Health Information Privacy and Security Flashcards
health insurance portability and accountability act (HIPAA)
- 1996
- privacy and security measure in healthcare
- privacy rule mandates to de-identify data by removing 18 identifiers (name, DOB, address, phone number, ID, etc.) and getting consent
- safeguards in place to ensure data is not compromised, and that it is only used for intended purpose
- should not impede treatment of patients:
- health plans (health insurers)
- health care providers
- health care clearinghouses- empires
american recovery and reinvestment act (ARRA)
- 2209
- after HIPAA
- HITECH follows
what image do we use in health care
DICOM
HIPAA is not required for
- life insurers
- employers
- schools and school districts
- many law enforcement agencies
administrative requirements
- written privacy policies and procedures
- privacy official
- workforce training and management
- mitigation strategy for privacy breaches
- data safeguards
- designate a complaint official and procedure to file complaints
- documentation and record retention- 6 years
data safeguard
-administrative, technical, and physical
document retention
- must hold records for 21 years when you are born
- mammography’s are kept forever
- after the first 21st years your records are kept every 6 years
administrative safegaurds
- security management processes to reduce and vulnerabilities
- security personnel
- information access management
- workforce training and management
- evaluation of security policies and procedures
physical safeguards
facility access
-workstation and device security policies and procedures covering transfer, removal, disposal, and re-use of electronic media
technical safeguards
- access control that restricts access to authorized personnel
- audit controls for hardware, software, and transactions
- transmission security to protect against unauthorized access to data transmitted on networks and via email
- ID, fingerprint, retinal scan, face scan, blood
confidentiality
- prevention of data loss
- usernames, passwords, and encryption are common measures
availability
- system and network accessibility
- power loss or network connectivity outages (Natural or accidental)
- backup generators, peripheral network security equipment
integrity
- trustworthiness and permanence of data
- data backup and archival tools
tools
- physical
- networks and information resources
- firewall, authentication
authentication and identity management
-photo identification, biometrics, smart card technologies, tokens, and the old standard; user name and password