Securityrulebasicconcepts securityrulebasicconcepts

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: rotected Health Information (PHI = person identifiable) must be managed with the same attention to consent for use, access control, and documentation of actions performed as are currently applied to physical objects such as tissue. • Access to PHI is based on the general principle of “need to know” and “minimum necessary” rather than professional role HIPAA Round 2: HIPAA Round 2: the Security Rule Overview Overview • Affects HIPAA Covered Entities that maintain Protected Health Information (PHI) in electronic form • Directs CE’s to ‘develop, implement, maintain, and document’ security measures, and keep them current. Security Rule: Basic Concepts Security Rule: Basic Concepts • Scalable: burden relative to size and complexity of healthcare organization • Not linked to specific technologies, and anticipates future changes in technology • Unlike Privacy Rule, affects only electronic information • Applies security principles well established in other industries HIPAA Security Rule HIPAA Security Rule Functional areas • • Information Availability Protection against unauthorized: – Access – Alteration – Deletion – Transmission • Monitoring (audit trails) Covered entities are required to: Covered • Assess potential risks and vulnerabilities Assess • Protect against threats to information Protect security or integrity, and against unauthorized use or disclosure • Implement and maintain security Implement measures that are appropriate to their needs, capabilities and circumstances • Ensure compliance with these Ensure safeguards by all staff Security Vulnerabilities in Security Vulnerabilities in Healthcare Settings • Unintentional disclosures • Well­intentioned but inappropriate employee behavior • Disgruntled employees • Self­insured employers • ? Competitors • VIP patients • Hackers • Data mining Data mining as confidentiality threat Ethnicity Name Visit date Address Diagnosis ZIP Procedure Birth date Medication Sex Total ch...
View Full Document

This document was uploaded on 01/14/2014.

Ask a homework question - tutors are online