Robust patient privacy and security protection are essential to build and maintain a necessary level of trust among patients, providers, health plans and other stakeholders.
This presentation discusses how to comply with HIPAA and HITECH privacy laws. Learn key terms such as Protected Health Information, the Privacy Rule and the Security Rule as well as major changes brought by HIPAA and HITECH.
HIPAA consent is the state of being in alignment with guidelines et by Health Insurance Portability and Accountability Act of 1996 passed by the congress.
This presentation discusses how to comply with HIPAA and HITECH privacy laws. Learn key terms such as Protected Health Information, the Privacy Rule and the Security Rule as well as major changes brought by HIPAA and HITECH.
HIPAA consent is the state of being in alignment with guidelines et by Health Insurance Portability and Accountability Act of 1996 passed by the congress.
Presentation was given by Jim Anfield to Chicago Technology For Value-Based HealthCare (https://www.meetup.com/Chicago-Technology-For-Value-Based-Healthcare-Meetup/).
HIPAA and FDCPA Compliance for Process ServersLawgical
Process servers may not realize the effects HIPAA and FDCPA can have on their businesses. This slideshow, put together by Steve Glenn (PSACO President and NAPPS 1st Vice President) outlines the ways in which process servers are affected.
Developers building healthcare applications for mobile devices, wearables and the desktop need to understand HIPAA requirements in order to build apps that are in compliance. This deck gives application developers an overview of the HIPAA rules and what it means for their software development.
The current healthcare system in the United States is heavily influenced by HIPAA Security. This translates into a need to understand technology and cybersecurity beyond the use of anti-malware applications. This presentation presents some of the basics Covered Entities and Business Associates must be aware of as it relates to HIPAA Security.
Privacy and Security Tiger Team
Trusted Identity of Patients in Cyberspace
Recommendations on Patient Identity Proofing and Authentication
January 8, 2012
Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity, increase efficiency and better manage medical expenses. The HITRUST Common Security Framework: A way to protect electronic health information.
The HITRUST Common Security Framework (CSF) was developed to address the myriad of security, privacy and regulatory challenges facing healthcare organizations and their sub-service providers. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF assists organizations address these challenges through a comprehensive framework of prescriptive and scalable security control.
Topics covered in clude:
• A background and overview of the CSF program
• Understanding and leveraging the CSF
• Standards and regulations mapping
• Implementing the CSF
• Third party certification
• The benefits and challenges
Presentation was given by Jim Anfield to Chicago Technology For Value-Based HealthCare (https://www.meetup.com/Chicago-Technology-For-Value-Based-Healthcare-Meetup/).
HIPAA and FDCPA Compliance for Process ServersLawgical
Process servers may not realize the effects HIPAA and FDCPA can have on their businesses. This slideshow, put together by Steve Glenn (PSACO President and NAPPS 1st Vice President) outlines the ways in which process servers are affected.
Developers building healthcare applications for mobile devices, wearables and the desktop need to understand HIPAA requirements in order to build apps that are in compliance. This deck gives application developers an overview of the HIPAA rules and what it means for their software development.
The current healthcare system in the United States is heavily influenced by HIPAA Security. This translates into a need to understand technology and cybersecurity beyond the use of anti-malware applications. This presentation presents some of the basics Covered Entities and Business Associates must be aware of as it relates to HIPAA Security.
Privacy and Security Tiger Team
Trusted Identity of Patients in Cyberspace
Recommendations on Patient Identity Proofing and Authentication
January 8, 2012
Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity, increase efficiency and better manage medical expenses. The HITRUST Common Security Framework: A way to protect electronic health information.
The HITRUST Common Security Framework (CSF) was developed to address the myriad of security, privacy and regulatory challenges facing healthcare organizations and their sub-service providers. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF assists organizations address these challenges through a comprehensive framework of prescriptive and scalable security control.
