Geek Sync | Keep your Healthcare Databases Secure and CompliantIDERA Software
You can watch the replay for this Geek Sync webcast, Keep your Healthcare Databases Secure and Compliant, on the IDERA Resource Center, http://ow.ly/fGPj50A4scr.
One of the most significant concerns for healthcare organizations today is the protection of patient information. Patients expect their healthcare providers to keep personal information safe and secure, whether it is submitted through written or electronic means. Unless healthcare organizations uphold high security standards, they will lose the trust of their patients. As such, healthcare providers are being held accountable to ensure that they are not the weakest link in the security path.
No matter what technologies healthcare organizations use within their operations, they must protect the patients’ Personally Identifiable Information (PII) in their databases or risk penalties and fines due to data breaches and inappropriate use of patient details. With healthcare regulations such as HIPAA enforcing compliance, healthcare organizations must follow specific protocols to ensure data privacy and security. Join IDERA’s Stan Geiger and Kim Brushaber to learn about the data protection challenges that healthcare organizations face and how to ensure that healthcare databases are secure and compliant.
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
The majority of changes to HIPAA have been introduced and strengthened by the recent passage of the HITECH and Omni-bus rules.
ControlCase HIPAA Compliance as a Service (CaaS)
is an Integration of services, software and compliance management and reporting for HIPAA, PCI, ISO 27001/2, SSAE16 and SAP through our cloud-based GRC.
There are real life consequences for organizations that do not integrate privacy and security throughout the continuum of HIT adoption, including health information breaches that could result in identity theft, financial loss and even altered records that can impact patient safety. Joy Pritts, Chief Privacy Officer at the Office of the National Coordinator for Health IT, whose office is directly engaged with these issues, will lead an interactive keynote discussion on ways to build a culture of privacy and security in healthcare organizations.
Geek Sync | Keep your Healthcare Databases Secure and CompliantIDERA Software
You can watch the replay for this Geek Sync webcast, Keep your Healthcare Databases Secure and Compliant, on the IDERA Resource Center, http://ow.ly/fGPj50A4scr.
One of the most significant concerns for healthcare organizations today is the protection of patient information. Patients expect their healthcare providers to keep personal information safe and secure, whether it is submitted through written or electronic means. Unless healthcare organizations uphold high security standards, they will lose the trust of their patients. As such, healthcare providers are being held accountable to ensure that they are not the weakest link in the security path.
No matter what technologies healthcare organizations use within their operations, they must protect the patients’ Personally Identifiable Information (PII) in their databases or risk penalties and fines due to data breaches and inappropriate use of patient details. With healthcare regulations such as HIPAA enforcing compliance, healthcare organizations must follow specific protocols to ensure data privacy and security. Join IDERA’s Stan Geiger and Kim Brushaber to learn about the data protection challenges that healthcare organizations face and how to ensure that healthcare databases are secure and compliant.
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
The majority of changes to HIPAA have been introduced and strengthened by the recent passage of the HITECH and Omni-bus rules.
ControlCase HIPAA Compliance as a Service (CaaS)
is an Integration of services, software and compliance management and reporting for HIPAA, PCI, ISO 27001/2, SSAE16 and SAP through our cloud-based GRC.
There are real life consequences for organizations that do not integrate privacy and security throughout the continuum of HIT adoption, including health information breaches that could result in identity theft, financial loss and even altered records that can impact patient safety. Joy Pritts, Chief Privacy Officer at the Office of the National Coordinator for Health IT, whose office is directly engaged with these issues, will lead an interactive keynote discussion on ways to build a culture of privacy and security in healthcare organizations.
