Presented at The Seventh National Conference on Medical Informatics and The Annual Meeting of the Thai Medical Informatics Association) (TMI-NCMedInfo 2018), Bangkok, Thailand on November 23, 2018
Presented at The Seventh National Conference on Medical Informatics and The Annual Meeting of the Thai Medical Informatics Association) (TMI-NCMedInfo 2018), Bangkok, Thailand on November 23, 2018
Presented at the Life Sci. Level Up Challenge 2020, a Project to Promote and Incubate New Medical and Health Technology Researchers and Startups Promot 2020 by Thailand Center of Excellence for Life Sciences (Public Organization) (TCELS) and Srinakharinwirot University, Ministry of Higher Education, Science, Research and Innovation, Bangkok, Thailand on August 1, 2020.
Presented at the RACM 302 Community Medicine Course, Doctor of Philosophy Curriculum, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on December 3, 2018
Presented to the Subcommittee on Science, Technology, Research and Innovation to Drive the Country of the Science, Technology, Research and Innovation Committee, The House of Representatives, Bangkok, Thailand on July 29, 2020
Presented at the Ramathibodi Hospital Administration School, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on November 19, 2018
Presented at The Seventh National Conference on Medical Informatics and The Annual Meeting of the Thai Medical Informatics Association (TMI-NCMedInfo 2018), Bangkok, Thailand on November 23, 2018
Ethics in ICT and Data Governance: From Principles to Practice (October 29, 2...Nawanan Theera-Ampornpunt
Â
Presented at the Graduate School of Human Resource Development, National Institute of Development Administration, Bangkok, Thailand on October 29, 2020
Presented at the Thai Medical Informatics Association Annual Conference and The National Conference on Medical Informatics (TMI-NCMedInfo 2016) on November 25, 2016.
Presented at the Health Informatics and Health Information Technology Course, Doctor of Philosophy and Master of Science Programs in Data Science for Health Care (International Program), Faculty of Medicine Ramathibodi Hospital, Mahidol University on October 24, 2017
Presented at The Thai Medical Informatics Association Annual Conference and The National Conference on Medical Informatics (TMI-NCMedInfo) 2020, Bangkok, Thailand on November 25, 2020
Presented at the Life Sci. Level Up Challenge 2020, a Project to Promote and Incubate New Medical and Health Technology Researchers and Startups Promot 2020 by Thailand Center of Excellence for Life Sciences (Public Organization) (TCELS) and Srinakharinwirot University, Ministry of Higher Education, Science, Research and Innovation, Bangkok, Thailand on August 1, 2020.
Presented at the RACM 302 Community Medicine Course, Doctor of Philosophy Curriculum, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on December 3, 2018
Presented to the Subcommittee on Science, Technology, Research and Innovation to Drive the Country of the Science, Technology, Research and Innovation Committee, The House of Representatives, Bangkok, Thailand on July 29, 2020
Presented at the Ramathibodi Hospital Administration School, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on November 19, 2018
Presented at The Seventh National Conference on Medical Informatics and The Annual Meeting of the Thai Medical Informatics Association (TMI-NCMedInfo 2018), Bangkok, Thailand on November 23, 2018
Ethics in ICT and Data Governance: From Principles to Practice (October 29, 2...Nawanan Theera-Ampornpunt
Â
Presented at the Graduate School of Human Resource Development, National Institute of Development Administration, Bangkok, Thailand on October 29, 2020
Presented at the Thai Medical Informatics Association Annual Conference and The National Conference on Medical Informatics (TMI-NCMedInfo 2016) on November 25, 2016.
