Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | shanon-nelson |
View: | 218 times |
Download: | 1 times |
Privacy, Security, and Ethics Privacy, Security, and Ethics Electronic Medical RecordsElectronic Medical Records
HLTH 2115 AAWCHLTH 2115 AAWCHealth InformaticsHealth Informatics
ContentsContents
• What is a medical record?What is a medical record?
• Security and PrivacySecurity and Privacy
• Archiving and disaster preventionArchiving and disaster prevention
• Accountabilty, Confidentiality, and Accountabilty, Confidentiality, and EthicsEthics
• Workplace considerationsWorkplace considerations
What is a medical record?What is a medical record?
• Everything about you performed by a Everything about you performed by a care providercare provider• Doctor, nurse, phlebotomist, radiology Doctor, nurse, phlebotomist, radiology
techniciantechnician
• Every activityEvery activity• Exams, meds, lab tests, x-raysExams, meds, lab tests, x-rays
• Paper formPaper form• ElectronicElectronic
Security, Privacy, ConfidentialitySecurity, Privacy, Confidentiality• Privacy – The RightPrivacy – The Right
• Right of the individual to have anonymityRight of the individual to have anonymity
• Confidentiality – The ExpectationConfidentiality – The Expectation• Obligation of the user of an individual’s information to Obligation of the user of an individual’s information to
respect and uphold that individual’s privacyrespect and uphold that individual’s privacy
• Security – The MechanismSecurity – The Mechanism• Policies, procedures, mechanisms, tools, technologies, and Policies, procedures, mechanisms, tools, technologies, and
accountability methods to support Privacyaccountability methods to support Privacy
PrivacyPrivacy
• Consent is requiredConsent is required• Patient RightsPatient Rights
• Inspection, Proposing Amendment, Inspection, Proposing Amendment, Disclosure AccountingDisclosure Accounting
• ExceptionsExceptions• Public Health, Legal Obligations for Public Health, Legal Obligations for
DisclosureDisclosure
PrivacyPrivacy
• Consent + Minimum NecessaryConsent + Minimum Necessary• Your data will not be presented in a way Your data will not be presented in a way
where you can be identifiedwhere you can be identified• If we mask your name, but leave your If we mask your name, but leave your
address, age, and gender, you can be address, age, and gender, you can be identifiedidentified
Security – The Three “A”sSecurity – The Three “A”s
• AuthenticationAuthentication• You are who you say you areYou are who you say you are
• AuthorizationAuthorization• You can see and do what you are You can see and do what you are
permitted by policy to see and dopermitted by policy to see and do
• AccountabilityAccountability• You are held responsible for what you see You are held responsible for what you see
and doand do
AuthenticationAuthentication
• Passwords – simplest form of Passwords – simplest form of authenticationauthentication
• Can be very secure, but one breach can Can be very secure, but one breach can spread rapidlyspread rapidly
• Can be too secure – if you forget your Can be too secure – if you forget your passwordpassword
Biometric AuthenticationBiometric Authentication
• Identify who you are by a physical Identify who you are by a physical attributeattribute
• SignatureSignature
• Facial PointsFacial Points
• Voice PrintVoice Print
• Typing StyleTyping Style
Biometric AuthenticationBiometric Authentication
• FingerprintFingerprint• Optical, DigitalOptical, Digital• Hmmm… would someone in Hmmm… would someone in
a hospital have access to a a hospital have access to a severed finger?severed finger?
• Iris/retinaIris/retina• Highly accurateHighly accurate• Same issue as with a dead Same issue as with a dead
fingerfinger• Requires a cameraRequires a camera
Authorization ModelsAuthorization Models
• User BasedUser Based• I have certain authorization rights based on who I I have certain authorization rights based on who I
am as an individualam as an individual• Role BasedRole Based
• I have authority based on my role e.g. doctor vs. I have authority based on my role e.g. doctor vs. nurse vs. lab technologistnurse vs. lab technologist
• Context BasedContext Based• Who you are + Where you are + What you are + Who you are + Where you are + What you are +
When you are What you areWhen you are What you are
AccountabilityAccountability
• Security can help ensure accountabilitySecurity can help ensure accountability• Audit Logging – “We know where you’ve Audit Logging – “We know where you’ve
been”been”• Password policiesPassword policies• Alert capabilitiesAlert capabilities
Ethics and MoralsEthics and Morals
• One definitionOne definition• Morals – choice between right and wrongMorals – choice between right and wrong• Ethics – choice between right and rightEthics – choice between right and right• Example Example
• Famous person in hospital, and you’re curious Famous person in hospital, and you’re curious about their lab resultsabout their lab results
Workplace EthicsWorkplace Ethics
• Many people may have access to patient Many people may have access to patient datadata
• TrustTrust
• Knowledge of RulesKnowledge of Rules
• Awareness of ConsequencesAwareness of Consequences
• Whistle-blowingWhistle-blowing
• Can someone look up information about a Can someone look up information about a family member or a celebrity?family member or a celebrity?
A ProblemA Problem
• FAXing a document to a FAXing a document to a remote locationremote location• Anyone in the office can Anyone in the office can
potentially see patient datapotentially see patient data
Other Means of SecurityOther Means of Security• Physical AccessPhysical Access
• Secured Areas – locked Secured Areas – locked roomsrooms
• Location of computer screenLocation of computer screen
• Technology SolutionsTechnology Solutions• Restrict levels of access to Restrict levels of access to
programsprograms• Time out functionTime out function
Technology SolutionsTechnology Solutions
• Data Encryption eg Data Encryption eg KHDOWK
• Data Aging – remove data after a Data Aging – remove data after a certain timecertain time
• Data Transmission Security – can’t Data Transmission Security – can’t move what isn’t authorizedmove what isn’t authorized
• Local AuthenticationLocal Authentication• Includes time-out functionIncludes time-out function
ArchivingArchiving
• Paper-based files may need Paper-based files may need to be kept for a number of to be kept for a number of years for legal reasonsyears for legal reasons
• Dead patients and inactive Dead patients and inactive patientspatients
• Archive paper-based files Archive paper-based files electronically by scanning and electronically by scanning and storing on secure hardwarestoring on secure hardware
Disaster controlDisaster control
• What happens when What happens when something goes wrong something goes wrong eg fire, flood, eg fire, flood, earthquake?earthquake?
Questions?Questions?