Topics covered in clude:
• A background and overview of the CSF program
• Understanding and leveraging the CSF
• Standards and regulations mapping
• Implementing the CSF
• Third party certification
• The benefits and challenges
The Four Balancing Acts Involved with Healthcare Data Security FrameworksHealth Catalyst
There’s a lot at stake for healthcare organizations when it comes to securing data. A primary concern is to protect privacy and avoid costly breaches or leaks, but at the same time, data must be accessible if it’s to be used for actionable insights. This executive report introduces four balancing acts that organizations must maintain to build an ideal data security framework:
Monitoring
Data de-identification
Cloud environments
User access
This can be a tug-of-war between IT and security, two groups that often have divergent interests, however well-meaning they may be. Healthcare systems that build bridges between these interests and strike the crucial balance between data utilization and security can dial in on long-term goals, like better care at a lower cost and overall outcomes improvement.
While the Health Insurance Portability and Accountability Act (HIPAA) is best known for its multitude of requirements that govern the way health care providers can use, disclose, and safeguard protected health information (PHI), its reach goes far beyond that to health plans and business associates that only handle PHI on a limited basis. HIPAA implementation in these environments creates unique challenges—for example, which provisions actually need to be addressed—but with 2016 marking an all-time high for HIPAA enforcement cases, it may be more important now than ever to address HIPAA compliance.
Lee Rainie will present findings from Pew Research Center’s report titled "The Internet of Things Will Thrive by 2025" to the American Bar Association Section of Science & Technology law on March 30, 2016. The report presents the views of hundreds of “technology builders and analysts” on the question of whether Internet of Things will have widespread and beneficial effects on the everyday lives of the public.
Портирование C++ приложений на FLASCC: опыт Unreal Engine 3. Павел Наказненко...Unigine Corp.
Павел Наказненко, разработчик, freelance (Красноярск)
На основе нашего опыта портирования Unreal Engine 3 и Free Heroes 2 на Flash, расскажу немного о технологии FLASCC, а также тонкостях портирования С++ игр с помощью нее.
Aadarsh Talking Pen by Multimedia Print Reader has taken a giant leap in education sector.
It provides learning aid to visually impaired people of the society especially the children.
Help the enthusiastic learners to read.
Help promote literacy of any language.
An initiative to help make people self dependant in this competitive world with self-esteem for one.
Ensuring Data IntegrityIn Health Information ExchangeTanaMaeskm
Ensuring Data Integrity
In Health Information Exchange
Inaccurate health information may adversely affect the quality of an individual’s
healthcare, insurance, and employability. As computerization of health information
continues and the scope of organizational exchange of health information widens into
health information exchanges (HIEs), maintaining the integrity and completeness of
health data is paramount.
The overarching goal of HIEs is to allow authorized users to quickly and accurately
exchange health information to enhance patient safety and improve efficiency.
Achieving this goal is dependent on the ability to link (match) multiple, disparate
records relating to a single individual.
A 2008 RAND report, “Identity Crisis: An Examination of the Costs and Benefits of a
Unique Patient Identifier for the US Health Care System,” noted that avoiding adverse
drug events, which are often the result of incomplete linking information about a
patient’s medications or allergies, could save the healthcare system in the US about
$4.5 billion per year.1 This report also points out that on average an 8 percent duplicate
record rate existed in the master patient index (MPI) databases studied. The average
duplicate record rate increased to 9.4 percent in MPI databases with more than 1 million
records. Additionally, the report identified that the duplicate record rates of the enterprise
master patient/person index (EMPI) databases studied were as high as 39.1 percent.
High duplicate record rates within EMPI databases are commonly the result of loading
unresolved duplicate records from contributing MPI files. EMPI systems that leverage
advanced matching algorithms are designed to automatically link records from multiple
systems if there is only one existing viable matching record. If the EMPI system identifies
two or more viable matching records when loading a patient record, as is the case when
the EMPI contains unresolved duplicate record sets, it must create a new patient record
and flag it as an unresolved duplicate record set to be manually reviewed and resolved.
Therefore, if care is not taken to resolve the existing EMPI duplicate records, the duplicate
rate in an EMPI can significantly grow as additional MPI files are added.
