Protecting Patient Privacy in Healthcare Delivery Information Systems

Understanding the Issues of Information Security in healthcare delivery systems

Blog #1:

Protecting Patient Privacy in Healthcare Delivery Information Systems

Introduction: In the upcoming blogs, I will be examining the scenarios in healthcare InfoSec management which help map variations in business practices and policies. More specifically, the domain of privacy and security. This will include the following policy measures and security controls as outlined by Robert Kolodner (M.D., Office of the National Coordinator for Health IT [ONC], U.S. Department of Health and Human resources) in his address to the Oversight and Government Reform committee, Subcommittee on Information Policy, Census and National Archives, U.S. House of representatives, 2007:  

• user and entity authentication and;
• authorization and access control;
• patient and provider identification;
• transmission security;
• information protection;
• information audits;
• administrative and physical safeguards;
• use and disclosure policy

Dr. Robert’s concluding statement to the house committee on Information Policy, Census and National Archive informs my interest in this topics. Here is the full text:

“Health IT privacy and security policies and their associated technological solutions cannot be developed in a vacuum.  A key component for assuring that appropriate privacy and security protections are in place is to assure that these efforts develop in tandem and that coordination is consistent throughout these efforts.  This is the role of ONC.  We have a conscientious, experienced, and passionate staff that works together closely on these activities and other privacy and security related activities throughout HHS and the other Departments and Agencies to ensure that health IT policy decisions and technology solutions are appropriately coordinated and addressed.

Protecting health information is of the utmost importance and essential to the success of interoperable electronic health information exchange.  Proper policies that instill confidence and trust must evolve with technology advancements and vice versa.  Not letting one get too far ahead of the other is a concern we share and are working hard to continue to manage.  As a leader in this area HHS has invested in multiple coordinated initiatives to ensure health information will be protected as we enter this new era of health and care.

Mr. Chairman, thank you for the opportunity to submit testimony today.”

The healthcare provider I work for, in complying with federal and state healthcare privacy and confidentiality regulations, has as a countermeasure policy implementation that require us to have in place Discarded Customers Information (DCI) boxes at some secure location properly labelled that holds disused customer information. When these boxes get filled up, they are retained for a period of three years before securely sent to corporate office for final.

References:

Robert Kolodner, 2007: Protecting Patient Privacy in Healthcare Information Systems. Testimony. Department of Health & Human Services. From www.hhs.gov