SlideShare a Scribd company logo
1 of 14
Download to read offline
M2SYS Healthcare Solutions
Free Online Learning Podcasts
Podcast length – 35:02
Topic: Healthcare IT Data Security – HIPAA compliance,
HIMSS Privacy & Security Task Force Objectives, What is
“Privacy”, Technology Options to Protect Patient Data,
Adoption Trends for Personal Health Information (PHI)
Applications
Mac McMillan, Chair, HIMSS Privacy & Security Policy Task Force
Topics Covered in Podcast:
HIMSS Privacy and Security Task Force Mission and Objectives
Defined
HIPAA Rule Changes and How it Effects Provider – Business
Associate Relationship
The Difference Between “Access” and “Possession” of PHI
Information & How it Impacts HIPAA Compliance
What Does “Privacy” Mean?
How Does “Fear” Factor into Policies Surrounding Privacy?
Topics Covered in Podcast (continued):
Viable Technologies to Protect Patient Data
Do Biometrics for Patient ID Violate a Patient’s Privacy?
PHI Application Patient Adoption Trends
• Made up of all volunteer staff
• Primary purpose: Review policy issues affecting privacy and security in
healthcare that arise from new legislation, regulation, or rules
• Task Force also supports the official HIMSS review process for their
responses to new legislation and new rules
• Helps to ensure consistency for HIMSS responses that stay in line with
goals
• Mac’s experience in knowing how government works in terms of
regulations, rules, directives, and standards has helped him understand
role and direction as Chair of the HIMSS Privacy and Security Task Force
HIMSS Privacy and Security Task Force Mission and
Objectives
HIPAA Rule Changes and How it Effects Provider –
Business Associate Relationship
• September 23rd: HIPAA compliance deadline for providers & business
associates on how Personal Health Information (PHI) is maintained and
protected & changes to data breach notifications and enforcement
• Changes:
• Breach notification – changes to the reporting rules
• Business Associate status – how does the rule apply to business
associates and sub-contractors?
• Privacy Provisions – helps protect patient privacy through more
effective data management
• Enforcement – new guidelines on what penalties are and how they
should be enforced
• Relationship between business associate and covered entities has not
fundamentally changed – what changed is the responsibilities of both
parties
HIPAA Rule Changes and How it Effects Provider –
Business Associate Relationship (continued)
• Business associates are now held more accountable for privacy and PHI
data protection on work they are doing on behalf of the covered entity
• Covered entities – greater emphasis on vendor management in terms of
due diligence before vendor contracting, making sure you convey privacy
and security expectations, making sure you monitor vendor relationships
closely, ensuring you have measures in place for breach notifications &
how to deal with data after contract terminations
• New changes promote more accountability and transparency in the
industry
Nearly one-third of the 980 problems that HHS' Office of Civil Rights uncovered during
privacy and data-security audits of 115 healthcare providers and insurers happened
because the organizations were not aware of all of the requirements facing them,
according to root-cause analyses performed by HHS contractor KPMG.
Did you know?
Source: Modern Healthcare, April 2013
The Difference Between “Access” and “Possession”
of PHI Information & How it Impacts HIPAA
Compliance
• If you create PHI, either originally or derivatively, if you transmit or receive
it, you are considered a business associate. If you have possession of the
data – whether it be in your system or your environment, or you have
perpetual access to the information.
• Can’t claim “conduit exemption” unless you are only maintaining the data
in your environment for as long as it takes the system to perform the
transference process - otherwise if you take possession of the data for any
other reason, (hosting, backing up, storing, etc.) you are a business
associate.
• Even if the covered entity sends encrypted information, if you possess it,
you are still considered a business associate – business associates are
responsible for the entire security rule.
• New rule defines “possession” to information as stipulant for compliance –
“possession” assumes “access”
What Does “Privacy” Mean?
• Privacy is a tough thing to define in today’s world because of shifting
social norms and generational changes
• What one generation thinks of privacy may not be shared by others
• Privacy as it relates to law and the HIPPA rule is very black and white –
patient information belongs to an individual and the right to access it
should only come from the individual's care team or to someone who is
involved with the care of the individual – the individual gives
authorization for the information to be used or disseminated for
something other than medical care (e.g. – marketing purposes)
• The trust between caregiver and patient is often defined by how well
the provider maintains and protects patient PHI
• Patient confidence can erode quickly when PHI information is not
handled properly
• The healthcare industry’s definition of privacy is constantly evolving &
it’s different to write a rule with the shifting privacy landscape
• Key is recognizing differences and perceptions and make decisions on
how law defines privacy
How Does “Fear” Factor into Policies Surrounding
Privacy?
• Important to not make decisions or establish policy guidelines based on
fear – it’s better to enact policy on what is known
• Patients may fear the known more than the unknown – (e.g. – data
breaches, medical identity theft, fraud)
• Consumers understand that their information is at risk
• Consumers have a much higher level of confidence in their
healthcare provider’s ability to protect PHI than organizations or the
government
• Organizations should base their policies on what they know (what is the
threat), what the risks are, and what their controls environment will
enable and make smart decisions on how they craft policies to alleviate
or mitigate the risk of negative occurrences
• Fear is a good motivator for making organizational change
• Access Control & Patient Identification – Biometrics
**The problem that a lot of modern technological solutions for healthcare
have is many do not necessarily have apt security functionality due to a lack of
industry standards or protocols
Viable Technologies to Protect Patient Data
Did you know?
More healthcare facilities are researching the
use of biometric identification for employee
access control and accurate patient
identification. Biometrics has great potential to
increase patient safety, reduce the cost of care,
and eliminate fraud and identity theft.
Biometrics for
Access Control
Biometrics for
Patient ID
Do Biometrics for Patient ID Violate a Patient’s
Privacy?
• They enhance patient privacy – biometrics for patient ID were developed
with a positive purpose in mind
• If they are deployed, utilized, and explained properly to patients:
• Biometrics elevates a patient’s level of confidence in how the
technology is used and how it protects their safety and privacy
• Because biometrics uniquely identify a patient, the more likely the
healthcare industry is to eliminate impermissible disclosures
• The more accurate the healthcare industry is on identifying who is
accessing medical records and information, the better chance they have
of limiting impermissible disclosures
PHI Application Patient Adoption Trends
• Patients have more confidence in a portal that is provided by their
caregiver rather than a third party vendor
• Patients will start to adopt more responsibility for their medical
information – they are seeking more visibility and portable platforms
• Patient engagement as part of Meaningful Use Stage 2 will help drive up
adoption of PHI applications
• Almost every hospital now has their own version of a patient portal –
increased accessibility will also drive up adoption rates
Did you know?
Approximately 50% of U.S. hospitals and 40
percent of U.S. physicians in ambulatory
practice possess some type of patient portal
technology, mostly acquired as a module of
their practice management (PM) or electronic
health record (EHR) system.
Source: Frost & Sullivan report, September 2013
Thank you to Mac for his time and
knowledge for this podcast!
Please follow Mac on Twitter
(@mmcmillan07) and visit his Web page:
www.cynergistek.com
John Trader
PR and Marketing Manager
M2SYS Healthcare Solutions
1050 Crown Pointe Pkwy.
Suite 850
Atlanta, GA 30338
jtrader@m2sys.com
770-821-1734
www.m2sys.com
Podcast home page: http://www.m2sys.com/healthcare/healthcare-biometrics-
podcasts/
: twitter.com/rightpatient
: facebook.com/rightpatient
: linkedin.com/company/m2sys-technology
Contact Information