Patient identity integrity is the accuracy, quality, and completeness of demographic data
attached to or associated with an individual patient. This includes the accuracy and
quality of the data as it relates to the individual, as well as the correctness of the linking
or matching of all existing records for that individual within and across information
AHIMA HIE Practice Council Contributors:
Linda Bailey-Woods, RHIA, CPHIMS; Teresa
M. Hall, MHA, RHIT, CPC; Aviva M. Halpert,
RHIA, MA, CHPS; Steven Kotyk ; Shirley Neal,
RHIT; Letha Stewart, MA, RHIA; and Susan O.
Torzewski, RHIA
Editor: Anne Zender, MA
Design: Candy Ramos
Representing more than 64,000 specially
educated health information management
professi ...
Presentation designed to explain Business Associates the basics of HIPAA and real-life examples of cases that failed to implement and follow HIPAA requirements on a timely basis.
Since the HITECH Act was passed in 2009, healthcare executives have felt the pressure to implement the electronic health record and achieve Meaningful Use status resulting in the flow of incentive dollars over the next five years.
Healthcare executives have felt the pressure to implement the EHR and achieve Meaningful Use Status.
In the rush to purchase and implement EHR solutions, executives are finding that the PMBOK and ITIL need to blend together in order to establish a reliable road-map to achieve and sustain the HITECH objectives.
Defecation
Normal defecation begins with movement in the left colon, moving stool toward the anus. When stool reaches the rectum, the distention causes relaxation of the internal sphincter and an awareness of the need to defecate. At the time of defecation, the external sphincter relaxes, and abdominal muscles contract, increasing intrarectal pressure and forcing the stool out
The Valsalva maneuver exerts pressure to expel faeces through a voluntary contraction of the abdominal muscles while maintaining forced expiration against a closed airway. Patients with cardiovascular disease, glaucoma, increased intracranial pressure, or a new surgical wound are at greater risk for cardiac dysrhythmias and elevated blood pressure with the Valsalva maneuver and need to avoid straining to pass the stool.
Normal defecation is painless, resulting in passage of soft, formed stool
CONSTIPATION
Constipation is a symptom, not a disease. Improper diet, reduced fluid intake, lack of exercise, and certain medications can cause constipation. For example, patients receiving opiates for pain after surgery often require a stool softener or laxative to prevent constipation. The signs of constipation include infrequent bowel movements (less than every 3 days), difficulty passing stools, excessive straining, inability to defecate at will, and hard feaces
IMPACTION
Fecal impaction results from unrelieved constipation. It is a collection of hardened feces wedged in the rectum that a person cannot expel. In cases of severe impaction the mass extends up into the sigmoid colon.
DIARRHEA
Diarrhea is an increase in the number of stools and the passage of liquid, unformed feces. It is associated with disorders affecting digestion, absorption, and secretion in the GI tract. Intestinal contents pass through the small and large intestine too quickly to allow for the usual absorption of fluid and nutrients. Irritation within the colon results in increased mucus secretion. As a result, feces become watery, and the patient is unable to control the urge to defecate. Normally an anal bag is safe and effective in long-term treatment of patients with fecal incontinence at home, in hospice, or in the hospital. Fecal incontinence is expensive and a potentially dangerous condition in terms of contamination and risk of skin ulceration
HEMORRHOIDS
Hemorrhoids are dilated, engorged veins in the lining of the rectum. They are either external or internal.
FLATULENCE
As gas accumulates in the lumen of the intestines, the bowel wall stretches and distends (flatulence). It is a common cause of abdominal fullness, pain, and cramping. Normally intestinal gas escapes through the mouth (belching) or the anus (passing of flatus)
FECAL INCONTINENCE
Fecal incontinence is the inability to control passage of feces and gas from the anus. Incontinence harms a patient’s body image
PREPARATION AND GIVING OF LAXATIVESACCORDING TO POTTER AND PERRY,
An enema is the instillation of a solution into the rectum and sig
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...ILC- UK
The Healthy Ageing and Prevention Index is an online tool created by ILC that ranks countries on six metrics including, life span, health span, work span, income, environmental performance, and happiness. The Index helps us understand how well countries have adapted to longevity and inform decision makers on what must be done to maximise the economic benefits that comes with living well for longer.
