Health Care
• When Management fails to review
employees work on a regular basis
there is breakdown.
• Lack of communication can create a
breakdown in security with costly
effects
• When there is a breakdown in
technological security patients
information is put at risk.
• Patients lose trust and respect for the
doctor, staff and facility as a whole.
7. HIPAA
• Do you and your facility use the
internet?
• Do you have your facility listed on
social media?
• Do your staff members use social
media? (at work for work?)
• In asking these questions we wanted
to know just what kind of security
system and measures your facility has
already put in place and what needed
to be changed or improved upon.
8. How do you up hold the
ethical standards of the
facility in regards to
Social Media ?
Do your staff members
use social media? (at
home and at work)
What is your policy
about social media site
usage or personal cell
phone and electronics
use in the work place?
Other ways can Breaches accrue in a technology based Health Care
System?
9. How is information
shared and with
Whom?
• Your Patients is Information
Security
• Access information based on
need to know
• What can be accessed securely
for the care of the patient?
• How sharing patients
information and for what
purpose is more secure?
• How it will help maintain HIPAA
Laws and regulations?
10. Conclusion
This scenario opened the city, the lab as well as the staff members up to
prosecution, fines to the faculty as well as the city. The cost for loosing this
information for the number of individual patients could have reached into the
hundred millions of dollars. This is why management has to be consistently
involved in the security of Data in a technological age such as this. AsTechnology
continues to grow the breached can become more frequent as well as advanced
by such things as cyber-attacks and computer hackers.
Keeping the Management in the need to know and reporting any breaches in
HIPAA Laws and Security of patient information I critical and has to be made a
higher priority when you are integrating information Security in aTechnologic
age like this and in Health Care.
11. References
Barrett,T. (2013, November 16). Mayor of the City of Milwaukee. Milwaukee employee information stolen, Mayor Barrett outraged. (M. Lowe,
Interviewer)
http://fox6now.com/2013/11/16/milwaukee-employee-information-stolen-mayor-barrett-outraged/#ooid=lqc3FjaDr_jSfx2okoUdeWoUqOjdI10D.
Milwaukee.
Docter, C. (2013, November 16). Milwaukee employee information breached when car stolen. Retrieved from http://fox6now.com/:
http://fox6now.com/2013/11/15/milwaukee-employee-information-breached-when-car-stolen/
Gomez-Meija, L. B. (2012). Managing Human Resources. In L. B. Gomez-Meija, Managing Human Resources (7 ed.). Upper Saddle River, N.J.:
Prentice Hall.
Keller, A. (2007, June 01). Electronic health records;Technological change. FloridaTrend, 50(2), p. 28.
Kinneer, J. (2013, November 9). Functional roles of human resources. . Retrieved from https://www.youtube.com/watch?v=lT6cbldOzjQ
M.J.Green, A. (2011). Essentials of Health Information, Management: Principles and Practices, Second Edition. (2).
Mercuri, R. (2004).The HIPAA-potamus in Health Care Data Security. SecurityWatch, 47(7), 25-28.
Thompson, J. M. (2011, 2). Effective Communication Paper . Retrieved from StudyMode.com: http://www.studymode.com/essays/Hcs-325-
Effective-Communication-Paper-608428.html
Tomes, J. P. (2007). Management of HIPAAComplianceTakes onIncreased Importance with Criminal Enforcement. Journal of Health Care
Compliance.
Technical Data Security in the Changing Technology of Health Care.
By: Maile Andrus
HCS/483
April 6, 2015
Tanita Durant
Good Morning ladies and gentlemen than you for inviting me to discuss and present what technical Data Security will continue to grow with the ever changing needs in Health Care.
We will look at how over the years the technology has changed and the need for improving security as it relates to Data as Health Care continues to change and grow in technology. We will be covering some of the basic questions that you have asked.
