1 / 20

PRIVACY REGULATION IN HEALTHCARE: WHAT WORKS, WHAT DOESN’T AND WHY

PRIVACY REGULATION IN HEALTHCARE: WHAT WORKS, WHAT DOESN’T AND WHY. Privacy and security. Security. SECURITY ISSUES. Medical ID Theft/Fraud (Brittany Spears) Outsourcing Data Breach Public Exposure. SECRUITY.

nasnan
Download Presentation

PRIVACY REGULATION IN HEALTHCARE: WHAT WORKS, WHAT DOESN’T AND WHY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Corporation Confidential and Privileged

  2. PRIVACY REGULATION IN HEALTHCARE: WHAT WORKS, WHAT DOESN’T AND WHY

  3. Privacy and security Microsoft Corporation Confidential and Privileged

  4. Security

  5. SECURITY ISSUES • Medical ID Theft/Fraud (Brittany Spears) • Outsourcing • Data Breach • Public Exposure

  6. SECRUITY • Current Protections: California AB 1298: requires companies with medical information to take steps to protect it • Federal Protections: Federal Data Breach Legislation; The Trust Act (HR 5442); Health Information Privacy and Security Act (S 1814)

  7. SECURITYCALIFORNIA AB 1298 • State law requirements on protecting privacy/data breach expanded to include medical and health information. • Covers any business that maintains medical information – specifically the data breach notification requirements apply to all entities, not just health care providers. • Audit, Security Measures, Encryption, Training, Breach Response

  8. SECURITYTRUST ACT, HR 5442 • Requirement to establish “appropriate administrative, organizational, technical, and physical safeguards and procedures to ensure the privacy, confidentiality, security, accuracy, and integrity of personal health information” that is held or used.

  9. TRUST ACT • HHS to develop model guidelines for safeguards and procedures on “individual authentication, access controls, audit trails, encryption or any additional security methodology or technology other than encryption which renders data in electronic form unreadable or indecipherable, physical security, protection from remote access points and protections of external electronic communications, periodic security assessments….etc.”

  10. Privacy

  11. DATA PROTECTION ISSUES • Data Use: Marketing (By who? For what?) • Discrimination: Insurance; Workplace; Benefits • Public Exposure • Government Access

  12. REGULATORY LIMBO • Health Insurance Portability and Accountability Act (HIPAA) does not apply to EHR’s/PHR’s. • HIPAA allows health-care providers to share your data to treat you. But, HIPAA also allows information to be shared with “business associates” – and you may not be able to say “no.” • HHS – no national strategy that addresses privacy and security of medical health records.

  13. PROPOSED RULES • Trust Act/Health Information Privacy and Security Act • Call for: Privacy Rights • Includes: Consent, Notice, Access/Correction, Inspect/Copy, Breach Notification, Audit, Security

  14. WHY IS THIS IMPORTANT TO GET RIGHT? • Public trust is needed for adoption of HIT. • 58% concerned that existing regulatory framework does not provide adequate protections. • “Despite public interest (in PHR’s), security was a major consumer concern that would hinder public participation in the medium.”

  15. FOCUS: NEED FOR A POLICY FRAMEWORK • Authentication • Access/Authorization • Security • Use/Disclosure Policies • Secondary Use • Deidentification • Research/Public Health

  16. Microsoft HealthVault Design Fundamentals The HealthVault ecosystem has been designed with three core fundamentals in mind: Privacy and Security, which are critical to building customer trust; and Interoperability, which is critical to gaining industry trust. Microsoft Corporation Confidential and Privileged

  17. Microsoft core privacy principles & HealthVault Microsoft’s Corporate Privacy Group has outlined 10 company-wide privacy principles. HealthVault delivers against each of those areas while also supporting our own privacy principles Microsoft Corporation Confidential and Privileged

  18. Microsoft core privacy principles & HealthVault, cont’d Microsoft Corporation Confidential and Privileged

  19. Microsoft core privacy principles & HealthVault, cont’d Microsoft Corporation Confidential and Privileged

  20. Microsoft Corporation Confidential and Privileged

More Related