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
All healthcare providers should have enough knowledge and sufficient information to understand the potential risk, which can lead to a breach in the Jordanian health information system (Hakeem program). This study aims to emphasise the importance of sharing sensitive health information among healthcare providers, create laws and regulations to keep the electronic medical records secure, and increase the
awareness about health information security among healthcare providers. The study conducted seven interviews with medical staff and an information technology technician. The study results showed that sharing sensitive information in a secure environment, creating laws and regulations, and increasing the
awareness about health information security render the electronic medical records of patients more secure and safe
The Health Insurance Portability and Accountability Act Kartheek Kein
HIPAA is the acronym of the Health Insurance Portability and Accountability Act of 1996. The main purpose of this federal statute was to help consumers maintain their insurance coverage, but it also includes a separate set of provisions called Administrative Simplification.
Agenda
• Discuss how to handle patient communications
• Explain the issues involved with using Social Media
• Discuss how Social Media can work under HIPAA
• Identify guidance from HHS on patient communications
• Show what’s needed in a Social Media Policy
• Show the process that must be used in the event of breach
• Preparing for enforcement and auditing
• Learn how to approach compliance
Part of the "2016 Annual Conference: Big Data, Health Law, and Bioethics" held at Harvard Law School on May 6, 2016.
This conference aimed to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S.
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School 2016 annual conference was organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich.
Learn more at http://petrieflom.law.harvard.edu/events/details/2016-annual-conference.
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
Patient information recorded in electronic medical records is the most significant set of information of the healthcare system. It assists healthcare providers to introduce high quality care for patients. The aim of this study identifies the security threats associated with electronic medical records and gives
recommendations to keep them more secured. The study applied the qualitative research method through a case study. The study conducted seven interviews with medical staff and information technology technicians. The study results classified the issues that face electronic medical records into four main categories which were availability, accessibility, privacy, and safety of health information.
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chair, Patient Privacy Rights, ase Study “Considerations and Opportunities: Will Digital Health Data and Patient Altruism Transform Healthcare Research?”
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
All healthcare providers should have enough knowledge and sufficient information to understand the potential risk, which can lead to a breach in the Jordanian health information system (Hakeem program). This study aims to emphasise the importance of sharing sensitive health information among healthcare providers, create laws and regulations to keep the electronic medical records secure, and increase the
awareness about health information security among healthcare providers. The study conducted seven interviews with medical staff and an information technology technician. The study results showed that sharing sensitive information in a secure environment, creating laws and regulations, and increasing the
awareness about health information security render the electronic medical records of patients more secure and safe
The Health Insurance Portability and Accountability Act Kartheek Kein
HIPAA is the acronym of the Health Insurance Portability and Accountability Act of 1996. The main purpose of this federal statute was to help consumers maintain their insurance coverage, but it also includes a separate set of provisions called Administrative Simplification.
Agenda
• Discuss how to handle patient communications
• Explain the issues involved with using Social Media
• Discuss how Social Media can work under HIPAA
• Identify guidance from HHS on patient communications
• Show what’s needed in a Social Media Policy
• Show the process that must be used in the event of breach
• Preparing for enforcement and auditing
• Learn how to approach compliance
Part of the "2016 Annual Conference: Big Data, Health Law, and Bioethics" held at Harvard Law School on May 6, 2016.
This conference aimed to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S.
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School 2016 annual conference was organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich.
Learn more at http://petrieflom.law.harvard.edu/events/details/2016-annual-conference.
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
Patient information recorded in electronic medical records is the most significant set of information of the healthcare system. It assists healthcare providers to introduce high quality care for patients. The aim of this study identifies the security threats associated with electronic medical records and gives
recommendations to keep them more secured. The study applied the qualitative research method through a case study. The study conducted seven interviews with medical staff and information technology technicians. The study results classified the issues that face electronic medical records into four main categories which were availability, accessibility, privacy, and safety of health information.
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chair, Patient Privacy Rights, ase Study “Considerations and Opportunities: Will Digital Health Data and Patient Altruism Transform Healthcare Research?”
Data security and Privacy in Clinical Research -Compliance and Best Practices...ClinosolIndia
Data security and privacy are crucial considerations in clinical research to protect the confidentiality and integrity of participant data. Compliance with relevant regulations, such as the General Data Protection Regulation (GDPR) in the European Union and the Health Insurance Portability and Accountability Act (HIPAA) in the United States, is essential. Here are some key aspects of data security and privacy in clinical research, along with best practices to ensure compliance
Doug Copley presented on cybersecurity challenges in healthcare including threats, trends in healthcare, practical steps and building security without boundaries.