More Related Content

What's hot

Third Annual Study on Patient Privacy
Third Annual Study on Patient PrivacyThird Annual Study on Patient Privacy
Third Annual Study on Patient Privacy- Mark - Fullbright
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare softwareConcetto Labs
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...CureMD
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA ComplianceCBIZ, Inc.
 
Healthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring PlaybookHealthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring PlaybookCitiusTech
 
hitech act
hitech acthitech act
hitech actpadler01
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
Direct Boot Camp 2 0 Federal Agency requirements for exchange via direct
Direct Boot Camp 2 0 Federal Agency requirements for exchange via directDirect Boot Camp 2 0 Federal Agency requirements for exchange via direct
Direct Boot Camp 2 0 Federal Agency requirements for exchange via directBrian Ahier
 
Role-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
Role-Based Access Governance and HIPAA Compliance: A Pragmatic ApproachRole-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
Role-Based Access Governance and HIPAA Compliance: A Pragmatic ApproachEMC
 
Approach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) complianceApproach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) complianceShubaS4
 
Ready or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New ModelsReady or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New ModelsPYA, P.C.
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesKapil Mehrotra
 
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...CitiusTech
 
How Best Are Medical Practices Prepared to Address HIPAA Breaches?
How Best Are Medical Practices Prepared to Address HIPAA Breaches? How Best Are Medical Practices Prepared to Address HIPAA Breaches?
How Best Are Medical Practices Prepared to Address HIPAA Breaches? Medical Billers and Coders
 

What's hot (20)

Third Annual Study on Patient Privacy
Third Annual Study on Patient PrivacyThird Annual Study on Patient Privacy
Third Annual Study on Patient Privacy
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare software
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
 
HIPAA
HIPAA HIPAA
HIPAA
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA Compliance
 
Healthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring PlaybookHealthcare Data Quality & Monitoring Playbook
Healthcare Data Quality & Monitoring Playbook
 
hitech act
hitech acthitech act
hitech act
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
 