Alongside the 77th World Health Assembly in Geneva on 28 May 2024, we launched the second version of our Index, allowing us to track progress and give new insights into what needs to be done to keep populations healthier for longer.
The speakers included:
Professor Orazio Schillaci, Minister of Health, Italy
Dr Hans Groth, Chairman of the Board, World Demographic & Ageing Forum
Professor Ilona Kickbusch, Founder and Chair, Global Health Centre, Geneva Graduate Institute and co-chair, World Health Summit Council
Dr Natasha Azzopardi Muscat, Director, Country Health Policies and Systems Division, World Health Organisation EURO
Dr Marta Lomazzi, Executive Manager, World Federation of Public Health Associations
Dr Shyam Bishen, Head, Centre for Health and Healthcare and Member of the Executive Committee, World Economic Forum
Dr Karin Tegmark Wisell, Director General, Public Health Agency of Sweden
Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...Dr. David Greene Arizona
As we watch Dr. Greene's continued efforts and research in Arizona, it's clear that stem cell therapy holds a promising key to unlocking new doors in the treatment of kidney disease. With each study and trial, we step closer to a world where kidney disease is no longer a life sentence but a treatable condition, thanks to pioneers like Dr. David Greene.
Telehealth Psychology Building Trust with Clients.pptxThe Harvest Clinic
Telehealth psychology is a digital approach that offers psychological services and mental health care to clients remotely, using technologies like video conferencing, phone calls, text messaging, and mobile apps for communication.
Explore our infographic on 'Essential Metrics for Palliative Care Management' which highlights key performance indicators crucial for enhancing the quality and efficiency of palliative care services.
This visual guide breaks down important metrics across four categories: Patient-Centered Metrics, Care Efficiency Metrics, Quality of Life Metrics, and Staff Metrics. Each section is designed to help healthcare professionals monitor and improve care delivery for patients facing serious illnesses. Understand how to implement these metrics in your palliative care practices for better outcomes and higher satisfaction levels.
The dimensions of healthcare quality refer to various attributes or aspects that define the standard of healthcare services. These dimensions are used to evaluate, measure, and improve the quality of care provided to patients. A comprehensive understanding of these dimensions ensures that healthcare systems can address various aspects of patient care effectively and holistically. Dimensions of Healthcare Quality and Performance of care include the following; Appropriateness, Availability, Competence, Continuity, Effectiveness, Efficiency, Efficacy, Prevention, Respect and Care, Safety as well as Timeliness.
Health Education on prevention of hypertensionRadhika kulvi
Hypertension is a chronic condition of concern due to its role in the causation of coronary heart diseases. Hypertension is a worldwide epidemic and important risk factor for coronary artery disease, stroke and renal diseases. Blood pressure is the force exerted by the blood against the walls of the blood vessels and is sufficient to maintain tissue perfusion during activity and rest. Hypertension is sustained elevation of BP. In adults, HTN exists when systolic blood pressure is equal to or greater than 140mmHg or diastolic BP is equal to or greater than 90mmHg. The
Antibiotic Stewardship by Anushri Srivastava.pptxAnushriSrivastav
Stewardship is the act of taking good care of something.
Antimicrobial stewardship is a coordinated program that promotes the appropriate use of antimicrobials (including antibiotics), improves patient outcomes, reduces microbial resistance, and decreases the spread of infections caused by multidrug-resistant organisms.
WHO launched the Global Antimicrobial Resistance and Use Surveillance System (GLASS) in 2015 to fill knowledge gaps and inform strategies at all levels.
ACCORDING TO apic.org,
Antimicrobial stewardship is a coordinated program that promotes the appropriate use of antimicrobials (including antibiotics), improves patient outcomes, reduces microbial resistance, and decreases the spread of infections caused by multidrug-resistant organisms.
ACCORDING TO pewtrusts.org,
Antibiotic stewardship refers to efforts in doctors’ offices, hospitals, long term care facilities, and other health care settings to ensure that antibiotics are used only when necessary and appropriate
According to WHO,
Antimicrobial stewardship is a systematic approach to educate and support health care professionals to follow evidence-based guidelines for prescribing and administering antimicrobials
In 1996, John McGowan and Dale Gerding first applied the term antimicrobial stewardship, where they suggested a causal association between antimicrobial agent use and resistance. They also focused on the urgency of large-scale controlled trials of antimicrobial-use regulation employing sophisticated epidemiologic methods, molecular typing, and precise resistance mechanism analysis.
