SlideShare uma empresa Scribd logo

Personal Health Records & HIPAA

Margery Lynn
Margery Lynn

While this presentation offers a rudimentary understanding of HIPAA as it relates to PHRs, its primary objective is to highlight key aspects of PHR privacy policies provided by non-covered entities (Microsoft & Google) and argue that HIPAA, after significant amendments, should be extended to them.

Saúde e medicinaTecnologia
1 de 38
Baixar para ler offline
Thinking Beyond HIPAA: PHRs and Privacy
Outline ✓ HIPAA Privacy Rule and “covered entities” ✓ PHRs ✓ Google Health’s privacy policy vs. HealthVault’s ✓ Arguments for/against extending HIPAA coverage ✓ Author’s recommendation
What you need to know about HIPAA
HIPAA The Health Insurance Portability and Accountability Act (HIPAA) of 1996 Privacy Rule governs covered entities use and disclosure of individual’s protected health information (PHI) in any form. It has built-in standards for privacy and security, including standards governing disclosure, access, and correction. PHI is a subset of individually identifiable health information that is maintained or transmitted in any form (including oral) and is created or received by a health care provider. It relates to the past, present or future physical or mental condition of an individual; provision of health care to an individual; or payment for that health care; and identifies or could be used to identify the individual. Source: EPIC.org Source: Office for Civil Rights
HIPAA The HIPAA Privacy Rule gives you a right to privacy for those people (covered entities) you HAVE to share your health secrets, not those you CHOOSE.
A “Covered Entity” Is: HIPAA A healthcare clearinghouse Converts health data into or out of standard formats Or A sponsor Provides Medicare prescription drug cards Or A healthcare provider Provides healthcare or services as defined under HIPAA. Or A health plan Provides insurance
A “Non-Covered Entity” Is Everything Else. Including: HIPAA Internet Companies Employers &
HIPAA Because HIPAA gives patients the right to access, inspect, and copy PHI held by covered entities, patients are able to manually input their health information into PHRs offered by non-covered entities. This is why HIPAA non-covered entities are not necessarily in defiance of HIPAA.
Covered Entity Non-Covered Entity HIPAA HIPAA still regulates how information from a covered entity enters a PHR. =Most Control Source: Office for Civil Rights
HIPAA Privacy Shortcomings HIPAA ✓ Large degree of sharing information without consent - Loophole in “health care operations” category - Loophole in usage of limited data sets In a limited data set only 16 specified identifiers are removed, which is 2 identifiers short of fully de-identified data: 1) Dates: including those for the patient’s birth, admissions, treatment, discharge, and payment history 2) Geographical locators: such as city, state, and ZIP codes to stay with the patients records.” Source: Modern Healthcare Source: Office for Civil Rights
Limited Data “Just giving a date of birth, gender and ZIP code can identify 86% of people in the United States by name.” - Paul Tang, Chief Medical Information Officer of Palo Alto Medical Foundation Modern Healthcare, 01607480, September 29, 2008, Vol. 38, Issue 39
Ex. Loopholes Loophole Ex. Loophole Ex. “A drug manufacturer can pay a physician or a pharmacy to send refill “Health care entities are allowed, for reminders to patients, or to send fundraising activities, to release to information about a drug to all business associates - without explicit patients identified with a particular individual authorization - limited conditions or taking particular patient information...This clause was medications. Although the drug responsible for the data breached at manufacturer would not get the PHI UCLA Medical Center when they from the physician or pharmacy, it hired an outside firm to do a fund would accomplish the same raising program.” marketing goals by paying someone else to promote its products.” Source: EPIC.org Source: Chilmark Research
What you need to know about PHRs
PHRs “A personal health record (PHR) is an electronic record of an individual’s health information by which the individual controls access to the information and may have the ability to manage, track, and participate in his or her own health care.” Source: Office for Civil Rights
EHRs Not to be confused with PHR, EHR stands for electronic health record and refers to a system that collects patient medical data from multiple sources exclusively for health care providers.
EHRs & ARRA The House just passed the American Recovery & Reinvestment Act (ARRA) of 2009, in part to incentivize healthcare providers to migrate to EHRs. Sequentially this legislation may increase the availability and reliability of PHRs. Health Information Technology Provision: Provides $19 billion of financial incentives to help physicians purchase and implement HIT, specifically for the development of uniform electronic standards. Source: AMA Source: American Medical Association & Health Data Management Magazine
ARRA Privacy Provision: Expands the current HIPAA privacy & security protections around the e-transfer of patient health info through Health Information Technology systems. And, proposes temporary breach notification requirements for previously unregulated entities. NOTE: The Privacy Provision is a “Draft Rule,” meaning that it is a temporary requirement that will remain in effect until Congress passes new legislation based on a “A breach of security is defined as the acquisition of identifiable health report currently in development by the Health & Human information of an individual, from a PHR, Services and the Federal Trade Commission. without authorization. De-identified information fall outside the scope of the rule. Source: info.rmatics.org Source: American Medical Association & Health Data Management Magazine
ARRA The FTC staff estimates that PHR related companies would on average experience 11 data breaches a year, with the associated breach notification costs averaging $1M a year for each company. Source: Modern Healthcare. April 20, 2009 v39 i16 p10.