Direct Boot Camp 2 0 Federal Agency requirements for exchange via direct
Direct Boot Camp 2 0 Federal Agency requirements for exchange via directDirect Boot Camp 2 0 Federal Agency requirements for exchange via direct
Direct Boot Camp 2 0 Federal Agency requirements for exchange via direct
 
Role-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
Role-Based Access Governance and HIPAA Compliance: A Pragmatic ApproachRole-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
Role-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
 
Approach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) complianceApproach to enable your IT systems for FHIR (HL7 standards) compliance
Approach to enable your IT systems for FHIR (HL7 standards) compliance
 
Ready or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New ModelsReady or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New Models
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
 
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
 
How Best Are Medical Practices Prepared to Address HIPAA Breaches?
How Best Are Medical Practices Prepared to Address HIPAA Breaches? How Best Are Medical Practices Prepared to Address HIPAA Breaches?
How Best Are Medical Practices Prepared to Address HIPAA Breaches?
 

Similar to Health IT Data Security – An Overview of Privacy, Compliance, and Technology Options

HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...
HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...
HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...Conference Panel
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilituescomplianceexpert
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...Skoda Minotti
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
Hipaa.ppt3
Hipaa.ppt3Hipaa.ppt3
Hipaa.ppt3akwei2
 
Hipaa.ppt5
Hipaa.ppt5Hipaa.ppt5
Hipaa.ppt5akwei2
 
Hipaa.ppt4
Hipaa.ppt4Hipaa.ppt4
Hipaa.ppt4akwei2
 
Hipaa.ppt6
Hipaa.ppt6Hipaa.ppt6
Hipaa.ppt6akwei2
 
Hipaa.ppt2
Hipaa.ppt2Hipaa.ppt2
Hipaa.ppt2akwei2
 
Hipaa.ppt1
Hipaa.ppt1Hipaa.ppt1
Hipaa.ppt1akwei2
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?M2SYS Technology
 
Baker HIMSS Staffers Final
Baker HIMSS Staffers FinalBaker HIMSS Staffers Final
Baker HIMSS Staffers Finalbakerdb
 
Texas new telemedicine law
Texas new telemedicine lawTexas new telemedicine law
Texas new telemedicine lawSteve Levine
 

Similar to Health IT Data Security – An Overview of Privacy, Compliance, and Technology Options (20)

HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...
HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...
HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilitues
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
How good we are in adhering HIPAA rules
How good we are in adhering HIPAA rulesHow good we are in adhering HIPAA rules
How good we are in adhering HIPAA rules
 
HIPAA
HIPAAHIPAA
HIPAA
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
Hipaa.ppt3
Hipaa.ppt3Hipaa.ppt3
Hipaa.ppt3
 
Hipaa.ppt5
Hipaa.ppt5Hipaa.ppt5
Hipaa.ppt5
 
Hipaa.ppt4
Hipaa.ppt4Hipaa.ppt4
Hipaa.ppt4
 
Hipaa.ppt6
Hipaa.ppt6Hipaa.ppt6
Hipaa.ppt6
 
Hipaa.ppt2
Hipaa.ppt2Hipaa.ppt2
Hipaa.ppt2
 
Hipaa.ppt1
Hipaa.ppt1Hipaa.ppt1
Hipaa.ppt1
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?Big Data in Healthcare -- What Does it Mean?
Big Data in Healthcare -- What Does it Mean?
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 
Baker HIMSS Staffers Final
Baker HIMSS Staffers FinalBaker HIMSS Staffers Final
Baker HIMSS Staffers Final
 
Texas new telemedicine law
Texas new telemedicine lawTexas new telemedicine law
Texas new telemedicine law
 

More from M2SYS Technology

The Benefits of Using a Biometric Timeclock in Workforce Management
The Benefits of Using a Biometric Timeclock in Workforce ManagementThe Benefits of Using a Biometric Timeclock in Workforce Management
The Benefits of Using a Biometric Timeclock in Workforce ManagementM2SYS Technology
 
The Benefits of Using Biometrics in Banking
The Benefits of Using Biometrics in BankingThe Benefits of Using Biometrics in Banking
The Benefits of Using Biometrics in BankingM2SYS Technology
 
4 Reasons to Implement Biometrics for Increasing Employee Productivity
4 Reasons to Implement Biometrics for Increasing Employee Productivity4 Reasons to Implement Biometrics for Increasing Employee Productivity
4 Reasons to Implement Biometrics for Increasing Employee ProductivityM2SYS Technology
 
TrueVoter™ Biometric Voter Registration Solution
TrueVoter™ Biometric Voter Registration SolutionTrueVoter™ Biometric Voter Registration Solution
TrueVoter™ Biometric Voter Registration SolutionM2SYS Technology
 