Antimicrobial Stewardship(AMS) refers to the optimal selection, dosing, and duration of antimicrobial treatment resulting in the best clinical outcome with minimal side effects to the patients and minimal impact on subsequent resistance.
According to the 2019 report, in the US, more than 2.8 million antibiotic-resistant infections occur each year, and more than 35000 people die. In addition to this, it also mentioned that 223,900 cases of Clostridoides difficile occurred in 2017, of which 12800 people died. The report did not include viruses or parasites
VISION
Being proactive
Supporting optimal animal and human health
Exploring ways to reduce overall use of antimicrobials
Using the drugs that prevent and treat disease by killing microscopic organisms in a responsible way
GOAL
to prevent the generation and spread of antimicrobial resistance (AMR). Doing so will preserve the effectiveness of these drugs in animals and humans for years to come.
being to preserve human and animal health and the effectiveness of antimicrobial medications.
to implement a multidisciplinary approach in assembling a stewardship team to include an infectious disease physician, a clinical pharmacist with infectious diseases training, infection preventionist, and a close collaboration with the staff in the clinical microbiology laboratory
to prevent antimicrobial overuse, misuse and abuse.
to minimize the developme
India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...Kumar Satyam
According to TechSci Research report, "India Clinical Trials Market- By Region, Competition, Forecast & Opportunities, 2030F," the India Clinical Trials Market was valued at USD 2.05 billion in 2024 and is projected to grow at a compound annual growth rate (CAGR) of 8.64% through 2030. The market is driven by a variety of factors, making India an attractive destination for pharmaceutical companies and researchers. India's vast and diverse patient population, cost-effective operational environment, and a large pool of skilled medical professionals contribute significantly to the market's growth. Additionally, increasing government support in streamlining regulations and the growing prevalence of lifestyle diseases further propel the clinical trials market.
Growing Prevalence of Lifestyle Diseases
The rising incidence of lifestyle diseases such as diabetes, cardiovascular diseases, and cancer is a major trend driving the clinical trials market in India. These conditions necessitate the development and testing of new treatment methods, creating a robust demand for clinical trials. The increasing burden of these diseases highlights the need for innovative therapies and underscores the importance of India as a key player in global clinical research.
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfSachin Sharma
Pediatric nurses play a vital role in the health and well-being of children. Their responsibilities are wide-ranging, and their objectives can be categorized into several key areas:
1. Direct Patient Care:
Objective: Provide comprehensive and compassionate care to infants, children, and adolescents in various healthcare settings (hospitals, clinics, etc.).
This includes tasks like:
Monitoring vital signs and physical condition.
Administering medications and treatments.
Performing procedures as directed by doctors.
Assisting with daily living activities (bathing, feeding).
Providing emotional support and pain management.
2. Health Promotion and Education:
Objective: Promote healthy behaviors and educate children, families, and communities about preventive healthcare.
This includes tasks like:
Administering vaccinations.
Providing education on nutrition, hygiene, and development.
Offering breastfeeding and childbirth support.
Counseling families on safety and injury prevention.
3. Collaboration and Advocacy:
Objective: Collaborate effectively with doctors, social workers, therapists, and other healthcare professionals to ensure coordinated care for children.
Objective: Advocate for the rights and best interests of their patients, especially when children cannot speak for themselves.
This includes tasks like:
Communicating effectively with healthcare teams.
Identifying and addressing potential risks to child welfare.
Educating families about their child's condition and treatment options.
4. Professional Development and Research:
Objective: Stay up-to-date on the latest advancements in pediatric healthcare through continuing education and research.
Objective: Contribute to improving the quality of care for children by participating in research initiatives.
This includes tasks like:
Attending workshops and conferences on pediatric nursing.
Participating in clinical trials related to child health.
Implementing evidence-based practices into their daily routines.
