Understanding the Future of HIS TechnologyUnderstanding the Future of HIS TechnologyHS420-01Kaplan UniversityDawn HebbertProf. EdgertonMay 13, 20171
Understanding the Future of HIS TechnologyPartCompetency AssessedInstructions1•Awareness•Make sure all employees arecompetent.•Incorporate data security training within the context of larger employee education efforts.•Create role-based training courses.•Include breach detection and increase in training. •Incorporate data security messages in all employee communications channels. •Initiate a culture of security in the organization. •Employees have insufficient knowledge of security awareness may be largest overall risk and the most difficult to resolve–Involve employees in building a philosophy of security–Regular and engaging security knowledge.–Comprehends individual role and penalties.•Situational training–Social engineering assessments such as phishing, pre-text telephone calls–Usage of results of training as models.•Hotlines•Pictorial reminders•Systematic training•HIPAA Requirement•Remove the “it couldn’t happen to me” approach•No security measure is operational if the users are reluctant or not capable to implement them.•Costs2An effective HIE is contingent on trust linking the patient, the provider, and the HIE. In order to develop trust, HIEs must develop and incorporate policies and procedures leading their operations,including how they will preserve and secure protected health information (PHI).•Regulate access to patient records to providers involved in the patient's care.•Limit disclosures outside the treatment team on a case-by-case basis, as Basic elements of quality control in the managing ofrequests for ROI include substantiating the completeness and accuracy of the request, the authority of the requester, the identity of the patient, and the appropriateness of the information requested.•Check the content. Personnel must validate that requests for information check all data required by internal policy and state and federal guidelines. With the exclusion of medical emergencies, this must contain an option for a written request for release of medical information.•Check the legal authority of the requester. The patient or third party requesting information must have a legitimate standing to receive the 2
Understanding the Future of HIS Technologygoverned by their inclusion under the Notice of Privacy Practices or as an Authorized Disclosure under the law.•Safeguard that institutional policies and practices with regard to confidentiality, security and release of information are constant with guidelines and laws.•Educate healthcare personnel on confidentialityand data security guidelines,take steps to guarantee all healthcare personnel are aware of and comprehend their tasks to keep patient information confidential andsecure, and enforce sanctions for violations.