Secure Authentication for Mobile Banking Customers with mVerify™
Secure Authentication for Mobile Banking Customers with mVerify™Secure Authentication for Mobile Banking Customers with mVerify™
Secure Authentication for Mobile Banking Customers with mVerify™M2SYS Technology
 
National Association for Trusted Identities in Cyberspace - Establishing Trus...
National Association for Trusted Identities in Cyberspace - Establishing Trus...National Association for Trusted Identities in Cyberspace - Establishing Trus...
National Association for Trusted Identities in Cyberspace - Establishing Trus...M2SYS Technology
 
The Convergence of Public and Private Biometric Solutions
The Convergence of Public and Private Biometric SolutionsThe Convergence of Public and Private Biometric Solutions
The Convergence of Public and Private Biometric SolutionsM2SYS Technology
 
Patient Engagement in Healthcare Improves Health and Reduces Costs
Patient Engagement in Healthcare Improves Health and Reduces CostsPatient Engagement in Healthcare Improves Health and Reduces Costs
Patient Engagement in Healthcare Improves Health and Reduces CostsM2SYS Technology
 
The Impact of Duplicate Medical Records and Overlays in Healthcare
The Impact of Duplicate Medical Records and Overlays in HealthcareThe Impact of Duplicate Medical Records and Overlays in Healthcare
The Impact of Duplicate Medical Records and Overlays in HealthcareM2SYS Technology
 
Podcast Summary - Patient Identity and the Role of Today's Modern CIO
Podcast Summary - Patient Identity and the Role of Today's Modern CIOPodcast Summary - Patient Identity and the Role of Today's Modern CIO
Podcast Summary - Patient Identity and the Role of Today's Modern CIOM2SYS Technology
 
Biometric Technology and Human Factor Engineering
Biometric Technology and Human Factor EngineeringBiometric Technology and Human Factor Engineering
Biometric Technology and Human Factor EngineeringM2SYS Technology
 
Healthcare Data Integrity and Interoperability Standards Podcast Summary
Healthcare Data Integrity and Interoperability Standards Podcast SummaryHealthcare Data Integrity and Interoperability Standards Podcast Summary
Healthcare Data Integrity and Interoperability Standards Podcast SummaryM2SYS Technology
 
Understanding the Differences Between 1:1 Verification, 1:Few Segmentation an...
Understanding the Differences Between 1:1 Verification, 1:Few Segmentation an...Understanding the Differences Between 1:1 Verification, 1:Few Segmentation an...
Understanding the Differences Between 1:1 Verification, 1:Few Segmentation an...M2SYS Technology
 
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...M2SYS Technology
 
Creating a Social Media Policy for Your Business
Creating a Social Media Policy for Your Business Creating a Social Media Policy for Your Business
Creating a Social Media Policy for Your Business M2SYS Technology
 
Fujitsu PalmSecure Biometric Technology for Retail Loss Prevention
Fujitsu PalmSecure Biometric Technology for Retail Loss PreventionFujitsu PalmSecure Biometric Technology for Retail Loss Prevention
Fujitsu PalmSecure Biometric Technology for Retail Loss PreventionM2SYS Technology
 

More from M2SYS Technology (16)

The Benefits of Using a Biometric Timeclock in Workforce Management
The Benefits of Using a Biometric Timeclock in Workforce ManagementThe Benefits of Using a Biometric Timeclock in Workforce Management
The Benefits of Using a Biometric Timeclock in Workforce Management
 
The Benefits of Using Biometrics in Banking
The Benefits of Using Biometrics in BankingThe Benefits of Using Biometrics in Banking
The Benefits of Using Biometrics in Banking
 
4 Reasons to Implement Biometrics for Increasing Employee Productivity
4 Reasons to Implement Biometrics for Increasing Employee Productivity4 Reasons to Implement Biometrics for Increasing Employee Productivity
4 Reasons to Implement Biometrics for Increasing Employee Productivity
 
TrueVoter™ Biometric Voter Registration Solution
TrueVoter™ Biometric Voter Registration SolutionTrueVoter™ Biometric Voter Registration Solution
TrueVoter™ Biometric Voter Registration Solution
 
Secure Authentication for Mobile Banking Customers with mVerify™
Secure Authentication for Mobile Banking Customers with mVerify™Secure Authentication for Mobile Banking Customers with mVerify™
Secure Authentication for Mobile Banking Customers with mVerify™
 
National Association for Trusted Identities in Cyberspace - Establishing Trus...
National Association for Trusted Identities in Cyberspace - Establishing Trus...National Association for Trusted Identities in Cyberspace - Establishing Trus...
National Association for Trusted Identities in Cyberspace - Establishing Trus...
 
