1 / 26

Safeguarding Sensitive Health Data: Best Practices in the Digital Age

Learn about HIPAA rules, password security, and privacy measures to protect personal health information from breaches in the medical industry and online. Understand the risks and solutions for securing electronic health records and maintaining patient confidentiality. Take steps to prevent social media mishaps that lead to privacy violations and legal consequences.

vlove
Download Presentation

Safeguarding Sensitive Health Data: Best Practices in the Digital Age

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Personal Health Information:Handling and protecting sensitive material in the medical field and in a digital world By heather rohr Spring 2018

  2. Personal Health Information

  3. Important years and terms • Health Information Management (HIM) • 1928; documenting medical practices to improve patient care • Health Insurance Portability and Accountability Act (HIPAA) • 1996; formed with the main purpose to protect patient health information • Electronic Health Records (EHR); • Personal Health Records (PHR for patient’s use) • Early 21st Century; Digital forms of Health Records

  4. Challenges for PHI • Improper placement and securing of paperwork • Compromise of Electronic Health Records (EHR) • The use of Unsecured Electronics • Social Media

  5. HIPAA • In order to protect patient health information • To cover entities and business associates • *According to Security Metrics

  6. examples of covered entities (HIPAA) • Doctors • Dentists • Pharmacies • Health insurance companies • Company health plans • *According to Security Metrics

  7. HIPAA : Basic privacy Rules • •Spelling out administrative responsibilities • • Discussing written agreements between covered entities and business associates • • Discussing the need for privacy policies and procedures • • Describing the employers’ responsibilities to train workforce members and implement requirements regarding their use and disclosure of PHI. • *According to Security Metrics

  8. Password risks and logging on • Passwords not lock away or out of sight • Making passwords too easy for everyone to guess (including intruders) • Including dictionary words when one should not

  9. Password recommendations • Avoid actual words from the dictionary • Include at least one uppercase letter, lowercase letter, special character, and a number • Longer passwords take a longer time to crack by hackers • Bad example: 12345 • McGraw -Hill Osborne Media, 2008

  10. Shoulder Surfing • When someone is overlooking another person on the computer to watch what is happening • An opportunity for someone to overlook what passwords are pressed into a keyboard • To look over the shoulder to see what is displayed on the computer screen • Slightly preventable with filter screens and select placement of computer monitor • McGraw -Hill Osborne Media, 2008

  11. Dumpster diving • When someone digs through another person’s garbage • More physical than digital • Looking through paperwork that can be escribed with sensitive and personal information • Sometimes used to learn even more important information • McGraw -Hill Osborne Media, 2008

  12. Methods of destruction • Paper Material: • Shredding • Pulping • Burning • Electronic: • Zeroizing • Crushing • Deleting

  13. Important Note: verify with your chain of command and other members responsible for records, before proceedingwith destruction of records and other material.(This will prevent lawsuits and trouble later)

  14. Social attacks • Social Engineering use non-technical methods to attempt to gain unauthorized access to a system or network, by ways of manipulation.

  15. Physical Security • Lock up spaces when everyone authorized it leaving • People only allowed to gain access when they have permission, or are already present on an access list • Various ways to prove your identity • ID card, Passwords, Retina scan, Thumb / Finger print scan • Some facilities (i.e. Google Data Center, Military), even need approval before driving a car into a fenced in area

  16. Social mediaand posting online

  17. Weak ties and connections to others • There are like Connections to friends of friends • (and their friends) • For example: Facebook has tons of connections to friends of friends

  18. Posting Information from work and medical spaces • Can lead to compromise of PHI • Humiliate patients (and their privacy) • Lead to Law suits and work termination

  19. Posting a SeLFie with PHI An employee posts a selfie in front of Patient’s PHI Patient’s Information was stolen after it was posted on Social Media *From SecurityMetrics YouTube Video: “HIPAA Snippets: Social Media Compliance”

  20. Example of regrettable posts on social media • Nursing students posing with a human placenta on Facebook • Emergency room doctor was terminated, reprimanded by the state medical board, and fined $500 for posting information online about a trauma patient • Four staff members terminated, and three members were disciplined for posting photos of a dying patient on Facebook • Administrative Assistant was terminated for a tweet expressing her dislike for a politician having the facility staffed on the weekend • * Information Provided Article, HIPAA violations on social media: think before you post!, for AMT Events, by Dorothy Bouldrick, DMA, MRA, RMA

