Download - Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems
![Page 1: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/1.jpg)
Working with HIT Systems
Unit 7 Protecting Privacy, Security, and Confidentiality
in HIT Systems
![Page 2: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/2.jpg)
Objectives
By the end of this unit the student will be able to:•Explain and illustrate privacy, security, and confidentiality in HIT settings.•Identify common threats encountered when using HIT.•Formulate strategies to minimize threats to privacy, security, and confidentiality in HIT systems.
Component 7/Unit 7 2Health IT Workforce Curriculum
Version 1.0/Fall 2010
![Page 3: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/3.jpg)
Electronic Health Information Risks and Opportunities
• Access to electronic vs. paper records
• Public apprehension around digitization of health information
• Success of HIT systems depends on ensuring patient privacy
• Security can facilitate patient-centered care
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 20103
![Page 4: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/4.jpg)
Privacy, Confidentiality, Security Defined
• Privacy: patient is in control
• Confidentiality: only authorized individuals are allowed access
• Security: controls/safeguards that ensure confidentiality
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 20104
![Page 5: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/5.jpg)
Security Management System Standards
• ISO 27001
• NIST 800-53
• HIPAA
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 20105
![Page 6: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/6.jpg)
HIPAA and PHI
• Health Insurance Portability and Accountability Act of 1996
• Privacy Rule (effective 2003)
• Security Rule (effective 2005)
• HITECH Act of 2009
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 20106
![Page 7: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/7.jpg)
Types of Security Safeguards
• Administrative Safeguards
• Physical Safeguards
• Technical Safeguards
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 20107
![Page 8: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/8.jpg)
Administrative Safeguards
• Security Management Process– Risk Analysis– Risk Management– Sanction Policy– System Activity Review
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 20108
![Page 9: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/9.jpg)
Administrative Safeguards
• Assigned Security Responsibility– Security officer
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 20109
![Page 10: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/10.jpg)
Administrative Safeguards
• Workforce Security, Information Access Management– Who can and who cannot have access– Who determines who can have access and
how– Employee turnover– Contractors– User roles
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201010
![Page 11: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/11.jpg)
Administrative Safeguards
• Security Awareness and Training– Training– Security reminders– Log-in monitoring– Password management
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201011
![Page 12: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/12.jpg)
Administrative Safeguards
• Security Incident Procedures
• Contingency Plan– Data backup– Disaster recovery– Emergency operation plan
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201012
![Page 13: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/13.jpg)
Administrative Safeguards
• Evaluation
• Business Associate Agreements
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201013
![Page 14: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/14.jpg)
Physical Safeguards
• Facility Access Controls
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201014
![Page 15: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/15.jpg)
Physical Safeguards
• Workstation Use
• Workstation Security
• Device and Media Controls (e.g., media disposal, access to backup and storage media)
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201015
![Page 16: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/16.jpg)
Physical Safeguards
• Device and Media Controls– media disposal– access to backup and storage media
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201016
![Page 17: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/17.jpg)
Technical Safeguards
• Access Control– Unique user identification– Emergency access– Automatic logoff– Encryption/decryption
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201017
![Page 18: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/18.jpg)
Technical Safeguards
• Audit Controls
• Integrity
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201018
![Page 19: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/19.jpg)
Technical Safeguards
• Person or Entity Authentication– Password/Passphrase/PIN– Smart card/token/key– Biometrics– Two factor authentication
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201019
![Page 20: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/20.jpg)
Technical Safeguards
• Transmission Security– Integrity controls– Encryption
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201020
![Page 21: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/21.jpg)
Risk Analysis and Management
• Analysis– Gather data on potential threats and
vulnerabilities– Assess current security measures– Determine likelihood, impact and level of risk– Identify needed security measures
• Management– Develop a plan for implementation– Evaluate and maintain security measures
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201021
![Page 22: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/22.jpg)
Meaningful Use
• Criteria for meaningful use of EHRs related to privacy, security and confidentiality meant to align with HIPAA
• Emphasizes need to conduct a risk analysis
• Some specific requirements for EHR vendors
Component 7/Unit 7Health IT Workforce Curriculum
Version 1.0/Fall 201022
![Page 23: Working with HIT Systems Unit 7 Protecting Privacy, Security, and Confidentiality in HIT Systems](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649f1e5503460f94c360d8/html5/thumbnails/23.jpg)
Summary
Component 7/Unit 7 23Health IT Workforce Curriculum
Version 1.0/Fall 2010
• Privacy, security, and confidentiality in HIT settings
• Common threats encountered when using HIT
• Strategies to minimize threats to privacy, security, and confidentiality in HIT systems.