Presented at the Health Informatics and Health Information Technology Course, Doctor of Philosophy and Master of Science Programs in Data Science for Health Care (International Program), Faculty of Medicine Ramathibodi Hospital, Mahidol University on October 24, 2017
Presented at The Thai Medical Informatics Association Annual Conference and The National Conference on Medical Informatics (TMI-NCMedInfo) 2020, Bangkok, Thailand on November 25, 2020
Personal Data Protection Act (PDPA) for Health Care Service (January 29, 2021)Nawanan Theera-Ampornpunt
Â
Presented at the PDPA for Mahidol University Workshop for Healthcare Faculties by the Division of Information Technology, Office of the President, Mahidol University, Nakhon Pathom, Thailand on January 29, 2021
Presented at the Intermediate Certificate Courses - Good Governance for Medical Executives, King Prajadhipok's Institute and the Medical Council of Thailand, Bangkok, Thailand on March 13, 2021
Presented at the 7th Healthcare CIO Certificate Program, Hospital Administration School, Faculty of Medicine Ramathibodi Hospital, Mahidol University on August 10, 2016
Presented at The New Generation IT Doctor for Hospital Development Training Program, Thai Medical Informatics Association, Nonthaburi, Thailand on August 26, 2019
Presented at the BDMS Golden Jubilee Scientific Conference 2022 "BDMS Beyond 50 years: Looking towards the centennial," Bangkok Dusit Medical Services Public Company Limited (BDMS), Bangkok, Thailand on October 19, 2022
Telemedicine provides healthcare at a distance using telecommunications technology. It has grown from focusing on increasing access to now emphasizing convenience and cost reduction. Store-and-forward and home-based telemedicine have evidence for treating chronic diseases, while office/hospital telemedicine is effective for verbal interactions in specialties like neurology and psychiatry. Current trends include expanding telemedicine to more chronic conditions and migrating services from clinical settings to homes and mobile devices. However, reimbursement remains limited and fragmented while quality of remote care compared to in-person visits requires more evidence. Proper guidelines, standards, training and balancing innovation with risk-based regulation can maximize telemedicine's benefits while minimizing harms.
This document discusses digital health transformation and the role of health information technology. It begins by exploring concepts like artificial intelligence, blockchain, cloud computing and big data. It then examines the potential for "smart" machines in healthcare while acknowledging the complexities of digitizing such a system. The document emphasizes that clinical judgment is still necessary given variations in patients. It outlines components of healthcare systems and forms of health IT both within and beyond hospitals. Finally, it discusses using health IT to support clinical decision making and reduce errors.
Presented at The Thai Medical Informatics Association Annual Conference and The National Conference on Medical Informatics (TMI-NCMedInfo) 2021, Bangkok, Thailand on November 26, 2021
The document discusses the field of health informatics and provides definitions and examples. It defines health informatics as the application of information science to healthcare and biomedical research. It describes the relationships between health informatics and other fields like computer science, engineering, and the medical sciences. The document also discusses different areas of health informatics like clinical informatics, public health informatics, and consumer health informatics. It provides examples of common health information technologies used in healthcare settings like electronic health records, computerized physician order entry, and picture archiving systems.
This document provides an introduction to research ethics and ethics for health informaticians. It begins with definitions of ethics, morals, and norms. It then discusses the role of law, professional codes of conduct, and ethics in establishing standards of acceptable behavior. Key topics in research ethics are introduced through discussions of historic cases like the Nazi human experiments, Beecher's research ethics violations, and the Tuskegee Syphilis Study. The document outlines the Belmont Report's three ethical principles of respect for persons, beneficence, and justice. Ethical issues in health informatics like alerts fatigue from clinical decision support systems and unintended consequences of health IT are also discussed.
