hipaa requirements for computer -based patient … requirements for computer -based patient record...
TRANSCRIPT
![Page 1: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/1.jpg)
HIPAA Requirements forComputer-based Patient Record
Systems and
the CPR Selection Toolkit
Caroline Samuels [email protected]
![Page 2: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/2.jpg)
JHITA November, 2001
2
Overview
• CPR Functional Requirements to Support HIPAA Implementation– Procedural– Technical– Implementation-Dependant
• CPRI-Host CPR Selection Toolkit– What is it?– Target Population – Users– Target Population - Vendors– How Does it Work?
![Page 3: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/3.jpg)
JHITA November, 2001
3
CPR System Requirements for HIPAA
Procedural• Most of the new HIPAA Requirements
are largely Procedural– Appointment of Security Officer– Security Programs and Training– Consent and Authorization Requirements– Patient rights– Security procedures (audits, assessments,
etc.)
![Page 4: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/4.jpg)
JHITA November, 2001
4
CPR System Requirements for HIPAA
Technical:• Encryption for messages sent “in the clear”• Capability to limit functions/access by role• Capability to attribute actions to an individual• Capability to treat information at a granular
level• Capability to produce audit trails
![Page 5: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/5.jpg)
JHITA November, 2001
5
CPR System Requirements for HIPAA
Implementation-dependent• System Implementation vrs System
Capability – Example - System may be capable of role-
based access, but can be implemented such that all users can access all information. This would result in non-compliance with HIPAA requirements
![Page 6: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/6.jpg)
JHITA November, 2001
6
CPR System Requirements for HIPAA
Implementation-dependent• For currently installed products
– Table modifications (codes, redefinitions)– Upgrades (encryption)– New access categories (patient)– Password functionality (expiration)– Customizations (warning screens)
![Page 7: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/7.jpg)
JHITA November, 2001
7
CPR System Features for HIPAA Support
Patient Access to His/Her RecordSystem Requirement:– Print-out of the record or– Access to the electronic record
• Access to ONLY the patient’s own record• If remote access – secure access
![Page 8: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/8.jpg)
JHITA November, 2001
8
CPR System Features for HIPAA Support
Patient-requested AmendmentSystem Requirements:– System capable of capturing patient-
submitted amendment if accepted– System supports notification of persons
who are know to have received previous information
– If denied, system captures request/denial
![Page 9: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/9.jpg)
JHITA November, 2001
9
CPR System Features for HIPAA Support
ConsentsSystem Requirements:– System captures patient consent– System captures revocation of consent
![Page 10: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/10.jpg)
JHITA November, 2001
10
CPR System Features for HIPAA Support
Authorization (if supported by CPR)System Requirements:– System captures authorization– System captures revocation, expiration of
authorization, and can fire alert based on date
– System captures name, address of entity getting the released information
– System captures the description of the information released
![Page 11: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/11.jpg)
JHITA November, 2001
11
CPR System Features for HIPAA Support
Authorizations (cont.)– System captures a description of the
information released– System captures the purpose of the
release– System can produce a record of all
disclosures for a given patient with all relevant information (enumerated above) covering preceding 6 years
![Page 12: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/12.jpg)
JHITA November, 2001
12
CPR System Features for HIPAA Support
Minimum Necessary[Not applicable for treatment purposes]– Role-based access– Database retains and reports information
at a granular level– Audits report individual access at a
granular level
![Page 13: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/13.jpg)
JHITA November, 2001
13
CPR System Features for HIPAA Support
Research [Requirements largely procedural, IRB]– Ability to de-identify information, remove:
NameAddressAll identification numbersAll dates except yearEtc [regulation contains a complete list]
– Ability to report de-identified aggregate data
![Page 14: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/14.jpg)
JHITA November, 2001
14
CPR System Features for HIPAA Security Requirements
[final rule pending]
• Authorization controls
• Role-based access • Emergency access• Authentication
control • Password controls
• Audit controls• Data integrity• Workstation time-
out Automatic back-up
• Virus Protection
![Page 15: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/15.jpg)
JHITA November, 2001
15
CPR Selection Toolkit
Web-based Servicewww.cpri-host.org
Database of Feature/Functions of a Computer-based Patient Record (CPR) system (over 350 items)
Vendor-submitted specifications
![Page 16: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/16.jpg)
JHITA November, 2001
16
CPR Selection Toolkit
Target Population - UsersPracticing Physicians, Solo and Group
Practices Small Clinics
Target VendorsCPR Vendors with and without Practice
Management partnersNiche Vendors supporting medical practice
(Rx, Patient call-back, dictation, etc.)
![Page 17: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/17.jpg)
JHITA November, 2001
17
CPR Selection Toolkit
FunctionUser Selects Priority features, practice
setting and price constraintsToolkit software lists CPR products meeting
the specified criteriaSearch parameters modifiable to repeat
search in order to adjust length of candidate list
Complete feature/function list and contact information of candidate systems reported
![Page 18: HIPAA Requirements for Computer -based Patient … Requirements for Computer -based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD csamuels@pol.net. JHITA](https://reader031.vdocuments.mx/reader031/viewer/2022030506/5ab487d67f8b9a0f058bea6c/html5/thumbnails/18.jpg)
JHITA November, 2001
18
Questions