By fulfilling these objectives, pediatric nurses play a crucial role in ensuring the optimal health and well-being of children throughout all stages of their development.
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
DVHIMSS Ensuring Privacy and Security of HIEs in PA
1. Ensuring Privacy and Security of
Health information Exchange in
Pennsylvania
EMPOWERING THE NEW
HEATHCARE ERA
THE NJ/DV HIMSS REGIONAL MEETING
NOVEMBER 12—14, 2014
BALLY’S HOTEL & CASINO ATLANTIC CITY, NJ.
2. Ensuring Privacy and Security
of
Health information Exchange
in Pennsylvania
Steven J. Fox, Esq.
Principal, Post & Schell, P.C.
William “Buddy” Gillespie, HCISPP
Director Healthcare Solutions, DSS
3.
4. Introduction
The Pennsylvania eHealth Initiative (PAeHI) is a not-for-
profit founded in 2005 by the state’s leading healthcare
organizations to transform healthcare by fostering the
broader adoption of electronic health records and health
information exchange.
In the sharing of patient data, PAeHI recognizes that robust
patient privacy and security protections are essential to
build and maintain a necessary level of trust among
patients, healthcare providers, health plans, and other
stakeholders.
PAeHI also believes that a balance must be maintained
between the protection of patient privacy and the adequate
and timely sharing of patient data at the point of care.
5. Purpose
This white paper addresses healthcare data privacy
and security for electronic information exchange.
The key purpose is to help healthcare providers
achieve acceptable data privacy and security
assurance for healthcare consumers, while
minimizing cost and confusion.
It does not discuss the much broader issues of non-
electronic healthcare data privacy or general
security technology.
6. Background
In 2009, PAeHI published a white paper entitled
"Ensuring Privacy and Security of Health
Information Exchange in Pennsylvania":
This paper was well received and given the
distinguished honor of being published in the
Spring 2009 HIMSS Journal of Health Information
Management (JHIM).
However, since then a lot of changes, coupled
with significant progress, have taken place
across the healthcare spectrum. To name a few, a
growing number of HIEs have achieved
sustainability, Meaningful Use Stage I has taken
place, and the Final Ruling (Omnibus Bill) for
HIPAA was introduced into law.
7. Executive Summary
Patients are unlikely to share sensitive health
information unless they are confident that their provider
will honor their confidentiality. Similarly, health care
entities are unlikely to join a health information
exchange if they are not confident that their medical
records will be kept safe and that the data will be
flowing securely.
8. Executive Summary
• A key factor in achieving a high level of trust and
compliance among individuals, health care
providers, and other health care organizations
participating in a health information exchange is the
development of, and adherence to, a consistent
and coordinated approach to privacy and security
• Clear, understandable and uniform principles are a
first step in developing this approach to privacy and
security while building trust, which are all essential
to the realization of the considerable benefits of
HIE.
9. Executive Summary
• It can be a challenge to adopt clear and
uniform privacy and security principles in a
legal landscape that seems inconsistent and
restrictive.
• Absorbing those principles into a
sustainable business model that hits all its
required regulatory marks requires strong
leadership and the will to get it done to both
support the business goals and serve the
patients and consumers of Pennsylvania.
10. Executive Summary
• In 2012, the Commonwealth established the
Pennsylvania eHealth Partnership Authority as the
governance entity for HIE in the state.
• The Authority is moving forward with all the
mandates contained in its founding legislation to
provide uniform standards and agreements that are
produced in concert with stakeholders, along with
freely distributed consumer outreach tools and a
state consent registry.
11. Executive Summary
• PAeHI sees this as the first vital step in
Pennsylvania achieving a truly interoperable health
information exchange network that both supports
and expands the market for such services.
• The broad topic discussions and outlines contained
in this white paper are presented as a tool to spur
further thinking about the appropriate methods to
interface with the legal requirements as to
electronic health information privacy and security,
the specific requirements within Pennsylvania, and
the workplace challenges of technical and
administrative implementation.
12. Key Definitions
• Privacy
– The right to have all records and
information pertaining to health care
treated as confidential
– Freedom from intrusion into the private
life or affairs of an individual when that
intrusion results from undue,
unauthorized, or illegal gathering and
use of data about that individual.
