n102y health information technology module privacy security ethics

N102Y Health Information Technology Module

Privacy Security

EthicsProtecting Patient

Information AND

Patients

Patient Privacy and Confidentiality

Health Information Technology

I know about HIPPA!Confidentiality and Privacy

Risks of EHRs • Both paper and electronic records have privacy

issues• Easily accessible info and lots of it• Not well controlled environments• Physical security issues• Data security issues• Where does the information go?

Discussion:HIPAA violations seen in clinical

Data Security

Health Information Technology

Types of Safeguards Physical

• Building security• Equipment security

Administrative• Password, log in monitoring, access control

Technical• Encryption• Auto log off

Protecting the Security of Healthcare Data

Controlling users Passwords (what’s a

“strong password”!?) Authentication

• Biometrics• RFID technology

Auditing Authorizing

Protection from the outside

Antivirus/antispyware Site blockingPhysical Location of

workstations Screen filters

Violations Data for 17,500 patients was

unsecured for at least 10 months, due to the disabling of firewall protections

Fine: $400,000 Unencrypted laptop computer

containing the electronic protected health information (ePHI) of 441 patients was stolen in June 2010

Fine: $50,000

HIPAA violation fines

What Kind of Breach? Unintended disclosure Payment Card Fraud Hacking or malware Insider Physical loss Portable device Stationary device Unknown or other

Patient Rights

Health Information Technology

Current Legislation

HIPAA OMNIBUS ruling• Released March 2013• Enforcement begins end of Sept 2013• Implements a number of provisions of the

HITECH Act Part of the ARRA 2009

Patient’s have the right to: request information (copy of their chart) write a statement of disagreement and place

in record share info among care providers and for

reporting not share info to employers, get a report “accounting of disclosures” choose communication methods file a complaint if a violation is suspected request to share/not share if paying out of

pocket

Nursing Ethics and Patient Privacy

Health Information Technology

ANA Code of Ethics The nurse, in all professional relationships,

practices with compassion and respect for the inherent dignity, worth and uniqueness of every individual, unrestricted by considerations of social or economic status, personal attributes, or the nature of health problems.

The nurse promotes, advocates for, and strives to protect the health, safety, and rights of the patient.

Ethics activity What type of data breach is it? What were the consequences? Why is it unethical? What can be done to prevent this

from happening again?

Other HIT Ethical Issues Imaging Treatments Genomics Mobile health Access to technology

The Role of the Nurse:-Privacy-Confidentiality -Security of Patient Information

Health Information Technology

Privacy, Confidentiality and Security Begin with You

Secure your documentation Protect your patient’s privacy

• Social media policies• No cameras in many hospitals

Use strong passwords• Do not write down!

referencesCenters for Medicare and Medicaid Services. (2007) HIPAA Security Series, Security Standards: Technical Safeguards. Retrieved July 9, 2013 from

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf Centers for Medicare and Medicaid Services. (2007) HIPAA Security Series, Security Standards: Physical Safeguards. Retrieved July 9, 2013 from

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf Centers for Medicare and Medicaid Services. (2007) HIPAA Security Series, Security Standards: Administrative Safeguards. Retrieved July 9, 2013 from

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf Panchadsaram , P. (May 27 2013) TedMed talk: Empowering patients through information design

retrieved July 9, 2013 from http://www.youtube.com/watch?v=7Mv8UzJlUtw&feature=youtu.be

Security Breaches 2005 – Present retrieved July 9, 2013 from http://www.privacyrights.org/data-breach

OnlineTech. (2013) What is a HIPAA violation? Retrieved July 9, 2013 from http://www.onlinetech.com/compliant-hosting/hipaa-compliant-hosting/resources/what-is-a-hipaa-violation

American Nurses Association. (2011) Nursing Code of Ethics. Retrieved July 9, 2013 from http://www.nursingworld.org/codeofethics