The Convergence of Public and Private Biometric Solutions
The Convergence of Public and Private Biometric SolutionsThe Convergence of Public and Private Biometric Solutions
The Convergence of Public and Private Biometric Solutions
 
Patient Engagement in Healthcare Improves Health and Reduces Costs
Patient Engagement in Healthcare Improves Health and Reduces CostsPatient Engagement in Healthcare Improves Health and Reduces Costs
Patient Engagement in Healthcare Improves Health and Reduces Costs
 
The Impact of Duplicate Medical Records and Overlays in Healthcare
The Impact of Duplicate Medical Records and Overlays in HealthcareThe Impact of Duplicate Medical Records and Overlays in Healthcare
The Impact of Duplicate Medical Records and Overlays in Healthcare
 
Podcast Summary - Patient Identity and the Role of Today's Modern CIO
Podcast Summary - Patient Identity and the Role of Today's Modern CIOPodcast Summary - Patient Identity and the Role of Today's Modern CIO
Podcast Summary - Patient Identity and the Role of Today's Modern CIO
 
Biometric Technology and Human Factor Engineering
Biometric Technology and Human Factor EngineeringBiometric Technology and Human Factor Engineering
Biometric Technology and Human Factor Engineering
 
Healthcare Data Integrity and Interoperability Standards Podcast Summary
Healthcare Data Integrity and Interoperability Standards Podcast SummaryHealthcare Data Integrity and Interoperability Standards Podcast Summary
Healthcare Data Integrity and Interoperability Standards Podcast Summary
 
Understanding the Differences Between 1:1 Verification, 1:Few Segmentation an...
Understanding the Differences Between 1:1 Verification, 1:Few Segmentation an...Understanding the Differences Between 1:1 Verification, 1:Few Segmentation an...
Understanding the Differences Between 1:1 Verification, 1:Few Segmentation an...
 
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
 
Creating a Social Media Policy for Your Business
Creating a Social Media Policy for Your Business Creating a Social Media Policy for Your Business
Creating a Social Media Policy for Your Business
 
Fujitsu PalmSecure Biometric Technology for Retail Loss Prevention
Fujitsu PalmSecure Biometric Technology for Retail Loss PreventionFujitsu PalmSecure Biometric Technology for Retail Loss Prevention
Fujitsu PalmSecure Biometric Technology for Retail Loss Prevention
 

Recently uploaded

Role of Soap based and synthetic or syndets bar
Role of  Soap based and synthetic or syndets barRole of  Soap based and synthetic or syndets bar
Role of Soap based and synthetic or syndets barmohitRahangdale
 
EXERCISE PERFORMANCE.pptx, Lung function
EXERCISE PERFORMANCE.pptx, Lung functionEXERCISE PERFORMANCE.pptx, Lung function
EXERCISE PERFORMANCE.pptx, Lung functionkrishnareddy157915
 
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptxDNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptxMAsifAhmad
 
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptxANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptxWINCY THIRUMURUGAN
 
pA2 value, Schild plot and pD2 values- applications in pharmacology
pA2 value, Schild plot and pD2 values- applications in pharmacologypA2 value, Schild plot and pD2 values- applications in pharmacology
pA2 value, Schild plot and pD2 values- applications in pharmacologyDeepakDaniel9
 
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdfSGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdfHongBiThi1
 
Generative AI in Health Care a scoping review and a persoanl experience.
Generative AI in Health Care a scoping review and a persoanl experience.Generative AI in Health Care a scoping review and a persoanl experience.
Generative AI in Health Care a scoping review and a persoanl experience.Vaikunthan Rajaratnam
 
Male Infertility, Antioxidants and Beyond
Male Infertility, Antioxidants and BeyondMale Infertility, Antioxidants and Beyond
Male Infertility, Antioxidants and BeyondSujoy Dasgupta
 
SGK NGẠT NƯỚC ĐHYHN RẤT LÀ HAY NHA .pdf
SGK NGẠT NƯỚC ĐHYHN RẤT LÀ HAY NHA    .pdfSGK NGẠT NƯỚC ĐHYHN RẤT LÀ HAY NHA    .pdf
SGK NGẠT NƯỚC ĐHYHN RẤT LÀ HAY NHA .pdfHongBiThi1
 
Mental health Team. Dr Senthil Thirusangu
Mental health Team. Dr Senthil ThirusanguMental health Team. Dr Senthil Thirusangu
Mental health Team. Dr Senthil Thirusangu Medical University
 
Male Infertility Panel Discussion by Dr Sujoy Dasgupta
Male Infertility Panel Discussion by Dr Sujoy DasguptaMale Infertility Panel Discussion by Dr Sujoy Dasgupta
Male Infertility Panel Discussion by Dr Sujoy DasguptaSujoy Dasgupta
 