  21. Lawsuits • Terminations from work and the career field • Hospitals getting fined or sued for: • Compromise of PHI • Failure to protect a patient • Emotional trauma • Right to Privacy violations

  22. Hippocratic Oath: Classical Version *PBS.org To hold him who has taught me this art as equal to my parents and to live my life in partnership with him, and if he is in need of money to give him a share of mine, and to regard his offspring as equal to my brothers in male lineage and to teach them this art—if they desire to learn it—without fee and covenant; to give a share of precepts and oral instruction and all the other learning to my sons and to the sons of him who has instructed me and to pupils who have signed the covenant and have taken an oath according to the medical law, but no one else.I will apply dietetic measures for the benefit of the sick according to my ability and judgment; I will keep them from harm and injustice.I will neither give a deadly drug to anybody who asked for it, nor will I make a suggestion to this effect. Similarly I will not give to a woman an abortive remedy. In purity and holiness I will guard my life and my art.I will not use the knife, not even on sufferers from stone, but will withdraw in favor of such men as are engaged in this work.Whatever houses I may visit, I will come for the benefit of the sick, remaining free of all intentional injustice, of all mischief and in particular of sexual relations with both female and male persons, be they free or slaves.What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.If I fulfill this oath and do not violate it, may it be granted to me to enjoy life and art, being honored with fame among all men for all time to come; if I transgress it and swear falsely, may the opposite of all this be my lot.

  23. Hippocratic Oath: Modern Version *PBS.org I swear to fulfill, to the best of my ability and judgment, this covenant:I will respect the hard-won scientific gains of those physicians in whose steps I walk, and gladly share such knowledge as is mine with those who are to follow.I will apply, for the benefit of the sick, all measures [that] are required, avoiding those twin traps of overtreatment and therapeutic nihilism.I will remember that there is art to medicine as well as science, and that warmth, sympathy, and understanding may outweigh the surgeon's knife or the chemist's drug.I will not be ashamed to say "I know not," nor will I fail to call in my colleagues when the skills of another are needed for a patient's recovery.I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know. Most especially must I tread with care in matters of life and death. If it is given me to save a life, all thanks. But it may also be within my power to take a life; this awesome responsibility must be faced with great humbleness and awareness of my own frailty. Above all, I must not play at God.I will remember that I do not treat a fever chart, a cancerous growth, but a sick human being, whose illness may affect the person's family and economic stability. My responsibility includes these related problems, if I am to care adequately for the sick.I will prevent disease whenever I can, for prevention is preferable to cure.I will remember that I remain a member of society, with special obligations to all my fellow human beings, those sound of mind and body as well as the infirm.If I do not violate this oath, may I enjoy life and art, respected while I live and remembered with affection thereafter. May I always act so as to preserve the finest traditions of my calling and may I long experience the joy of healing those who seek my help.

  24. Although we do not all take an Oath * Doctors and Surgeon May take the Hippocratic Oath - which has been update for Modern Medicine*Managers of PHI do not have to pledge an oath - But Still entitled to protect a Patient’s PHI - to keep them from harm and injustice

  25. References used for ISC 471 project M. Abdelhak, & M. Hanken; Health Information: Management of a Strategic Resource (Edition 5); Elsevier; 2016Samuelle, T.J., Mike Meyers' CompTIA Security+ Certification Passport, Second Edition (Mike Meyers' Certification Passport), McGraw -Hill Osborne Media, 2008YouTube, Security and Data Protection in a Google Data Center, https://www.youtube.com/watch?v=cLory3qLoY8, G Suite (username), September 18, 2013YouTube Video, HIPAA Snippets: Destroying PHI, https://www.youtube.com/watch?v=zwMbfYmqVoA, SecurityMetrics, Inc. (Username), March 21, 2014YouTube Video, HIPAA Snippets: Social Media Compliance, https://www.youtube.com/watch?v=n6WMGg26ljA, SecurityMetrics, Inc. (Username), February 20, 2014SecurityMetrics, Inc. https://www.securitymetrics.com/hipaa Bouldrick, Dorothy, HIPAA violations on social media: think before you post! , AMT Events. March 2015, Vol. 32 Issue 1, p24, 4 p., American Medical Technologists, 2015Tyson, Peter; The Hippocratic Oath Today; http://www.pbs.org/wgbh/nova/body/hippocratic-oath-today.html, NOVA (PBS), Posted March 27, 2001

  26. Thank you Heather Rohr 2018

More Related