Consumer Health Informatics, Mobile Health, and Social Media for Health: Part...Nawanan Theera-Ampornpunt
Â
Presented at the Master of Science and Doctor of Philosophy Programs in Data Science for Healthcare and Clinical Informatics, Department of Clinical Epidemiology and Biostatistics, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on November 10, 2021
Consumer Health Informatics, Mobile Health, and Social Media for Health: Part...Nawanan Theera-Ampornpunt
Â
Presented at the Master of Science and Doctor of Philosophy Programs in Data Science for Healthcare and Clinical Informatics, Department of Clinical Epidemiology and Biostatistics, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on November 10, 2021
Presented at the Master of Science and Doctor of Philosophy Programs in Data Science for Healthcare and Clinical Informatics, Department of Clinical Epidemiology and Biostatistics, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on November 8, 2021
Health Information Privacy and Security (November 8, 2021)
Â
Information Privacy Laws in Healthcare (September 13, 2020)
1. 1
Information Privacy Laws in Healthcare
āļāļ.āļāļ§āļāļĢāļĢāļ āļāļĩāļĢāļ°āļāļąāļĄāļāļĢāļāļąāļāļāļļāđ
āļĢāļāļāļāļāļāļāļĩāļāđāļēāļĒāļāļāļīāļāļąāļāļīāļāļēāļĢ āđāļĨāļ°āļāļēāļāļēāļĢāļĒāđāļ āļēāļāļ§āļīāļāļēāļĢāļ°āļāļēāļāļ§āļīāļāļĒāļēāļāļĨāļīāļāļīāļāđāļĨāļ°āļāļĩāļ§āļŠāļāļīāļāļī
āļāļāļ°āđāļāļāļĒāļĻāļēāļŠāļāļĢāđāđāļĢāļāļāļĒāļēāļāļēāļĨāļĢāļēāļĄāļēāļāļīāļāļāļĩ
13 āļāļąāļāļĒāļēāļĒāļ 2563
Except content reproduced from others, used here under Fair Use, that are copyrighted by respective owners.
4. 4
Hippocratic Oath
â...What I may see or hear in the course of
treatment or even outside of the treatment in
regard to the life of men, which on no account one
must spread abroad, I will keep myself holding
such things shameful to be spoken about...â
5. 5
Relevant Ethical Principles
Autonomy (āļŦāļĨāļąāļāđāļāļāļŠāļīāļāļāļīāđ/āļāļ§āļēāļĄāđāļāđāļāļāļīāļŠāļĢāļ°āļāļāļāļāļđāđāļāđāļ§āļĒ)
Beneficence (āļŦāļĨāļąāļāļāļēāļĢāļĢāļąāļāļĐāļēāļāļĢāļ°āđāļĒāļāļāđāļŠāļđāļāļŠāļļāļāļāļāļāļāļđāđāļāđāļ§āļĒ)
Non-maleficence (āļŦāļĨāļąāļāļāļēāļĢāđāļĄāđāļāļēāļāļąāļāļāļĢāļēāļĒāļāđāļāļāļđāđāļāđāļ§āļĒ)
âFirst, Do No Harm.â
36. 36
⊠Health Insurance Portability and Accountability Act of 1996
http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf
⊠More stringent state privacy laws apply
⊠HIPAA Goals
⊠To protect health insurance coverage for workers & families when they change or
lose jobs (Title I)
⊠To require establishment of national standards for electronic health care
transactions and national identifiers for providers, health insurance plans, and
employers (Title II: âAdministrative Simplificationâ provisions)
⊠Administrative Simplification provisions also address security & privacy of health
data
http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
U.S. Health Information Privacy Law (HIPAA)
37. 37
âŠTitle I: Health Care Access, Portability, and Renewability
âŠTitle II: Preventing Health Care Fraud and Abuse; Administrative
Simplification; Medical Liability Reform
⊠Requires Department of Health & Human Services (HHS) to draft rules
aimed at increasing efficiency of health care system by creating
standards for use and dissemination of health care information
U.S. Health Information Privacy Law (HIPAA)
38. 38
âŠTitle III: Tax-Related Health Provisions
âŠTitle IV: Application and Enforcement of Group Health Plan
Requirements
âŠTitle V: Revenue Offsets
U.S. Health Information Privacy Law (HIPAA)
39. 39
âŠHHS promulgated 5 Administrative Simplification rules
âŠPrivacy Rule
âŠTransactions and Code Sets Rule
âŠSecurity Rule
âŠUnique Identifiers Rule
âŠEnforcement Rule
U.S. Health Information Privacy Law (HIPAA)
40. 40
⊠Covered Entities
⊠A health plan
⊠A health care clearinghouse
⊠A healthcare provider who transmits any health information in electronic form in
connection with a transaction to enable health information to be exchanged
electronically
⊠Business Associates
Some HIPAA Definitions
41. 41
⊠Protected Health Information (PHI)
⊠Individually identifiable health information transmitted or maintained in electronic media or other
form or medium
⊠Individually Identifiable Health Information
⊠Any information, including demographic information collected from an individual, thatâ
⊠(A) is created or received by a CE; and
⊠(B) relates to the past, present, or future physical
⊠or mental health or condition of an individual, the provision of health care to an individual, or the
past, present, or future payment for the provision of health care to an individual, andâ
⊠(i) identifies the individual; or
⊠(ii) with respect to which there is a reasonable basis to believe that the information can be used to
identify the individual.