I will also show why it is so important in having management involved in the creation of technological Data Security is a must. If the Management is involved from the inception of health care data information security it will help to keep the cost down that can later accrue due to the breach of information and HIPAA Laws. For an example of what can happen to information in the technological age of computer in health care we only have to look at the recent breach of patient information that happened in Milwaukee, Wisconsin in October 2013.
How has technology changed in Health Care? (Computers, Electronic medical devices, EMR, use of social media and internet)
What new laws have been introduced in Health Care? (HIPAA)
What are some important needs in security in regards to the new laws? ( patient privacy, confidentially of both personal and medical information, sharing privileged information with others in health care in a safe and secure manor, as well as advanced directives)
Will the security levels put in place today work tomorrow? (Firewalls, encryptions, passwords, and signed confidentiality letters of acknowledgement by all medical and facility staff members)
Will Management be able to determine any future needs in security of Health Care Data? Management should be able to determine when and if staff members should be given authorization to highly restricted and confidential information based on their position and responsibilities, they should also be able to determine if at any time there is a breach in security measures put into place.)
What kind of training and information will the staff need to know and complete now and in the future to protect this Data the age of computers and technology?
Will the new EMR and EHR continue to change along with security needs?
To understand the changes in technology and health care needs is the keys to choosing the right system that will work for your organization.
From the introduction of computers in health care in approximately 1970, there has been a need for education and training with the computer technology and tools that medical professional use to help diagnosis patients illnesses
When first develop in the 1970’s in forms of modern medical machines to help diagnosis and determine illnesses there was little to protect the information as it was gathered and in many cases the tracking of the patients information, or results would be lost or misplaced as the loss (Hard Copies) would change hands numerous times and then would not be kept with the patients files, examples would be x-ray’s or CT scan results would be stored in a different filing system or location from the patients file it’s self.
As well as having loss or duplicate files for a patient because the file would be under a different name for example the patient would get married, or that the patient was a child and the information because they were a minor would be kept under the parents or guardians name. Knowing that this was a problem for years Health Care facilities began to convert to a safer, more organized system by moving to a computer based informational system. Still more needs to be done.
With The new technology and security standards computers makes this a thing of the past unless there are breaches in security and patients protected information. In the technological age that we live in and with continuing advancements there is a grater need for security and for management to monitor and record security measures that have been taken and that are being implemented.
Image can be located at:
http://www.lawtechtv.com/.a/6a00d8341e18e853ef0154327b9d6d970c-800wi
Securing Medical Records with Technology
Over the years you can see a clear change and shift into a more secure system
1-Integrating file indexes
Electronic medical records reduce patient errors
With this system integration we can get real time results from one facility to another based on a secured network that links medical tests and treatments to one individual based on a single account number tied to that single individual. (Keller, 2007)
2-Numeric
3-Alphabetic
Keeping records in chronological order made easy.
While each record is tied to a single individual each test or encounter from labs, to x-rays even to surgery is also tied to that individual by their own specific number but each encounter will receive its own number specific to that departments or physician’s office and findings and can be entered at the time of the encounter so that the latest and most current information is available and easy to find. (M.J.Green, 2011)
4-Electronic Medical Records
Examples of the electronic medical records system and the electronic maintenance software that our office will be using. (Keller, 2007)
Information in an orderly and timely manner
On the image above you can clearly see there have been a great deal of changes in technology in the area computers and medical records since computers in administration was first established in health care. With these advancements there have been a continued and growing need for security to increase in health care especially since the Federal Government created Health Information and Privacy Accountability Act or (HIPAA) in 1996. The passing of HIPAA and it’s implementation, information security in the technical age was pushed to the forefront of Health Care as we all know.
Works to reduce document loss
Now with the advancements of electronic medical records or (EMR) and Electronic Health Records or (EHR), security levels have again needed to be updated and heightened, because there is a growing treat that patients personal and medical information can be breached by not only hi-tech computer hackers, but by staff members that share information either intentionally or accidentally.
Less Duplicated files per patient
Because as you know what can go wrong will go wrong because life does not stop and neither does technology. As the image from slide one states “Life happens when you are planning for the Future!”