Part of the "2016 Annual Conference: Big Data, Health Law, and Bioethics" held at Harvard Law School on May 6, 2016.
This conference aimed to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S.
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School 2016 annual conference was organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich.
Learn more at http://petrieflom.law.harvard.edu/events/details/2016-annual-conference.
Virtual Mentor American Medical Association Journal of Ethi.docxsheronlewthwaite
Virtual Mentor
American Medical Association Journal of Ethics
September 2012, Volume 14, Number 9: 712-719.
STATE OF THE ART AND SCIENCE
Electronic Health Records: Privacy, Confidentiality, and Security
Laurinda B. Harman, PhD, RHIA, Cathy A. Flite, MEd, RHIA, and Kesa Bond, MS,
MA, RHIA, PMP
Health Information Systems: Past and Present
To understand the complexities of the emerging electronic health record system, it is
helpful to know what the health information system has been, is now, and needs to
become. The medical record, either paper-based or electronic, is a communication
tool that supports clinical decision making, coordination of services, evaluation of
the quality and efficacy of care, research, legal protection, education, and
accreditation and regulatory processes. It is the business record of the health care
system, documented in the normal course of its activities. The documentation must
be authenticated and, if it is handwritten, the entries must be legible.
In the past, the medical record was a paper repository of information that was
reviewed or used for clinical, research, administrative, and financial purposes. It was
severely limited in terms of accessibility, available to only one user at a time. The
paper-based record was updated manually, resulting in delays for record completion
that lasted anywhere from 1 to 6 months or more. Most medical record departments
were housed in institutions’ basements because the weight of the paper precluded
other locations. The physician was in control of the care and documentation
processes and authorized the release of information. Patients rarely viewed their
medical records.
A second limitation of the paper-based medical record was the lack of security.
Access was controlled by doors, locks, identification cards, and tedious sign-out
procedures for authorized users. Unauthorized access to patient information triggered
no alerts, nor was it known what information had been viewed.
Today, the primary purpose of the documentation remains the same—support of
patient care. Clinical documentation is often scanned into an electronic system
immediately and is typically completed by the time the patient is discharged. Record
completion times must meet accrediting and regulatory requirements. The electronic
health record is interactive, and there are many stakeholders, reviewers, and users of
the documentation. Because the government is increasingly involved with funding
health care, agencies actively review documentation of care.
The electronic health record (EHR) can be viewed by many users simultaneously and
utilizes a host of information technology tools. Patients routinely review their
electronic medical records and are keeping personal health records (PHR), which
Virtual Mentor, September 2012—Vol 14 www.virtualmentor.org 712
contain clinical documentation about their diagnoses (from the physician or health
care websites).
The.
This presentation discusses how to comply with HIPAA and HITECH privacy laws. Learn key terms such as Protected Health Information, the Privacy Rule and the Security Rule as well as major changes brought by HIPAA and HITECH.
Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...CityAge
The Innovation City: Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourhoods and Achieve Vibrancy, the Ultimate Civic Currency
A Strong Canada Depends on Strong Wireless Networks - Bernard Lord
Ann Cavoukian Presentation
1. Big Data Requires Big Privacy
Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario
The Data Effect
October 19, 2012
2. Presentation Outline
1. Importance of Protecting Personal Health Information
2. Importance of Health Research and Analysis
3. Consequences if Inadequate Attention to Privacy
4. Personal Health Information Protection Act (PHIPA)
4. Legislative Safeguards
5. Additional Safeguards that Should be Implemented
6. Privacy by Design: The Gold Standard
7. Conclusions
4. Unique Characteristics of
Personal Health Information
• Highly sensitive and personal in nature;
• Must be shared immediately and accurately among a range
of health care providers for the benefit of the individual;
• Widely used and disclosed for secondary purposes seen
to be in the public interest (e.g., research, health system
planning and evaluation, quality assurance);
• Dual nature of personal health information is reflected
in the health privacy legislation in Ontario.