Clinical Research Informatics Year-in-Review 2024
Clinical Research Informatics Year-in-Review 2024Clinical Research Informatics Year-in-Review 2024
Clinical Research Informatics Year-in-Review 2024Peter Embi
 
Basic structure of hair and hair growth cycle.pptx
Basic structure of hair and hair growth cycle.pptxBasic structure of hair and hair growth cycle.pptx
Basic structure of hair and hair growth cycle.pptxkomalt2001
 
Adenomyosis or Fibroid- making right diagnosis
Adenomyosis or Fibroid- making right diagnosisAdenomyosis or Fibroid- making right diagnosis
Adenomyosis or Fibroid- making right diagnosisSujoy Dasgupta
 
AUTONOMIC NERVOUS SYSTEM organization and functions
AUTONOMIC NERVOUS SYSTEM organization and functionsAUTONOMIC NERVOUS SYSTEM organization and functions
AUTONOMIC NERVOUS SYSTEM organization and functionsMedicoseAcademics
 
High-Performance Thin-Layer Chromatography (HPTLC)
High-Performance Thin-Layer Chromatography (HPTLC)High-Performance Thin-Layer Chromatography (HPTLC)
High-Performance Thin-Layer Chromatography (HPTLC)kishan singh tomar
 
power point presentation of Clinical evaluation of strabismus
power point presentation of Clinical evaluation  of strabismuspower point presentation of Clinical evaluation  of strabismus
power point presentation of Clinical evaluation of strabismusChandrasekar Reddy
 
Pharmacokinetic Models by Dr. Ram D. Bawankar.ppt
Pharmacokinetic Models by Dr. Ram D.  Bawankar.pptPharmacokinetic Models by Dr. Ram D.  Bawankar.ppt
Pharmacokinetic Models by Dr. Ram D. Bawankar.pptRamDBawankar1
 
ORAL HYPOGLYCAEMIC AGENTS - PART 2.pptx
ORAL HYPOGLYCAEMIC AGENTS  - PART 2.pptxORAL HYPOGLYCAEMIC AGENTS  - PART 2.pptx
ORAL HYPOGLYCAEMIC AGENTS - PART 2.pptxNIKITA BHUTE
 
Female Reproductive Physiology Before Pregnancy
Female Reproductive Physiology Before PregnancyFemale Reproductive Physiology Before Pregnancy
Female Reproductive Physiology Before PregnancyMedicoseAcademics
 

Recently uploaded (20)

Role of Soap based and synthetic or syndets bar
Role of  Soap based and synthetic or syndets barRole of  Soap based and synthetic or syndets bar
Role of Soap based and synthetic or syndets bar
 
EXERCISE PERFORMANCE.pptx, Lung function
EXERCISE PERFORMANCE.pptx, Lung functionEXERCISE PERFORMANCE.pptx, Lung function
EXERCISE PERFORMANCE.pptx, Lung function
 
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptxDNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
 
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptxANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
 
pA2 value, Schild plot and pD2 values- applications in pharmacology
pA2 value, Schild plot and pD2 values- applications in pharmacologypA2 value, Schild plot and pD2 values- applications in pharmacology
pA2 value, Schild plot and pD2 values- applications in pharmacology
 
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdfSGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
 
Generative AI in Health Care a scoping review and a persoanl experience.
Generative AI in Health Care a scoping review and a persoanl experience.Generative AI in Health Care a scoping review and a persoanl experience.
Generative AI in Health Care a scoping review and a persoanl experience.
 
Male Infertility, Antioxidants and Beyond
Male Infertility, Antioxidants and BeyondMale Infertility, Antioxidants and Beyond
Male Infertility, Antioxidants and Beyond
 
SGK NGẠT NƯỚC ĐHYHN RẤT LÀ HAY NHA .pdf
SGK NGẠT NƯỚC ĐHYHN RẤT LÀ HAY NHA    .pdfSGK NGẠT NƯỚC ĐHYHN RẤT LÀ HAY NHA    .pdf
SGK NGẠT NƯỚC ĐHYHN RẤT LÀ HAY NHA .pdf
 
Mental health Team. Dr Senthil Thirusangu
Mental health Team. Dr Senthil ThirusanguMental health Team. Dr Senthil Thirusangu
Mental health Team. Dr Senthil Thirusangu
 
Male Infertility Panel Discussion by Dr Sujoy Dasgupta
Male Infertility Panel Discussion by Dr Sujoy DasguptaMale Infertility Panel Discussion by Dr Sujoy Dasgupta
Male Infertility Panel Discussion by Dr Sujoy Dasgupta
 
