Privacy, Security, and Ethics Electronic Medical Records - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

Privacy, Security, and Ethics Electronic Medical Records

Description:

Privacy, Security, and Ethics Electronic Medical Records. Today's Topics. Introduction ... a medical record? HIPAA. Security and Privacy. Accountabilty, ... – PowerPoint PPT presentation

Number of Views:2507
Avg rating:3.0/5.0
Slides: 29
Provided by: aaronh8
Category:

less

Transcript and Presenter's Notes

Title: Privacy, Security, and Ethics Electronic Medical Records


1
Privacy, Security, and Ethics Electronic Medical
Records
2
Todays Topics
  • Introduction
  • What is a medical record?
  • HIPAA
  • Security and Privacy
  • Accountabilty, Confidentiality, and Ethics
  • Workplace considerations

3
What is a medical record?
  • Everything about you performed by a care provider
  • Doctor, nurse, phlebotomist, radiology technician
  • Every activity
  • Exams, meds, lab tests, x-rays
  • Paper form
  • Electronic

4
HIPAA
  • What is HIPAA?
  • Health Insurance Portability and Accountability
    Act
  • Primary goal to assist in the portability of
    health insurance and to reduce the administrative
    cost of healthcare
  • What does this have to do with medical record
    security?

5
HIPAA Regulates
  • ensuring portability of health insurance
  • standards for electronic data interchange and
    code sets
  • health care identifiers
  • protecting against fraud in government funded
    health programs
  • protecting patient privacy and securing of health
    data

6
HIPAA
  • Standards of electronic data interchange
  • Aha! Electronic Medical Record
  • Protect patient confidentiality interests
  • Aha! System security

7
Security, Privacy, Confidentiality
  • Privacy The Right
  • Right of the individual to have anonymity
  • Confidentiality The Expectation
  • Obligation of the user of an individuals
    information to respect and uphold that
    individuals privacy
  • Security The Mechanism
  • Policies, procedures, mechanisms, tools,
    technologies, and accountability methods to
    support Privacy

8
Privacy
  • Consent is required
  • Minimum Necessary
  • Patient Rights
  • Inspection, Proposing Amendment, Disclosure
    Accounting
  • Exceptions
  • Public Health, Legal Obligations for Disclosure

9
Privacy
  • Consent Minimum Necessary
  • Your data will not be presented in a way where
    you can be identified
  • If we mask your name, but leave your address,
    age, and gender, you can be identified
  • Example of privacy abuse

10
Security The Three As
  • Authentication
  • You are who you say you are
  • Authorization
  • You can see and do what you are permitted by
    policy to see and do
  • Accountability
  • You are held responsible for what you see and do

11
Authentication
  • Passwords simplest form of authentication
  • Can be very secure, but one breach can spread
    rapidly
  • Can be too secure if you forget your password

12
Biometric Authentication
  • Identify who you are by a physical attribute
  • Signature
  • Facial Points
  • Voice Print
  • Typing Style

13
Biometric Authentication
  • Fingerprint
  • Optical, Digital
  • Hmmm would someone in a hospital have access to
    a severed finger?
  • Iris
  • Highly accurate
  • Same issue as with a dead finger
  • Requires a camera

14
Biometric Authentication
  • Authentication threshholds
  • What is better 100 match or 99.99996 match?
  • What is considered a match?
  • Tokens vs. Tokenless
  • Tokens
  • User must have token with them
  • No id information on the server
  • Tokenless
  • ID information on host computer

15
Preserving Authentication
  • Time out on computers, require re-entry
    to log in
  • Change User functions also requires
    re-authentication

16
Authorization
  • Im a valid user or the system, and Ive been
    authenticated. I want to see EVERYTHING on
    EVERYONE!!!
  • The system can define who is authorized to see
    and do what

17
Authorization Models
  • User Based
  • I have certain authorization rights based on who
    I am as an individual
  • Role Based
  • I have authority based on my role e.g. doctor vs.
    nurse vs. lab technologist
  • Context Based
  • Who you are Where you are What you are When
    you are What you are

18
Authorization Challenge
  • We do not want to prevent anyone from providing
    care
  • Authorization in many cases is based on
    relationship to the patient
  • Providers declare a relationship when a patient
    is accessed
  • person_provider_relationship
  • All patient data access is logged!!!
  • person_provider_activity

19
Accountability
  • You are held responsible for what you see and do
  • Difficult to develop systems-based ways of
    ensuring accountability
  • An ethics problem

20
Accountability
  • Security can help ensure accountability
  • Audit Logging We know where youve been
  • Password policies
  • Alert capabilities

21
Ethics and Morals
  • One definition
  • Morals choice between right and wrong
  • Ethics choice between right and right
  • Example 1
  • Famous person in hospital, and youre curious
    about their lab results
  • Example 2
  • Back to the banker example

22
Workplace Ethics
  • Many people may have access to patient data
  • Trust
  • Knowledge of Rules
  • Awareness of Consequences

23
A Problem
  • FAXing a document to a remote location
  • Anyone in the office can potentially see patient
    data
  • The office assumes all responsibility if they are
    a trusted business partner

24
Other Means of Security
  • Physical Access
  • Secured Areas locked rooms
  • Technology Solutions
  • An ORACLE instance can be locked out
  • Users of other ORACLE instances on the same
    machine cannot gain access

25
Technology Solutions
  • Data Encryption
  • Data Aging remove data after a certain time
  • Data Transmission Security cant move what
    isnt authorized
  • Local Authentication
  • Includes time-out function

26
Who is responsible?
  • Healthcare provider is ultimately responsible
  • But, the IT supplier that has a systems solution
    will have a competitive advantage
  • Systems must be HIPAA compliant
  • Authentication
  • Authorization
  • Access logging

27
Workplace Ethics II
  • Access to clients from IT supplier
  • High-privilege accounts, required for
    troubleshooting
  • Back-end data access we can see most anything
  • Client-specific security measures
  • They MUST follow ALL policies
  • Can someone look up data on celebrities? Family
    members?

28
Questions?
Write a Comment
User Comments (0)
About PowerShow.com