Protecting the security of electronic patient data

If your patient records aren't already stored digitally, they are likely to be digitized soon. There is a tremendous push by the federal government-as well as by some private payors and self-insured employers-to get all healthcare providers wired in the near future, in order to better coordinate patient care, improve outcomes, and "bend the cost curve "all at the same time. There are some financial incentives in play to achieving "meaningful use" of "certified" EHR systems; those terms are to be defined in federal regulations later this year, but the outlines of those definitions are already pretty clear.

Once all that patient data-or as it is known in HIPAA-speak, protected health information (PHI)-is stored electronically, it becomes exposed to potential data breaches. In late September, two sets of federal regulations took effect that address the way in which PHI should be maintained, and the steps that should be taken to prevent a data breach and to notify the government and affected individuals in the event there is a data breach .

Compliance with these rules-issued under authority of the HITECH Act by the US Department of Health and Human Services (HHS) with respect to healthcare providers, and by the Federal Trade Commission (FTC) with respect to EHR vendors and other similar third parties- requires affected practices and businesses to assess and update their data privacy and security policies and procedures, as well as train all affected staff accordingly.
The exposure in case of violation is significant, both in terms of fines and penalties and in terms of bad publicity-certain data breaches require notice to potentially affected individuals via the general media in addition to notices required to be filed with the regulators. The new rules-I call them Son of HIPAA-are layered on top of existing HIPAA privacy and security rules: the FTC's Red Flags Rule, regarding identity theft protections to be put in place by any "creditor" (which includes healthcare providers not paid in full at the time of service), and state privacy rules. While HHS and FTC took some pains to harmonize the new rules so that patients will not be bombarded with multiple data breach notifications about the same incident, for example, the other applicable rules out there have not been harmonized.

http://translate.google.gr/translate?hl=el&sl=el&tl=en&u=http%3A%2F%2Fwww.kevinmd.com%2Fblog%2F2010%2F01%2Fprotecting-security-electronic-patient-data.html

HOW SAFE ARE MEDICAL RECORDS IN THE AGE OF DIGITAL RECORD KEEPING?

When you go to the hospital, federal law says that only doctors, other health care providers and those who pay for your care, such as insurance companies, can access your medical records. But what protects patients against the prying eyes of health care professionals who take a less than professional interest in their medical history?
In 2008, “Jane” had a brief sexual relationship with Dr. Joshua Welch, who was then a family physician at Fletcher Allen Health Care in Burlington. Because he was married, Jane assumed that all aspects of the Welch affair would remain confidential.
But shortly after their relations began, Jane — who asked to remain anonymous due to the nature of her case — developed a condition that led her to wonder, among other things, whether she had contracted a sexually transmitted disease from Welch. She informed him via email that she was going to get tested.

http://www.7dvt.com/2010how-secure-are-medical-records-age-digital-record-keeping

PATIENT CONFIDENTIALITY

Physicians have always had a duty to keep their patients' confidences. In essence, the physician's duty to maintain confidentiality means that a physician may not disclose any medical information revealed by a patient or discovered by a physician in connection with the treatment of a patient. In general, AMA's Code of Medical Ethics states that the information disclosed to a physician during the course of the patient-physician relationship is confidential to the utmost degree. As explained by the AMA's Council on Ethical and Judicial Affairs, the purpose of a physician's ethical duty to maintain patient confidentiality is to allow the patient to feel free to make a full and frank disclosure of information to the physician with the knowledge that the physician will protect the confidential nature of the information disclosed. Full disclosure enables the physician to diagnose conditions properly and to treat the patient appropriately. In return for the patient's honesty, the physician generally should not reveal confidential communications or information without the patient's express consent unless required to disclose the information by law. There are exceptions to the rule, such as where a patient threatens bodily harm to himself or herself or to another person.

http://www.ama-assn.org/ama/pub/physician-resources/legal-topics/patient-physician-relationship-topics/patient-confidentiality.page

MEDICAL RECORDS PRIVACY

Many people consider information about their health to be highly sensitive, deserving of the strongest protection under the law. Long-standing laws in many states and the age-old tradition of doctor-patient privilege have been the mainstay of privacy protection for decades.

The federal Health Insurance Portability and Accountability Act (HIPAA) sets a national standard for privacy of health information.

https://www.privacyrights.org/fs/fs8-med.htm

PROTECTING WHAT IS MOST IMPORTANT...MY CHILD

Infant Security, Patient Protection and Asset Tracking can be provided with one hardware and software infrastructure. By utilizing Radio Frequency Identification (RFID) Technology, the MyChild™ System can protect, track and locate babies, children, wandering patients, staff and equipment.

http://www.securemedicalsystems.com/

SECURITY CHALLENGES OF ELECTRONIC MEDICAL RECORDS

CSO - Under his recently unveiled fiscal stimulus plan, President Obama seeks to invest up to US$20 Billion in federal funds to achieve widespread deployment of Electronic Medical Records (EMRs). http://www.computerworld.com/s/article/9128261/Security_Challenges_of_Electronic_Medical_Records

MOBILE ELECTRONIC FILE

Providing the best possible treatment and care of

patients is the highest priority for hospitals. At

the same time, they have to meet healthcare

documentation requirements and ensure that the

organizational aspect of the “hospital business

enterprise” runs smoothly. This is a challenge that

calls for a mobile infrastructure of the highest

technical standard, one that allows optimal patient

care by doctors and nursing staff to be brought in

line with efficient, time-saving administrative procedures

and documentation.
http://212.52.239.202/files/pdf/CS_Unikl_Ulm_ENG_screen.pdf

MEDICAL DEVICE SECURITY

Medical devices and systems represent a growing risk with respect to the security of the medical data they contain. Hospitals and similar healthcare organizations typically have 300% to 400% more medical equipment than IT devices and two trends are contributing to the increasing significance of this security risk:

Medical devices and systems are being designed and operated as special purpose computers …

http://www.himss.org/asp/topics_medicalDevice.asp

STUDY POINTS TO CRITICAL GAPS IN HOSPITAL DATA SECURITY

Even as providers work to update their security environments, hospital data continues to be at serious risk, according to the 2010 HIMSS Analytics Report: Security of Patient Data.

Despite new statutory requirements for healthcare privacy and security, the study found critical gaps in data security – and its findings suggested that efforts to keep data safe were often more reactive than proactive, with hospitals dedicating more resources to breach response than to breach prevention.

http://www.healthcareitnews.com/news/study-points-critical-gaps-hospital-data-security

CONCERNS OVER SECURITY OF MEDICAL RECORDS AT HOSPITALS

THOUSANDS of non-medical staff at hospitals across the region have access to confidential medical records. New research reveals that around the country there are at least 100,000 non-medical personnel in NHS Trusts with access to confidential medical records.