Privacy and the Computerized Patient Medical Record CPRS - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Privacy and the Computerized Patient Medical Record CPRS

Description:

... strengthens the ability to define roles and responsibilities for clinical documents. ... Eliminated the SSN from the Veteran's Identification Card (VIC) ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 11
Provided by: chris934
Category:

less

Transcript and Presenter's Notes

Title: Privacy and the Computerized Patient Medical Record CPRS


1
Privacy and the Computerized Patient Medical
Record (CPRS)
Andrea Wilson RHIA VHA Privacy Specialist
October 10, 2007
2
Privacy Regulations
  • HIPAA Privacy Rule, 45 CFR Parts 160 and 164.
  • Privacy Act, 5 USC 552a
  • 38 USC 7332, Confidentiality of Certain Medical
    Records
  • 38 USC 5701, Confidential Nature of Claims
  • Freedom of Information Act (FOIA)
  • 38 USC 5705, Confidentiality of Quality Assurance
    records

3
VA Policies
  • VHA Handbook 1605.1, Privacy and Release of
    Information
  • VHA Handbook 1605.2, Minimum Necessary Standard
    for Protected Health Information
  • VA Directive 6600, Responsibility of Employees
    and Others Supporting VA in Protecting Personally
    Identifiable Information

4
Today--Electronic Health Records are Fully
Deployed Throughout VA
5
Privacy and VA Computerized Medical Record (CPRS)
  • Internal Safeguards for CPRS
  • User Class -provides a mechanism for sites to
    associate users with user classes, allowing them
    to specify the level of authorization and access
    to certain information.
  • Business Rules - further strengthens the ability
    to define roles and responsibilities for clinical
    documents. This authorizes specific users to
    perform specified actions on documents in
    particular statuses. (i.e., the Privacy Officer
    is the only one allowed access to amend a
    progress note
  • Sensitive Alerts Employees and at special
    request by a spouse, relative or other
    individuals for various reasons.

6
Privacy and VA Computerized Medical Record (CPRS)
  • HIPAA Privacy Rule.
  • Classification of Personnel based on functional
    categories.
  • Functional Categories- Gives guidance as to what
    each person has access to within their job duties
  • Providers have full access to CPRS in order to
    treat veterans
  • Engineer staff do not have access to CPRS

7
Role Based Access Controls
  • Role Based Accessed Control are roles with
    different privileges and responsibilities and
    implements limited forms of access constraints
    based on the users role within an organization.
  • Job specific- will only be able to access which
    is specific to the job
  • Collection of permissions. Users will receive
    permissions only to the roles that they are
    assigned

8
External Safeguards for the CPRS
  • Only employees with the need to know can access
    CPRS
  • External sources (JCAHO) can not have access to
    CPRS (must have a driver)

9
VA and Safeguarding the Social Security Number
(SSN)
  • VA has taken steps to eliminate the use of the
    SSN where it is not mission critical
  • Removed the SSN from enrollment letters
  • Eliminated the SSN from the Veterans
    Identification Card (VIC)
  • Masked SSN in the Explanation of benefits (EOB)
    letters
  • Scrambled or truncated the number when the SSN is
    needed

10
VHA Privacy Office Efforts
  • VHA Privacy Office has been working to develop
    tools, policies and guidance, monitoring
    capabilities and developing facility Privacy
    Officer and staff education. These efforts will
    foster a culture where appropriate use of the SSN
    is promoted and that all personally identifiable
    information collected and used for our nations
    veterans is treated with the highest level of
    confidentiality.
Write a Comment
User Comments (0)
About PowerShow.com