6. “Big Data”
• Each day we create 2.5 quintillion bytes of data
– 90% of the data today has been created in the past
2 years;
• Big data analysis and data analytics promises new
opportunities to gain valuable insights and benefits;
• However, it can also enable expanded surveillance
and increase the risk of unauthorized use and
disclosure, on a scale previously unimaginable.
7. The Case for Health Research
and Analysis
Health research and analytics are vital in:
• Understanding the determinants of health;
• Informing and improving clinical practice guidelines;
• Identifying and achieving cost efficiencies;
• Facilitating health promotion and disease prevention;
• Assessing the need for health services;
• Evaluating the services provided;
• Allocating resources to the health system;
• Educating the public how to improve their health.
9. Consequences if Inadequate
Attention to Privacy
• Individuals may suffer discrimination, stigmatization
and economic or psychological harm;
• Individuals may be deterred from seeking testing or
treatment or may engage in multiple doctoring;
• Individuals may withhold or falsify information provided;
• Loss of trust or confidence in the health system;
• Damage to the reputation of the health care provider;
• Lost time and expenditure of resources needed to contain,
investigate and remediate privacy breaches;
• Costs of legal liabilities and ensuing proceedings.
11. Recognition of the Value of
Health Research and Analysis
• The Personal Health Information Protection Act (PHIPA)
came into effect on November 1, 2004;
• It recognizes the value of health research and analysis;
• PHIPA permits health care providers to collect, use and
disclose personal health information for purposes beyond
the provision of health care, in appropriate circumstances;
• PHIPA attempts to ensure that these other purposes are
achieved in a manner that minimizes the impact on
privacy.
13. Legislative Framework
with Oversight
• A legislative framework, PHIPA, governs the collection,
use and disclosure of personal health information in the
health sector;
• Section 16 of PHIPA requires health care providers to be
transparent about their information practices, including
their information practices related to research and analysis;
• Section 12 of PHIPA requires health care providers to
notify individuals at the first reasonable opportunity about
privacy breaches – mandatory breach notification;
• Section 56 of PHIPA provides individuals with the right
to complain to my office about contraventions of PHIPA.
14. Order-Making Powers and
Offence Provisions
• My office has broad order-making powers;
• A person affected by a final order issued by my office
may commence a lawsuit for damages for actual harm
suffered as a result of a breach of PHIPA;
• PHIPA also creates offences, such as for wilfully
collecting, using or disclosing personal health
information in contravention of PHIPA;
• On conviction, an individual may be liable for a fine
of up to $50,000 and corporations face fines of up to
$250,000.
15. Data Minimization
• Data minimization is the most important safeguard in
protecting personal health information, including for
purposes for health research and analysis;
• PHIPA prohibits health care providers from collecting,
using or disclosing personal health information if other
information (such as de-identified or anonymized
information) will serve the purpose;
• It also prohibits health care providers from collecting,
using or disclosing more personal health information
than is reasonably necessary to meet the purpose.
16. Dispelling the Myths about
De-Identification…
• The claim that de-identification has no
value in protecting privacy due to the
ease of re-identification, is a myth;
• If proper de-identification techniques
and re-identification risk management
procedures are used, re-identification
becomes a very difficult task;
• While there may be a residual risk of
re-identification, in the vast majority of
cases, de-identification will strongly
protect the privacy of individuals when
additional safeguards are in place.
www.ipc.on.ca/English/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1084
17. Data De-Identification Tool
• Developed by Dr. Khaled El Emam,
a leading investigator at the
Children s Hospital of Eastern Ont.