Things to look for in privacy policies
NC Privacy Policies Privacy policies vary widely among PHRs offered by HIPAA non-covered entities. Even the top two Internet company’s PHR privacy policies have discrepancies, which makes informed consent less likely. NOTE: The following slides represent privacy policy information I found posted on the websites of Google Health and Microsoft HealthVault.
Sharing Info Sharing Info Sharing Info “We do not sell user health information, and we do “No Program or individual has access to your info not share it with other individuals or services unless a through the Service unless and until an authorized user explicitly authorizes us to do so, or in the limited user opts-in.” circumstances described in our privacy policy.” “Service users with whom you have shared your “If you share your information with others, you can records can also give a Program access to those view a list of who has access to your information and records. You can see a complete history of how you can revoke sharing privileges at any time.” Programs have accessed the information in your records.” “You can approve access for some websites to view You can decide which Programs you want to use. You your health information. If a website accesses your must approve (or deny) the Program’s access. The access health information and stores a copy of your info, request will include (a) the type of info the Program will that copy will be governed by that site’s privacy access and (b) what the Program wants to do with the info policy...Google is not responsible for the content, (view, add, modify). The Service [also] provides links to performance, or privacy policy of third-party each Program’s privacy statements at the time the Service websites.” asks you to authorize the Program’s access.” Source: Google Health Privacy Policy & HealthVault Privacy Policy
“Microsoft may use aggregated info from the Service to improve the quality of the Service and for Non PII “Aggregate, de-identified user information can be marketing of the Service...Microsoft does not use used to publish trends.” your individual account and record information from the Service for marketing without first asking for and receiving your opt-in consent.” “We use personal information collected through the Service, including health info, to provide you with important info about the Service; to send you the PII Directed to another privacy policy provided by Google. HealthVault e-mail newsletter if you opt-in; & to determine your age and location to help determine whether you qualify for an account.” Employees “Microsoft occasionally hires other companies to “A limited number of employees in particular job provide limited services on our behalf, such as functions may have access to user information in answering customer questions about products. We order to operate and improve Google Health.” give those companies only the personal information they need to deliver the service.” Source: Google Health Privacy Policy & HealthVault Privacy Policy
“We use a variety of security technologies and procedures...we store the personal information you Security “Google Health secures information by using SSL encryption, back up systems, and other cutting- provide on computer servers w/ limited access that edge information security technology.” are located in controlled facilities (in the U.S.A.)...the Service sends all communications (except e-mail) using SSL.” Compliance Deleting Info “You can completely delete your info at any time. “You can close your account at any time. We Such deletions will take immediate effect in your will wait 90 days before permanently deleting account, and backup copies may persist for a your account.” short time.” “HealthVault complies with the HONcode (Health On The Net Foundation) standard for trustworthy “Google adheres to the US Safe Harbor privacy health information.” principles.” “Microsoft is a member of the TRUSTe Privacy Program.” Source: Google Health Privacy Policy & HealthVault Privacy Policy
“For material changes, changes to the privacy policy, we will notify you either by placing a NO mention of a notification if the privacy policy notice on the home page of the HealthVault Web Comm is changed or a stipulation necessitating opt-in sit or by sending you a notification directly...Your consent to new changes. continued use of the service constitutes your agreement to this privacy statement and any updates.” 3 different sites you have to refer to for 3 different sites you have to refer to for complete privacy policy coverage: Comm complete privacy policy coverage: Google Health Developer Policies, Service Agreement, Code of Conduct, Health Department of Commerce for Safe Harbor on the Net Foundation Framework, Google Privacy Policy Overall, the GH policy is conversational, concise Readability with little to no industry jargon. Note: Only those privacy issues specific to the Google Comprehensive policy, some industry jargon, Health Product were listed (to learn about the sufficient level of detail. more generic, applicable policies, users are directed to the Google company privacy policy). Source: Google Health Privacy Policy & HealthVault Privacy Policy
The strengths of the Microsoft HealthVault Privacy Strengths Policy are: communication with The strengths of the Google Health Privacy Policy subscribers, opt-in standards & are: readability & opt-in standards. granular control of personal health data when sharing with 3rd parties. The weaknesses of the Google Health Privacy Weaknesses Policy are: defining key terms (like PII), The weaknesses of the Google Health Privacy no granular control of personal health Policy is: defining key terms (like PII) & data when sharing with 3rd parties, readability. communication with subscribers.
NC Privacy Policies “Among experts, Microsoft earns generally high marks for its promise not to divulge information without a user’s say so. HealthVault lets patients search for health information without leaving the site - so other sites can’t access users IP address or other identifying data. And before connecting to a patient to a partner’s or advertiser’s site, it posts that site’s privacy policy.” - Deborah Peel, Founder of Patient Privacy Rights Source: The Washington Post. March 11, 2008. Page HE01.