(HIMSS, 2006)
13. Key Definitions
• Security
– The means to control access and protect
information from accidental or intentional
disclosure to unauthorized persons and
from alteration, destruction, or loss.
(HIMSS, 2006)
– The concepts of confidentiality, integrity,
authenticity, and accountability are
included in security.
14. Key Definitions
• Omnibus Final Rules
– The Omnibus final rule clarifications
were released in January 2013 to
provide additional rulemaking around the
HIPAA Privacy and Security Rules.
– The Omnibus rule was based on
statutory changes under the HITECH Act
and the Genetic Information
Nondiscrimination Act of 2008 (GINA).
15. Key Definitions
• PA eHealth Information Technology Act
– This Act, also known as Act 121 of 2012,
established the Pennsylvania eHealth
Partnership Authority (Authority) as an
independent agency of the Commonwealth
and the governance body for the statewide
technological health information exchange
network it was to build.
16. Landscape and Roadmap
• The health care industry has had many spirited
discussions regarding privacy and security from
both the provider and patient perspectives since
HIPAA was enacted in 1996.
• The issues surrounding privacy and security
continue to challenge all stakeholders regardless of
technological sophistication, particularly those
involved in the direct delivery of care.
• This tension between privacy and security requires
collaborative solutions that fairly balance the
competing interests between security implemented
from a business perspective and with an eye to the
bottom line, and the privacy rights and expectations
of individuals as to their medical information.
18. What is Currently Required?
• Policies & Procedures
– Legal
– Regulatory
– Organizational
– Personal
19. What is Currently Required?
• Policies & Procedures
– Trust Agreements Among Care Providers
• Consumer Consent/Authorization
• Business Associate Agreements
• Data Use & Reciprocal Support Agreements (DURSA)
• Risk Management & Framework
• Identification of Threats
• Mitigation Strategies
• Communication with Stakeholders
20. What is Currently Required?
• Conforming to Policies & Controlling
Risks
– Administrative Controls
– Procedural Controls
– Physical and environmental Controls
– Technical Controls
– Handling Residual Risk
21. What is Currently Required?
• Workforce Considerations
– Security is about people & culture
– Appropriate & repeated training is key to
successful health information sharing
– Most breaches due to employee mistakes &
negligence, not hacking or bad intent
– BYOD contributes to increasing risk
– More privacy & security risk assessments
would reduce frequency of unintentional data
breaches
22. What are Enabling Solutions?
• Best Practices
• Stakeholder Education
• Key Technical Properties
• Demonstration & Model Projects
23.
24. What are New Compliance Challenges?
• Checkbox Compliance
• PHI Ownership & Disposal
• Proprietary EHRs/HIEs
• Convergence of HIOs & Social Media
• BI and Data Analytics
25. What are Emerging Areas of Risk?
• Cloud Hosting
• Cyber Security Insurance
• Cyber Attacks
• Mobile Device Management & BYOD
• Physician & Patient Portals
• Backup and Disaster Recovery
27. What are Late Breaking Updates?
•HIPAA and Ebola (OCR Bulletin)
•Super Protected Data
28. HIPAA and Ebola
• HHS Office of Civil Rights (OCR) issued a Bulletin on Nov. 10,
2014: HIPAA Privacy in Emergency Situations
– To ensure that covered entities & business associates are aware of the ways
in which patient information may be shared under HIPAA Privacy Rule in an
emergency situation; and
– To serve as a reminder that the protections of the Privacy Rule are not set
aside during an emergency
– HIPAA Privacy Rule protects patients’ PHI (protected health information), but
allows appropriate uses & disclosures to treat a patient, to protect the
nation’s public health and for other critical purposes
– See:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/emer
gencysituations.pdf
29. HIPAA and Ebola (OCR Bulletin cont’d.)
Sharing Patient Information
• Treatment
• Public Health Activities
– To a public health authority (e.g., CDC)
– To a foreign government agency, at direction of pub. health auth.