Image can be found at ;
http://www.ecoinsite.com/wp-content/uploads/2011/05/patient_records.jpg
http://ocw.mit.edu/courses/health-sciences-and-technology/hst-921-information-technology-in-the-health-care-system-of-the-future-spring-2009/hst-921s09.jpg
http://healthinformatics.wikispaces.com/file/view/x-veterinary-topic-software-avimark.gif/32415837/251x187/x-veterinary-topic-software-avimark.gif
http://upload.wikimedia.org/wikipedia/en/0/0f/VistACPRScover.png
Medical Records Transfers and storage changes over time How to Keeping Files under Secured Conditions
Medical Records Transfer storage change overtime
Even when the information or records are leaving one office to another storage and transportation of this information has changed as well over the years. (Mercuri, 2004)
Once medical information was emailed or sent by curriers in a plan manila envelope from one doctor’s office or facility to another. As we all know that really isn’t or didn’t keep files safe or secure. (Gomez-Meija, 2012) Today with the electronic age storage and transfer of a patient’s medical record and information can now be stored on or burnt to CD-ROM and personal flash drives that are encrypted and protected by the coding that is embedded into the records that can only be read by another computer that has an EHR or EMR system in place. (Mercuri, 2004)
Clinics-Integrated Systems and Security Updates
Indexes for Health Care information processing with and the new Epic System
Flash Drives – mini storage devices
When using such devises what can happen?
Example of why there is concern in using such devices would be the case of the laboratories that the Milwaukee, Wisconsin County had been using.
What can a breach like this mean for the company or Medical Facility?
Safety of patient security in the technological age and an age where storage devices are getting small and can hold an enormous amount of information I look again to the article and the information that was lost and how Milwaukee had to deal with the compliance of HIPAA laws and regulations as it pertains to patients, personal or sensitive medical information the Milwaukee Mayor Barrett was holding a press conference on the loss of approximately six thousand (6000) of the city workers medical and personal records information along with about another three thousand (3000) none city employees. The patient and city workers information was on a flash drive and located in one of the employee’s purses vehicle when the vehicle was stolen (Barrett, 2013) .
When do you need to be notified of a Breach?
Who needs to be notified?
While the loss of the flash drive with the patients’ medical history and personal information was stolen when the medical contractor used by the city on behave of the city’s wellness program is unthinkable, that was nothing compared to the revelation that the information was just not lost the loss was covered up by the medical laboratory for close to 25 days. The employees vehicle was not just stolen last week but back on October 22, 2013, and the employee and facility just notified the Mayor and other city officials creating even more questions on how something like this could happen and what do the individuals go from here (Docter, 2013)
What and how with this have been prevented?
The laboratories spokesperson released a statement that said, “in part: Dynacare is committed to maintaining the privacy and security of the personal information it maintains and it deeply regrets any inconvenience this may cause its patients” (Barrett, 2013). They continued by stating they believed that the “car not the flash drive and information was the target of the theft” (Barrett, 2013).
Lets look at what we can do to answer these questions and avoid a breach like this with your faculty.
Image can be located at:
http://www.valiantsolutions.com/images/infosec.jpg
http://www.topnews.in/files/Data-Storage.jpg
It appears that the Mayor is committed to finding out what has happened and how to prevent something like this happening in the future. The Medical facility that the laboratory was hire by is looking into the underlying cause for the sensitive information mishandling and breach in the security protocols that were set in place to avoid the loss of such information.
While the authorities are not saying what sensitive medical information was downloaded on the flash drive, they have stated that all personal information was taken on the city employees such as names, addresses, telephone and social security numbers (Doctor, 2013). With this information it bring perspective as to just how important remaining in compliance with the HIPAA laws truly are. In light of this current breach, the DOJ and the OCR may have to go back and look at some previous cases of HIPAA violations and who is potentially liable for the breach , the individual or the laboratory faculty, there has already been a launch to find out how the breach happened, and while the facility that was linked to the breach will be investigated as will the employee, the authorities will also continue to investigate and locate the person responsible for the theft of the vehicle that flash drive was in at the time it was taken (Tomes, 2007).
