1 / 14

Academic Research Systems and HIPAA

This academic research paper explores the challenges of integrating HIPAA regulations into the academic and medical research cultures. It discusses the unique needs and conflicts faced by academic and medical researchers and provides a strategic positioning for implementing HIPAA regulations in research systems.

glassj
Télécharger la présentation

Academic Research Systems and HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Academic Research Systems and HIPAA Bridging Academic and Medical Cultures William K. Barnett Anurag Shankar

  2. Agenda • IU, IU Bloomington, and IU School of Medicine • Academic and Medical Research Cultures • IU Organization for Information Assurance • Strategic Positioning and Execution Customize footer: View menu/Header and Footer

  3. 50 Customize footer: View menu/Header and Footer

  4. Research Need Conflicts @ IU • Academic Researcher Needs • Control Sensitive • Schedule Insensitive • Security Insensitive • No Subject Privacy Concerns • Expert Users • Budget Sensitive • Medical School Researcher Needs • Control Sensitive (but different) • Schedule Sensitive • Security Sensitive • Subject Privacy Concerns • Inexpert Users • Budget Insensitive Customize footer: View menu/Header and Footer

  5. Research Need Synergies @ IU Academic Researcher Needs Medical School Researcher Needs • Rapidly Growing Data • Increasing use of Computational Approaches • Security Threat Increases • Growth of Online Tools • Local to National Collaborations Customize footer: View menu/Header and Footer

  6. Unique IT Organization at IU • University Information Technology Service (UITS) provides services for all 8 IU campuses • Information Assurance is managed by UITS, reports to Board of Trustees • Center for Applied Cybersecurity Research (CACR) a leader in privacy policy research • Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) leadership at IU • Office of Research Administration NOW covers both IU Bloomington and IU Medical School campuses – IRB and Compliance Customize footer: View menu/Header and Footer

  7. UITS at IU Office of the VP of IT and CIO at Indiana University • Research Technologies (RT) • Learning Technologies • Support • Enterprise Software • Enterprise Infrastructure • Networks • School of Medicine CIO Customize footer: View menu/Header and Footer

  8. Research Technologies (RT) at IU • High Performance Systems • Big Red (30.7 TeraFLOPS) • Quarry (7 TeraFLOPS) • Research File System with 500 TB • Mass Store archive with 4 PB (4,000 TB) • High Speed Parallel Storage with 1 PB • Advanced Visualization Laboratories • High Performance Applications and Grids • Life Sciences, including IUSM Advanced IT Core Customize footer: View menu/Header and Footer

  9. What are the HIPAA Rules? Privacy Rule • Policies and standards for protected health information (PHI) • For ‘covered entities’ (those who manage PHI) Security Rule • Security of PHI in electronic form (ePHI) Transactional Rule • Electronic billing and electronic claims Customize footer: View menu/Header and Footer

  10. What is the HIPAA Security Rule? It Does • Deal with electronic protected health information (ePHI) • In databases, files, compute systems, in transit • Represent a real legal and trust threat It is NOT • A standard (but NIST 800-53 is) • It cannot be complied with • It is not certifiable It IS • Auditable by CMS (Health and Human Svcs) Customize footer: View menu/Header and Footer

  11. Strategic Positioning for HIPAA Establish Information Protection for Privacy and Security (IPPS) oversight Committee and Review Process • Office of Research Administration, Compliance Office • IUSM CIO • IUSM Faculty • IU Information Assurance (Policy and Implementation) • UITS Enterprise Infrastructure • Director of High Performance Systems, Research Technologies Customize footer: View menu/Header and Footer

  12. IPPS Committee Role • Review Progress • Provide Advice • Act as Advocate with Medical Researchers • Provide Signoff on ability to handle ePHI IPPS Committee Goals • Prevent violation of patient privacy • Prevent loss of customer trust Customize footer: View menu/Header and Footer

  13. Implementation Process • Establish RT Implementation Group • Outside Consultant for Gap Analysis • Establish Controls and fill gaps with RT-wide team • Outside Consultant for Risk Analysis (required) • 90% of work was documenting controls • Establish ongoing Risk Management Plan • Change the way RT does business, including biannual review • Education and tools for Medical and Academic Researchers Customize footer: View menu/Header and Footer

  14. Questions? Thank you! • Bill Barnett, Indiana University, barnettw@iu.edu • Anurag Shankar, Indiana University, ashankar@iu.edu Customize footer: View menu/Header and Footer

More Related