Arguments for and against extending HIPAA
Pro HIPAA ✓ Minimum necessary clause ✓ Consistency among privacy coverage ✓ Strong security provisions ✓ Strong consumer coverage when enforced by HHS ✓ Less burden on individual consent “Practice that protected health information should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. The minimum necessary standard requires covered entities to evaluate their practices and enhance safeguards as needed to limit unnecessary or inappropriate access to and disclosure of protected health information.” Source: HHS.org
Against HIPAA ✓ Insufficient rules to address issues unique to PHRs - Ex. risks & penalties for data re-identification ✓ Not enforced unless patient recognized ✓ Limited data set is outdated standards for de-identifying ✓ Loopholes that allow for disclosure without consent
Against HIPAA “Bringing third-party PHRs under the scope of HIPAA authorizes the disclosure of highly sensitive data outside the health care system, with each such disclosure subject only to patient authorization.” Meaning the burden of protecting healthcare privacy would be more on the patients themselves if HIPAA was extended to non- covered entities, which could offer more bargaining power to PHR providers. Source: Center for Democracy & Technology
Opinion: Revise HIPAA before extending it
Opinion: Revise ✓ Restrict PHR vendors from engaging in certain practices, alleviating some of the burden from the patient ✓ Necessitate opt-ins for all personal information shared ✓ Revoke the health care operations clause from PHR coverage ✓ Enact stricter rules on limited data sets (i.e. removing birth year) ✓ Standardize key terms, like personal health information
Appendix
Strength Weakness PHR SWOT Patient control Little to no fiscal cost Privacy Portability Data Liquidity Promotes preventative medicine Accuracy of data Easier to manage chronic diseases Abundance of unhelpful data Easier to manage health of others Opportunity Threat Revisions to HIPAA Current HIPAA Privacy Rule extended Granular control of 3rd-party access Partnerships Security Interoperability Doctor Liability Improved research Accuracy of data Counter healthcare costs
Category Criteria HV GH Contact Info Altarum Criteria Effective Date Communication w/ vendor Notification of change in policy Opt-in to changes Alternative language Readability Readability (1-3) 1 being best 2 1 FAQ De-activated accounts Coverage Buy/sell company Cookies Solicit voluntary participation Gathering non-personal data Web-service logs Opt-out options Different policy for identifiable & de-identified Business Associates Family members Clinical trials Detail how/if information is Research shared Marketing Law Enforcement Other Consent Prior to Sharing Personal Health Information Definition of critical terms De-identified HIPAA URAC Data guidelines compliant w/ Safe Harbor Guidelines privacy codes American Medical Association Health on the Net Foundation SSL Encryption Security provisions Location of servers
Definitions Privacy: An individual’s right to control the acquisition, uses, or disclosures of his or her identifiable data Confidentiality: Refers to the obligations of those who receive information to respect the privacy interests of those to who the data relate Security: Refers to the physical, technological, or administrative safeguards or tools used to protect identifiable health data from unwarranted access or disclosure Source: Altarum
Bibliography Anderson, Howard J. “PHRs: Where Are We Headed?; Cutting through the hype about personal health records to assess their long-term viability.” Health Data Management. May 2008. Retrieved 27th May 2009. Lexis Nexis. Armijo, D. S Chin . J Christensen. J Desper. A Hong. K Knewale. R Lecker. Altarum. “Review of the Personal Health Record (PHR) Service Provider Market: Privacy and Security.” January 5, 2007. Retrieved 26 May 2009. Google. Center for Democracy and Technology. “Why the HIPAA Privacy Rules Would Not Adequately Protect Personal Health Records.” September 2008. Retrieved 26 May 2009. Lexis Nexis. Chilmark Research, “iPHR Market Report: Analysis & Trends of Internet-based Personal Health Records Market.: May 2008. Retrieved 27 May 2009. Google. Conn, Joseph. “Safe and secure?; Data encryption just one option under security law.” Modern Healthcare. May 11, 2009. Retrieved 28 May 2009. Lexis Nexis. Cushman, Reid. “PHRs and the Next HIPAA.” Retrieved 28 May 2009. Lexis Nexis. Gerber, Michael S. “New Ways to Manage Health Data.” The Washington Post. March 11, 2008. Retrieved 28th May 2009. Google. More, John. “Why Extending HIPAA to PHRs is NOT a Good Idea.” May 5, 2008. Chilmark Research blog. Retrieved 26 May 2009. Robeznieks, Andis. “Getting personal; Legal Liability, patient- data overload among issues making physicians uneasy over emergence of personal health records.” Modern Healthcare. May 12, 2007. Retrieved 27 May 2009. Lexis Nexis.
Bibliography American Medical Association: http://www.ama-assn.org/ Electronic Privacy Center: http://epic.org/ Fierce Health IT: http://www.fiercehealthit.com/search? cx=011289095233894766042%3Ac5fapsqk1gy&cof=FORID%3A9&as_q=PHR&sa=Go#1226 Google Health Privacy Policy: http://www.google.com/intl/en-US/health/privacy.html Government Health IT: http://govhealthit.com/portals/electronic-health-records.aspx Microsoft HealthVault Privacy Policy: http://healthvault.com/privacy-policy.html Office for Civil Rights. “Personal Health Records and the HIPAA Privacy Rule.” Retrieved 26 May 2009. Google. http://209.85.173.132/search?q=cache:hvTysWy8IfsJ:www.hhs.gov/ocr/privacy/hipaa/ understanding/special/healthit/phrs.pdf+Personal+Health+Records+and+the+HIPAA+privacy +rule&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a Privacy Rights Clearinghouse: http://www.privacyrights.org/ U.S. Department of Health & Human Services: http://www.hhs.gov/ocr/privacy/index.html