Some HIPAA Definitions
42. 42
⊠Name
⊠Address
⊠Phone number
⊠Fax number
⊠E-mail address
⊠SSN
⊠Birthdate
⊠Medical Record No.
⊠Health Plan ID
⊠Treatment date
⊠Account No.
⊠Certificate/License No.
⊠Device ID No.
⊠Vehicle ID No.
⊠Drivers license No.
⊠URL
⊠IP Address
⊠Biometric identifier
including fingerprints
⊠Full face photo
Protected Health Information: Personal Identifers
43. 43
⊠Establishes national standards to protect PHI; applies to CE & business associates
⊠Requires appropriate safeguards to protect privacy of PHI
⊠Sets limits & conditions on uses & disclosures that may be made without patient authorization
⊠Gives patients rights over their health information, including rights to examine & obtain copy of
health records & to request corrections
http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html
HIPAA Privacy Rule
44. 44
⊠Timeline
⊠November 3, 1999 Proposed Privacy Rule
⊠December 28, 2000 Final Privacy Rule
⊠August 14, 2002 Modifications to Privacy Rule
⊠April 14, 2003 Compliance Date for most CE
⊠Full text (as amended)
http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/
adminsimpregtext.pdf
http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html
HIPAA Privacy Rule
45. 45
âŠSome permitted uses and disclosures
âŠUse of PHI
âŠSharing, application, use, examination or analysis within the entity
that maintains the PHI
âŠDisclosure of PHI
âŠRelease or divulgence of information by an entity to persons or
organizations outside of that entity.
HIPAA Privacy Rule
46. 46
âŠA covered entity may not use or disclose PHI, except
âŠwith individual consent for treatment, payment or healthcare
operations (TPO)
âŠwith individual authorization for other purposes
âŠwithout consent or authorization for governmental and other
specified purposes
HIPAA Privacy Rule
47. 47
âŠTreatment, payment, health care operations (TPO)
⊠Quality improvement
⊠Competency assurance
⊠Medical reviews & audits
⊠Insurance functions
⊠Business planning & administration
⊠General administrative activities
HIPAA Privacy Rule
48. 48
⊠Uses & disclosures without the need for patient authorization permitted in
some circumstances
⊠Required by law
⊠For public health activities
⊠About victims of abuse, neglect, or domestic violence
⊠For health oversight activities
⊠For judicial & administrative proceedings
⊠For law enforcement purposes
⊠About decedents
HIPAA Privacy Rule
49. 49
⊠Uses & disclosures without the need for patient authorization permitted in some
circumstances
⊠For cadaveric organ, eye, or tissue donation purposes
⊠For research purposes
⊠To avert a serious threat to health or safety
⊠For workersâ compensation
⊠For specialized government functions
⊠Military & veterans activities
⊠National security & intelligence activities
⊠Protective services for President & others
⊠Medical suitability determinants
⊠Correctional institutions
⊠CE that are government programs providing public benefits
HIPAA Privacy Rule
50. 50
⊠Control use and disclosure of PHI
⊠Notify patients of information practices (NPP, Notice of Privacy Practices)
⊠Specifies how CE can use and share PHI
⊠Specifies patientâs rights regarding their PHI
⊠Provide means for patients to access their own record
⊠Obtain authorization for non-TPO uses and disclosures
⊠Log disclosures
⊠Restrict use or disclosures
⊠Minimum necessary
⊠Privacy policy and practices
⊠Business Associate agreements
⊠Other applicable statutes
⊠Provide management oversight and response to minimize threats and breaches of privacy
From a teaching slide in UMNâs Spring 2006 Health Informatics II class by Dr. David Pieczkiewicz
Responsibilities of a Covered Entity
51. 51
⊠Individually identifiable health information collected and used solely for
research IS NOT PHI
⊠Researchers obtaining PHI from a CE must obtain the subjectâs authorization
or must justify an exception:
⊠Waiver of authorization (obtain from the IRB)
⊠Limited Data Set (with data use agreement)
⊠De-identified Data Set
⊠HIPAA Privacy supplements the Common Rule and the FDAâs existing
protection for human subjects
From a teaching slide in UMNâs Spring 2006 Health Informatics II class by Dr. David Pieczkiewicz
HIPAA & Research
52. 52
⊠De-identified Data Set
⊠Remove all 18 personal identifiers of subjects, relatives, employers, or
household members
⊠OR biostatistician confirms that individual cannot be identified with the
available information
⊠Limited Data Set
⊠May include Zip, Birthdate, Date of death, date of service, geographic
subdivision
⊠Remove all other personal identifiers of subject, etc.
