3. – Training consists of Federal regulations:
– Health Insurance Portability and Accountability
Act of 1996 (HIPPA)
– The Health Information Technology for Economic
and Clinical Health Act (The HITECH Act)
– Several state laws
4. – Legal and ethical responsibilities
– Intense ethics training
– Protect patients’ health information
– Information used/disclosed for treatment,
payment or healthcare
– Employees must sign compliance statement
6. – Special Circumstances
– Celebrities
– Fake names
– Unique log-in for staff
– Change log-in formation regularly
– Code words to access medical files
– Restricted to “Need to know” staff only
– Password protected
7. – Electronic Health Records Software System(EHR)
– Encrypt files
– Provide protected backups
– Activity logs
– Track in-coming and out-going medical information
– Record hold
– De-identification mechanism
– Access restriction
– Provide alias
9. REFERENCES
• https://www.ache.org/policy/hiconf.cfm
(American College of Healthcare Executives)
• http://blog.capterra.com/physicians-guide-
protecting-patient-information/
• http://www.managedcaremag.com/archives/06
11/0611.datasecurity.html
• Article Citation: AHIMA e-HIM Work Group on
Security of Personal Health Information.
"Ensuring Security of High-Risk Information in
EHRs" Journal of AHIMA 79, no.9 (September
2008): 67-71