Research Institute;
• De-identification tool that minimizes
the risk of re-identification based on:
- The low probability of re-identification;
- Whether mitigation controls are in place;
- Motives and capacity of the recipient;
- The extent a breach invades privacy;
• Simultaneously maximizes privacy
and data quality while minimizing
distortion to the original database.
www.ipc.on.ca/images/Resources/positive-sum-khalid.pdf
18. Evidence that the Tool Works
• Dr. El Emam was approached to create a longitudinal public use
dataset using his de-identification tool for the purposes of a global
data mining competition – the Heritage Health Prize;
• Participants in the Heritage Health Prize competition were asked
to predict, using de-identified claims data, the number of days
patients would be hospitalized in a subsequent year;
• Dr. El Emam won the competition, but before awarding him
the prize, his de-identified dataset was subjected to a strong
re-identification attack by a highly skilled expert;
• The expert concluded the dataset could not be re-identified –
Dr. El Emam's de-identification tool was highly successful!
19. Evidence that Re-Identification
is Extremely Difficult
• A literature search by Dr. El Emam et al. identified 14 published
accounts of re-identification attacks on de-identified data;
• A review of these attacks revealed that one quarter of all records
and roughly one-third of health records were re-identified;
• However, Dr. El Emam found that only 2 out of the 14 attacks
were made on records that had been properly de-identified
using existing standards;
• Further, only 1 of the 2 attacks had been made on health data,
resulting in a very low re-identification success rate of 0.013%.
20. Data Minimization for Record Linkages
• Dr. El Emam has also developed a protocol for securely linking
databases without sharing any identifying information;
• The protocol uses an encryption system to identify and locate
records relating to an individual, existing in multiple datasets;
• This involves encrypting personal identifiers in each dataset and
comparing only the encrypted identifiers, using mathematical
operations, resulting in a list of matched records, without
revealing any personal identifiers;
• The protocol promotes compliance with existing prohibition in
PHIPA by allowing linkages of datasets without the disclosure of
any identifying information – a win/win solution – positive-sum!
23. Privacy by Design:
The 7 Foundational Principles
1. Proactive not Reactive:
Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality:
Positive-Sum, not Zero-Sum;
5. End-to-End Security:
Full Lifecycle Protection;
6. Visibility and Transparency:
Keep it Open;
7. Respect for User Privacy:
Keep it User-Centric.
www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
24. Adoption of “Privacy by Design”
as an International Standard
Landmark Resolution Passed to Preserve
the Future of Privacy
By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
JERUSALEM, October 29, 2010 – A landmark Resolution by
Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian,
was unanimously passed by International Data Protection and Privacy
Commissioners in Jerusalem today at their annual conference.
The resolution ensures that privacy is embedded into new technologies
and business practices, right from the outset – as an essential
component of fundamental privacy protection.
Full Article:
http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
25. Privacy by Design:
Proactive in 25 Languages!
1. English 9. Hebrew 17. Russian
2. French 10. Hindi 18. Romanian
3. German 11. Chinese 19. Portuguese
4. Spanish 12. Japanese 20. Maltese
5. Italian 13. Arabic 21. Greek
6. Czech 14. Armenian 22. Macedonian
7. Dutch 15. Ukrainian 23. Bulgarian
8. Estonian 16. Korean 24. Croatian
25. Polish
26. Conclusions
• Big Data promises new opportunities to gain valuable insights
and benefits for the health system;
• However, Big Data may also enable expanded surveillance
and increase the risk of unauthorized use;
• PHIPA permits the use and disclosure of personal health
information for health research and analysis with safeguards
such as data minimization and privacy oversight built directly
into the legislation;
• But compliance with legislative safeguards is not enough –
to reap the benefits of big data, we must get smart about
privacy and lead with Privacy by Design;
• Big Data needs Big Privacy – you can achieve both goals
in a positive-sum paradigm through Privacy by Design.
27. How to Contact Us
Ann Cavoukian, Ph.D.
Information & Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario, Canada
M4W 1A8
Phone: (416) 326-3948 / 1-800-387-0073
Web: www.ipc.on.ca
E-mail: info@ipc.on.ca
For more information on Privacy by Design, please
visit: www.privacybydesign.ca