⊠Data Use Agreement signed by data recipient that there will be no attempt
to re-identify the subject
From a teaching slide in UMNâs Spring 2006 Health Informatics II class by Dr. David Pieczkiewicz
Research Datasets
53. 53
⊠Assure the CE that all research-initiated HIPAA requirements have been met
⊠Provide letter of approval to the researcher to conduct research using PHI
⊠OR, Certify and document that waiver of authorization criteria have been
met
⊠Review and approve all authorizations and data use agreements
⊠Retain records documenting HIPAA actions for 6 years
From a teaching slide in UMNâs Spring 2006 Health Informatics II class by Dr. David Pieczkiewicz
IRBâs New Responsibilities
54. 54
âŠEstablishes national standards to protect individualsâ electronic
PHI that is created, received, used, or maintained by a CE.
âŠRequires appropriate safeguards to ensure confidentiality, integrity
& security of electronic PHI
⊠Administrative safeguards
⊠Physical safeguards
⊠Technical safeguards
http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html
HIPAA Security Rule
55. 55
⊠Timeline
⊠August 12, 1998 Proposed Security Rule
⊠February 20, 2003 Final Security Rule
⊠April 21, 2005 Compliance Date for most CE
âŠFull Text
http://www.hhs.gov/ocr/privacy/hipaa/
administrative/securityrule/securityrulepdf.pdf
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html
HIPAA Security Rule
56. 56
⊠The HIPAA Security Rule is:
⊠A set of information security âbest practicesâ
⊠A minimum baseline for security
⊠An outline of what to do, and what procedures should be in place
⊠The HIPAA Security Rule is not:
⊠A set of specific instructions
⊠A set of rules for universal, unconditional implementation
⊠A document outlining specific implementations (vendors, equipment,
software, etc.)
From a teaching slide in UMNâs Spring 2006 Health Informatics II class by Dr. David Pieczkiewicz
HIPAA Security Rule: Meaning
57. 57
The HIPAA Security Rule is designed to be:
⊠Technology-neutral
⊠Scalable (doesnât require all CEs to apply the same policies)
⊠Flexible (allows CEs to determine their own needs)
⊠Comprehensive (covers technical, business, and behavioral issues)
From a teaching slide in UMNâs Spring 2006 Health Informatics II class by Dr. David Pieczkiewicz
HIPAA Security Rule: Meaning
58. 58
⊠Many rules are either Required or Addressable
⊠Required:
⊠Compliance is mandatory
⊠Addressable:
⊠If a specification in the Rule is reasonable and appropriate for the CE, then
the CE must implement
⊠Otherwise, documentation must be made of the reasons the policy
cannot/will not be implemented, and when necessary, offer an alternative
From a teaching slide in UMNâs Spring 2006 Health Informatics II class by Dr. David Pieczkiewicz
HIPAA Security Rule: Meaning
59. 59
âŠBreach notification
âŠExtension of complete Privacy & Security HIPAA provisions to
business associates of covered entities
âŠNew rules for accounting of disclosures of a patientâs health
information
New Provisions in HITECH Act of 2009