Clinical Research Informatics Year-in-Review 2024
Clinical Research Informatics Year-in-Review 2024Clinical Research Informatics Year-in-Review 2024
Clinical Research Informatics Year-in-Review 2024
 
Basic structure of hair and hair growth cycle.pptx
Basic structure of hair and hair growth cycle.pptxBasic structure of hair and hair growth cycle.pptx
Basic structure of hair and hair growth cycle.pptx
 
Adenomyosis or Fibroid- making right diagnosis
Adenomyosis or Fibroid- making right diagnosisAdenomyosis or Fibroid- making right diagnosis
Adenomyosis or Fibroid- making right diagnosis
 
AUTONOMIC NERVOUS SYSTEM organization and functions
AUTONOMIC NERVOUS SYSTEM organization and functionsAUTONOMIC NERVOUS SYSTEM organization and functions
AUTONOMIC NERVOUS SYSTEM organization and functions
 
High-Performance Thin-Layer Chromatography (HPTLC)
High-Performance Thin-Layer Chromatography (HPTLC)High-Performance Thin-Layer Chromatography (HPTLC)
High-Performance Thin-Layer Chromatography (HPTLC)
 
power point presentation of Clinical evaluation of strabismus
power point presentation of Clinical evaluation  of strabismuspower point presentation of Clinical evaluation  of strabismus
power point presentation of Clinical evaluation of strabismus
 
Pharmacokinetic Models by Dr. Ram D. Bawankar.ppt
Pharmacokinetic Models by Dr. Ram D.  Bawankar.pptPharmacokinetic Models by Dr. Ram D.  Bawankar.ppt
Pharmacokinetic Models by Dr. Ram D. Bawankar.ppt
 
ORAL HYPOGLYCAEMIC AGENTS - PART 2.pptx
ORAL HYPOGLYCAEMIC AGENTS  - PART 2.pptxORAL HYPOGLYCAEMIC AGENTS  - PART 2.pptx
ORAL HYPOGLYCAEMIC AGENTS - PART 2.pptx
 
Female Reproductive Physiology Before Pregnancy
Female Reproductive Physiology Before PregnancyFemale Reproductive Physiology Before Pregnancy
Female Reproductive Physiology Before Pregnancy
 

Health IT Data Security – An Overview of Privacy, Compliance, and Technology Options

