1 / 16

Protect Electronic Health Information

EHR & Meaningful Use for HIM Professionals R esource P atient M anagement S ystem. Protect Electronic Health Information. Presenters: Patricia Gowan RHIA , CPC - USET REC HIM Consultant Lisa Broome RPMS ISSO. Training Objectives. Understand the MU objectives and the measures

leanne
Télécharger la présentation

Protect Electronic Health Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EHR & Meaningful Use for HIM Professionals Resource Patient Management System Protect Electronic Health Information

  2. Presenters: Patricia Gowan RHIA, CPC - USET REC HIM Consultant Lisa Broome RPMS ISSO Privacy and Security

  3. Training Objectives • Understand the MU objectives and the measures • Review the role of HIM in conducting the security risk analysis • Examine role-based access as it applies to the EHR, HIPAA Privacy & Security Rule & FISMA (Federal Information Security Management Act) Privacy and Security

  4. Protect Health InformationObjective & Measure • Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities • Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) of the certified EHR technology, and implement security updates and correct identified security deficiencies as part of its risk management process. Privacy and Security

  5. MU Measure • Type of Measure: Attestation Privacy and Security

  6. What HIM Needs to Know • Protect electronic health information • Role in the Security Risk Analysis (physical, logical and environmental evaluations) • Role in determining role-based access as it applies to the HIPAA Privacy & Security Rule and FISMA Privacy and Security

  7. MU Software Requirements for the Certified EHR • Approved Encryption Software • Symantec EndPoint Encryption v8.0 • Credant2Go Shield v7.1 • 7-Zip v9.2 • WinHasher v1.6 • IPSec for RPMS Windows Sites • VanDyke for RPMS AIX Sites • Two-factor authentication for EHR access Privacy and Security

  8. Risk Analysis for MU & Continuous Monitoring • Designed to assess the security • Raise management’s awareness of major risks • Propose recommendations for mitigation • Ensure IHS meets federal requirements for MU Privacy and Security

  9. Risk Analysis for MU & Continuous Monitoring • Physical controls • Protecting information, e.g., PC behind closed doors, secure computer room • Environmental controls • Changes in the environment, e.g., snow storms, tornados, etc., • Logical controls • Use of software, collected data and hardware, e.g., Symantec Protection Suite, Access Control Lists (ACLs), etc., Privacy and Security

  10. Elements of Risk Assessment • Secure Fusion • Asset Inventory • Identification • System • Threat • Vulnerability • Control analysis • Risk mitigation • Signature of facility CEO/Area ISSO Privacy and Security

  11. Risk Mitigation • Prioritize, evaluate and implement appropriate risk – reducing controls recommended from the RA process • Risk analysis (Appendix G: Risk Mitigation worksheet) • Risk Analysis (Appendix H: Secure Fusion Mitigation Plan) Privacy and Security

  12. Storage of Completed RAs • RAs will be stored on SharePoint • HQ ISSOs • Perform periodic audits • Certify annually Privacy and Security

  13. HIPAA Privacy & Security RuleUpcoming Changes Photocopier/Fax/MFD • Have hard drives installed • Must be disposed of properly Business Associates: now responsible for their breaches Privacy and Security

  14. HIPAA Privacy & Security Ruleupcoming changes continued Patient request for medical information • Information must be provided to the patient within 30 days • If patient requests for electronic format such as CD/DVD/flash/e-mail • must be encrypted • patient may request unencrypted format and we must accommodate Privacy and Security

  15. Policy and Procedure Review: Protecting Health Information Clinical Lab Test Results

  16. Questions & Discussion Privacy and Security

More Related