– To persons at risk of contracting or spreading a disease or condition,
if authorized by other (state) law
• Disclosures to Family, Friends & Others Involved in an Individual’s
Care and for Notification
30. HIPAA and Ebola (OCR Bulletin cont’d.)
Sharing Patient Information (cont’d.)
• Imminent Danger
• Disclosures to the Media or Others Not Involved in the Care of the
Patient
• Minimum Necessary
• Business Associates
31. HIPAA and Ebola (OCR Bulletin cont’d.)
Safeguarding Patient Information in Emergency
Situations
Covered Entities must:
• Continue to implement reasonable safeguards to protect patient
information against intentional or unintentional impermissible uses
and disclosures
• Apply the administrative, physical & technical safeguards of the
HIPAA Security Rule to electronic protected health information
(EPHI)
32. HIPAA and Ebola (OCR Bulletin cont’d.)
Other Information
• Limited Waiver
– HIPAA Privacy Rule is not suspended during public health or other
emergency; however
– Secretary of HHS may waive certain provisions of the Privacy Rule
under the Project Bioshield Act of 2004 (PL 108-276) and section
1135(b)(7) of the Social Security Act
– If the President declares an emergency or disaster and the
Secretary declares a public health emergency, the Secretary may
waive (for up to 72 hours) sanctions & penalties against a covered
hospital that does not comply with the following provisions of the
HIPAA Privacy Rule (additional limitations apply):
33. HIPAA and Ebola (OCR Bulletin cont’d.)
Other Information
• Limited Waiver (cont’d.)
• the requirements to obtain a patient's agreement to speak with family
members or friends involved in the patient’s care. See 45 CFR
164.510(b);
• the requirement to honor a request to opt out of the facility directory.
See 45 CFR 164.510(a);
• the requirement to distribute a notice of privacy practices. See 45 CFR
164.520;
• the patient's right to request privacy restrictions. See 45 CFR
164.522(a); and
• the patient's right to request confidential communications. See 45 CFR
164.522(b)
34. HIPAA and Ebola (OCR Bulletin cont’d.)
Other Information (cont’d.)
• HIPAA Applies Only to Covered Entities and Business Associates.
Privacy Rule does not apply to:
– Disclosures made by entities or other persons who are not covered
entities or business associates
– Family members who choose (with or without the patient’s
permission) to disclose information
– News and other media, regardless of how the information was
obtained
– Clergy, friends or neighbors of patients
35. Super Protected Data
• What is Super Protected Data (SPD)?
– HIV and AIDS
– Mental Health
– Drug and Alcohol
36. Super Protected Data
• Committee Work
– Outreach
• SPD Communities
• Commonwealth Advisory Councils
• Department of Public Welfare-Office of Mental Health
and Substance Abuse Services
• Department of Drug and Alcohol Programs
• Department of Health
37. Super Protected Data
• Committee Recommendations
– Recommendation #1:
• Create Health Information Exchange education and
guidance on appropriate sharing while
protecting the privacy of Super Protected Data.
38. Super Protected Data
• Committee Recommendations
– Recommendation #2:
• Develop a list of common Super Protected Data codes and
terms.
39. Super Protected Data
• Committee Recommendations
– Recommendation #3:
• Engage in national Super Protected Data, data
segmentation conversations.
40. Super Protected Data
• Next Steps
– Continue committee conversations
– Refine recommendations
– Consider new suggestions
– Prepare recommendations for board consideration
– Continue outreach and education
– Suggest stakeholder groups
– Engage in federal discussions
– Suggest forums
41. Contributors
PA eHealth Initiative www.paehi.org
– Robert Torres, Esq.
– Steven J. Fox, Esq.
– William “Buddy” Gillespie
– Dr. Chris Cavanaugh
– And special thanks to the PAeHI Committees (BHOX
and Policy)
PA eHealth Partnership Authority www.paehealth.org
– Alix Goss
– Rebecca Roberts
42. For further information: www.paehi.org
Steven J. Fox
Chair, Policy Committee
sjfox@postschell.com
William “Buddy” Gillespie
Chair, Business, Health Outcomes and HIE Committee
wgillespie@dsscorp.com