Medical staffs from physicians to clerical staff are required to sign confidentiality letters.
However, in the example given above there was clearly a break down in the protocols in the resent incident here in Wisconsin and the city workers information however, while all patient information is important to keep in confidence and secure there are some medical conditions that if would be released without the consent of each specific individual that can end up being more detrimental to the patients further ability to maintain or obtain insurance.
Knowing what we have learned from the above case it is important that the staff member or members that create the breach or break HIPAA laws creating a violation there are fines and penalties are imposed that can be quite costly to the facility or the individuals responsible or both some fines can be as much as two hundred and fifty thousand dollars ($250,000.00) (Mercuri, 2004) and depending on the severity of the breach jail time can be assessed as well up to and including a ten (10) year jail term for each violation (Tomes, 2007). To impose fines and penalties should help to reduce a lack of compliance with the new electronic medical records systems that are being implemented into every medical office and facility throughout the country.
When Management fails to review employees work on a regular basis there is breakdown.
Lack of communication can create a breakdown in security with costly effects
When there is a breakdown in technological security patients information is put at risk.
Patients lose trust and respect for the doctor, staff and facility as a whole.
Image can be found at;
Clip Art:
C:\Users\Maile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATV38SSX\zdST6[1].png
HIPAA
This is why when you first contacted my company we asked you a few questions simple questions such as:
Do you and your facility use the internet?
As the facility grows and shares information about the faculty itself to create and foster new patients to come to the faculty from information that is found on the Internet opens up the facility to potential information loss if the security measures do not meet all the state and Federal HIPAA laws.
Internet-Based medical networks that hold personal or privilege information will be for the use of the medical facilities and doctors can share information between offices to ensure the proper care and needed medical care is given to the patient no matter what the medical or treatment need is commendable and needed the security measure seem to fall short creating the ability for other services, or even individuals to obtain the personal information of others which puts the patients personal and medical privacy at risk. (Mercuri, 2004)
Do you have your facility listed on social media?
Do your staff members use social media? (at work for work?)
In asking these questions we wanted to know just what kind of security system and measures your facility has already put in place and what needed to be changed or improved upon.
All other information about the facility should be on completely different servers so that the patients information can be secured and housed behind firewalls and password protected. This will add to the facility ability to keeping in compliance on both state and federal laws regarding the HIPPA laws and privacy between patients and their doctors there needs to be strict rules and regulation added when it comes to the security of information that can be shared. (Jon M. Thompson, 2012) Such as medical records and social security number information needs to be encoded and secured through a series of passwords, encryptions before it is accessible through e-mail links provided by the patients main or primary care physician to another facility or hospital. Which will help each patient feel secure that there information is not available for anyone to find or see. (Mercuri, 2004)
Image can be located at:
http://www.ists.dartmouth.edu/images/hit_security-logo.jpg
Other ways can Breaches accrue in a technology based Health Care System?
How do you up hold the ethical standards of the facility in regards to Social Media ?
In the technology age that we live in it is very important that each staff member up holds the ethical standards and the patients right to privacy. Being able to do this requires an understanding of the companies privacy policies and the use of personal electronics and social media while on the clock or while on a work computer. Ethical standards are set to reduce the potential for a law suit as well as fines at a state or federal level. For example you can not talk badly about a patient or their specific medical problems of issues that pertain to any patient, family member or finances of any and you should never speak or post any pictures or names or information of a patient on any personal media site.. When it fails to protect the information that is privileged an individual that breaks the ethical bonds of confidentiality has no ethics. An example of unethical behavior would be to discuss another individual’s medical history with another person, patient or insurance company, and then except money in exchange for that information (Valerius, 2014).