  • 1. M2SYS Healthcare Solutions Free Online Learning Podcasts Podcast length – 35:02 Topic: Healthcare IT Data Security – HIPAA compliance, HIMSS Privacy & Security Task Force Objectives, What is “Privacy”, Technology Options to Protect Patient Data, Adoption Trends for Personal Health Information (PHI) Applications Mac McMillan, Chair, HIMSS Privacy & Security Policy Task Force
  • 2. Topics Covered in Podcast: HIMSS Privacy and Security Task Force Mission and Objectives Defined HIPAA Rule Changes and How it Effects Provider – Business Associate Relationship The Difference Between “Access” and “Possession” of PHI Information & How it Impacts HIPAA Compliance What Does “Privacy” Mean? How Does “Fear” Factor into Policies Surrounding Privacy?
  • 3. Topics Covered in Podcast (continued): Viable Technologies to Protect Patient Data Do Biometrics for Patient ID Violate a Patient’s Privacy? PHI Application Patient Adoption Trends
  • 4. • Made up of all volunteer staff • Primary purpose: Review policy issues affecting privacy and security in healthcare that arise from new legislation, regulation, or rules • Task Force also supports the official HIMSS review process for their responses to new legislation and new rules • Helps to ensure consistency for HIMSS responses that stay in line with goals • Mac’s experience in knowing how government works in terms of regulations, rules, directives, and standards has helped him understand role and direction as Chair of the HIMSS Privacy and Security Task Force HIMSS Privacy and Security Task Force Mission and Objectives
  • 5. HIPAA Rule Changes and How it Effects Provider – Business Associate Relationship • September 23rd: HIPAA compliance deadline for providers & business associates on how Personal Health Information (PHI) is maintained and protected & changes to data breach notifications and enforcement • Changes: • Breach notification – changes to the reporting rules • Business Associate status – how does the rule apply to business associates and sub-contractors? • Privacy Provisions – helps protect patient privacy through more effective data management • Enforcement – new guidelines on what penalties are and how they should be enforced • Relationship between business associate and covered entities has not fundamentally changed – what changed is the responsibilities of both parties
  • 6. HIPAA Rule Changes and How it Effects Provider – Business Associate Relationship (continued) • Business associates are now held more accountable for privacy and PHI data protection on work they are doing on behalf of the covered entity • Covered entities – greater emphasis on vendor management in terms of due diligence before vendor contracting, making sure you convey privacy and security expectations, making sure you monitor vendor relationships closely, ensuring you have measures in place for breach notifications & how to deal with data after contract terminations • New changes promote more accountability and transparency in the industry Nearly one-third of the 980 problems that HHS' Office of Civil Rights uncovered during privacy and data-security audits of 115 healthcare providers and insurers happened because the organizations were not aware of all of the requirements facing them, according to root-cause analyses performed by HHS contractor KPMG. Did you know? Source: Modern Healthcare, April 2013
  • 7. The Difference Between “Access” and “Possession” of PHI Information & How it Impacts HIPAA Compliance • If you create PHI, either originally or derivatively, if you transmit or receive it, you are considered a business associate. If you have possession of the data – whether it be in your system or your environment, or you have perpetual access to the information. • Can’t claim “conduit exemption” unless you are only maintaining the data in your environment for as long as it takes the system to perform the transference process - otherwise if you take possession of the data for any other reason, (hosting, backing up, storing, etc.) you are a business associate. • Even if the covered entity sends encrypted information, if you possess it, you are still considered a business associate – business associates are responsible for the entire security rule. • New rule defines “possession” to information as stipulant for compliance – “possession” assumes “access”
  • 8. What Does “Privacy” Mean? • Privacy is a tough thing to define in today’s world because of shifting social norms and generational changes • What one generation thinks of privacy may not be shared by others • Privacy as it relates to law and the HIPPA rule is very black and white – patient information belongs to an individual and the right to access it should only come from the individual's care team or to someone who is involved with the care of the individual – the individual gives authorization for the information to be used or disseminated for something other than medical care (e.g. – marketing purposes) • The trust between caregiver and patient is often defined by how well the provider maintains and protects patient PHI • Patient confidence can erode quickly when PHI information is not handled properly • The healthcare industry’s definition of privacy is constantly evolving & it’s different to write a rule with the shifting privacy landscape • Key is recognizing differences and perceptions and make decisions on how law defines privacy
  • 9. How Does “Fear” Factor into Policies Surrounding Privacy? • Important to not make decisions or establish policy guidelines based on fear – it’s better to enact policy on what is known • Patients may fear the known more than the unknown – (e.g. – data breaches, medical identity theft, fraud) • Consumers understand that their information is at risk • Consumers have a much higher level of confidence in their healthcare provider’s ability to protect PHI than organizations or the government • Organizations should base their policies on what they know (what is the threat), what the risks are, and what their controls environment will enable and make smart decisions on how they craft policies to alleviate or mitigate the risk of negative occurrences • Fear is a good motivator for making organizational change
  • 10. • Access Control & Patient Identification – Biometrics **The problem that a lot of modern technological solutions for healthcare have is many do not necessarily have apt security functionality due to a lack of industry standards or protocols Viable Technologies to Protect Patient Data Did you know? More healthcare facilities are researching the use of biometric identification for employee access control and accurate patient identification. Biometrics has great potential to increase patient safety, reduce the cost of care, and eliminate fraud and identity theft. Biometrics for Access Control Biometrics for Patient ID
  • 11. Do Biometrics for Patient ID Violate a Patient’s Privacy? • They enhance patient privacy – biometrics for patient ID were developed with a positive purpose in mind • If they are deployed, utilized, and explained properly to patients: • Biometrics elevates a patient’s level of confidence in how the technology is used and how it protects their safety and privacy • Because biometrics uniquely identify a patient, the more likely the healthcare industry is to eliminate impermissible disclosures • The more accurate the healthcare industry is on identifying who is accessing medical records and information, the better chance they have of limiting impermissible disclosures
  • 12. PHI Application Patient Adoption Trends • Patients have more confidence in a portal that is provided by their caregiver rather than a third party vendor • Patients will start to adopt more responsibility for their medical information – they are seeking more visibility and portable platforms • Patient engagement as part of Meaningful Use Stage 2 will help drive up adoption of PHI applications • Almost every hospital now has their own version of a patient portal – increased accessibility will also drive up adoption rates Did you know? Approximately 50% of U.S. hospitals and 40 percent of U.S. physicians in ambulatory practice possess some type of patient portal technology, mostly acquired as a module of their practice management (PM) or electronic health record (EHR) system. Source: Frost & Sullivan report, September 2013
  • 13. Thank you to Mac for his time and knowledge for this podcast! Please follow Mac on Twitter (@mmcmillan07) and visit his Web page: www.cynergistek.com
  • 14. John Trader PR and Marketing Manager M2SYS Healthcare Solutions 1050 Crown Pointe Pkwy. Suite 850 Atlanta, GA 30338 jtrader@m2sys.com 770-821-1734 www.m2sys.com Podcast home page: http://www.m2sys.com/healthcare/healthcare-biometrics- podcasts/ : twitter.com/rightpatient : facebook.com/rightpatient : linkedin.com/company/m2sys-technology Contact Information