Understanding the Issues of Information Security in healthcare
delivery systems
Blog #1:
Protecting Patient Privacy in
Healthcare Delivery Information Systems
Introduction: In the upcoming blogs, I will be examining the scenarios in
healthcare InfoSec management which help map variations in business practices
and policies. More specifically, the domain of privacy and security. This will
include the following policy measures and security controls as outlined by
Robert Kolodner (M.D., Office of the National Coordinator for Health IT [ONC],
U.S. Department of Health and Human resources) in his address to the Oversight
and Government Reform committee, Subcommittee on Information Policy, Census and
National Archives, U.S. House of representatives, 2007:
- user and entity authentication and;
- authorization and access control;
- patient and provider identification;
- transmission security;
- information protection;
- information audits;
- administrative and physical safeguards;
- use and disclosure policy
Dr. Robert’s concluding statement to the house committee on Information
Policy, Census and National Archive informs my interest in this topics. Here is
the full text:
“Health IT privacy and security policies and their
associated technological solutions cannot be developed in a vacuum. A key
component for assuring that appropriate privacy and security protections are in
place is to assure that these efforts develop in tandem and that coordination
is consistent throughout these efforts. This is the role of ONC. We
have a conscientious, experienced, and passionate staff that works together closely
on these activities and other privacy and security related activities
throughout HHS and the other Departments and Agencies to ensure that health IT
policy decisions and technology solutions are appropriately coordinated and
addressed.
Protecting health information is of the utmost importance
and essential to the success of interoperable electronic health information
exchange. Proper policies that instill confidence and trust must evolve
with technology advancements and vice versa. Not letting one get too far
ahead of the other is a concern we share and are working hard to continue to
manage. As a leader in this area HHS has invested in multiple coordinated
initiatives to ensure health information will be protected as we enter this new
era of health and care.
Mr. Chairman, thank you for the opportunity to submit
testimony today.”
The healthcare provider I work for, in complying with federal and state
healthcare privacy and confidentiality regulations, has as a countermeasure
policy implementation that require us to have in place Discarded Customers
Information (DCI) boxes at some secure location properly labelled that holds
disused customer information. When these boxes get filled up, they are retained
for a period of three years before securely sent to corporate office for final.
References:
Robert Kolodner, 2007: Protecting Patient Privacy in
Healthcare Information Systems. Testimony. Department of Health & Human
Services. From www.hhs.gov
No comments:
Post a Comment