Do your staff members use social media? (at home and at work)
For example you can not talk badly about a patient or their specific medical problems of issues that pertain to any patient, family member or finances of any and you should never speak or post any pictures or names or information of a patient on any personal media site.. When it fails to protect the information that is privileged an individual that breaks the ethical bonds of confidentiality has no ethics. An example of unethical behavior would be to discuss another individual’s medical history with another person, patient or insurance company, and then except money in exchange for that information (Valerius, 2014).
What is your policy about social media site usage or personal cell phone and electronics use in the work place?
These are all things that you need to ask and address with staff old and new alike keeping them up-to-date and communicating the need for them to follow your rules, there is not use of personal cell phones unless you are on break and away from your computer. You can not plug in any personal electronic device into the computer to charge or to listen to music, as it can open up the system to the possibility of Hackers, and a breach in the personal, financial and medical information that is stored on the system.
Image can be found at :
http://lindsayolson.com/wp-content/uploads/2014/09/socialmedia2.jpg
http://www.cs.cornell.edu/courses/cs1130/2008fa/module1/assignments/a1computervirus/Computer_Worm.jpg
http://kingofgng.com/media/20090406_rootkit.jpg
http://lindsayolson.com/wp-content/uploads/2012/02/Got-ethics2.jpg
How is information shared and with Whom?
As you can see from the above chart there is a need for security from the second there is contact with a patient or potential patient. With the platform or security model that we are looking at for your security and that of the patients security in health care.
Your Patients is Information Security
Access information based on need to know
What can be accessed securely for the care of the patient?
How sharing patients information and for what purpose is more secure?
How it will help maintain HIPAA Laws and regulations?
With holding to the HIPAA laws and regulation medical compliance has come a long way to reducing leaks in information and reducing the liability of the provider such as yourself and the facility as a whole.
Image can be found at:
http://healthinformatics.wikispaces.com/file/view/hvault2.gif/276387938/485x425/hvault2.gif
This scenario opened the city, the lab as well as the staff members up to prosecution, fines to the faculty as well as the city. The cost for loosing this information for the number of individual patients could have reached into the hundred millions of dollars. This is why management has to be consistently involved in the security of Data in a technological age such as this. As Technology continues to grow the breached can become more frequent as well as advanced by such things as cyber-attacks and computer hackers.
Keeping the Management in the need to know and reporting any breaches in HIPAA Laws and Security of patient information I critical and has to be made a higher priority when you are integrating information Security in a Technologic age like this and in Health Care.
References:
Barrett, T. (2013, November 16). Mayor of the City of Milwaukee. Milwaukee employee information stolen, Mayor Barrett outraged. (M. Lowe, Interviewer) http://fox6now.com/2013/11/16/milwaukee-employee-information-stolen-mayor-barrett-outraged/#ooid=lqc3FjaDr_jSfx2okoUdeWoUqOjdI10D. Milwaukee.
Docter, C. (2013, November 16). Milwaukee employee information breached when car stolen. Retrieved from http://fox6now.com/: http://fox6now.com/2013/11/15/milwaukee-employee-information-breached-when-car-stolen/
Gomez-Meija, L. B. (2012). Managing Human Resources. In L. B. Gomez-Meija, Managing Human Resources (7 ed.). Upper Saddle River, N.J.: Prentice Hall.
Keller, A. (2007, June 01). Electronic health records; Technological change. Florida Trend, 50(2), p. 28.
Kinneer, J. (2013, November 9). Functional roles of human resources. . Retrieved from https://www.youtube.com/watch?v=lT6cbldOzjQ
M.J.Green, A. (2011). Essentials of Health Information, Management: Principles and Practices, Second Edition. (2).
Mercuri, R. (2004). The HIPAA-potamus in Health Care Data Security. Security Watch, 47(7), 25-28.
Thompson, J. M. (2011, 2). Effective Communication Paper . Retrieved from StudyMode.com: http://www.studymode.com/essays/Hcs-325-Effective-Communication-Paper-608428.html
Tomes, J. P. (2007). Management of HIPAA Compliance Takes onIncreased Importance with Criminal Enforcement. Journal of Health Care Compliance.