Lab 3: HIPAA
HIMSS is a website that tells anyone that looks at it, what is going on. If you look up healthcare reform you are able to see all the updates that have been posted about the reform act. This can be helpful if you don’t know what the healthcare reform is or what is being changed within the act. Also you are able to look up things like health information technology. The links that I checked out about health IT seemed to have a lot of information but not in the easiest to understand if you do not know technology terminology.
In the PowerPoint by Mac McMillan, CEO CynergisTek, Inc, it states that the requirements of logging & auditing are HIPAA/HITECH, FTC Red Flag Rules, 21 CFR Part 11, 42 CFR part 2, SOX, GINA, FISMA, Payment Card Industry/Data Security Standard, and State Laws. These are the regulations or standards that you have to be in compliance with to have proper logging and auditing. Also this PowerPoint discusses privacy vs. security. Under this heading in the presentation there is two lists that show the differences between privacy auditing and security auditing. Under privacy auditing the company is being checked for privacy violations, internal threats, HER/ Clinical applications, and application log managers. These are not the only thing that is checked in a privacy audit but these are some. The security auditing has network/systems security, internal/external threats, IT infrastructure, and network log managers/SIEM. There is other areas that do get audited which can range from email encryption to policy management scanners. Some of the challenges that you may run into when doing an audit are lack of functionality, definition, data elements, integration, correlation, data mapping, access, the volume of systems or data, identity management, and health information exchanges to name the ones from this PowerPoint.
If you visit healthit.gov and research privacy and security section you will receive many links that have information. There is more than 5 pages of information. I checked out the first link on the first page when you search, “privacy and security section”. This link informs you of the trust that is required to realize the potential benefits of EHR (electronic health records). Also on this link, you are told that your practice is responsible for taking steps to protect C.I.A (confidentiality, integrity, and availability) of health information.
HIPAA requires that there be physical security to medical records, such as not being able to walk into a room that houses all medical records for a place of medical practice. Also HIPAA requires there to be security for the electronic storage and transfer of medical information. HIPAA was created to make sure that patient information was being handled with care and was not able to be accessed to any unauthorized personnel.
Health plans, health care clearinghouses, and any health care provided who transmits health information in electronic form is cover by the HIPAA Security Rule. The Security Rule is a national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a cover entity. This rule requires appropriate physical, technical, and administrative safeguard to ensure the C.I.A. tirade.
HIPAA Privacy Rule provides privacy rights and protections with respect to their health information. This includes important controls over how exactly health information is used and disclosed by health plans/ health care providers. The privacy rule clarifies when HIPAA permits health care providers to communicate with the family members, friends, or anybody else that is involved in the patient’s care, a parent of a patient who is considered a minor, decide the patient’s capacity to allow or object to the sharing of their information. The privacy rule permits health care providers to communicate to law enforcement about the release of a patient brought in for an emergency psychiatric hold. There are