Recomendados

HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio PresentationLisa Shannon, RN, BSN, JD.
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updatedkkurapat
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummieshipaacompliance
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA TrainingCynthia Holland
 

Recomendados

HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio PresentationLisa Shannon, RN, BSN, JD.
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updatedkkurapat
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummieshipaacompliance
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA TrainingCynthia Holland
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamAtlantic Training, LLC.
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information securityHiggi123
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13University of North Alabama - Academic Affairs
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshowheronimus92
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to YouWinston & Strawn LLP
 
Hippa training for healthcare employees
Hippa training for healthcare employeesHippa training for healthcare employees
Hippa training for healthcare employeesaminahallen
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentialitycraig45365
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
The Basics of HIPAA
The Basics of HIPAA The Basics of HIPAA
The Basics of HIPAA DamianKnowles1
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
HIPAA Summary for Training
HIPAA Summary for Training HIPAA Summary for Training
HIPAA Summary for Training MDManagement
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA ComplainceFarhatParveen10
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
HIPAA
HIPAAHIPAA
HIPAAkgriffin62
 
Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Lance King
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12O2 TESTING SERVICES
 
Creative Agency Websites - Website Redesign Fodder for a Social Business
Creative Agency Websites - Website Redesign Fodder for a Social BusinessCreative Agency Websites - Website Redesign Fodder for a Social Business
Creative Agency Websites - Website Redesign Fodder for a Social BusinessMargery Lynn
 
Creativity and Copywriting - Print
Creativity and Copywriting - PrintCreativity and Copywriting - Print
Creativity and Copywriting - PrintMargery Lynn
 

Mais conteúdo relacionado

Mais procurados

Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information securityHiggi123
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
Hippa training for healthcare employees
Hippa training for healthcare employeesHippa training for healthcare employees
Hippa training for healthcare employeesaminahallen
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentialitycraig45365
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
HIPAA Summary for Training
HIPAA Summary for Training HIPAA Summary for Training
HIPAA Summary for Training MDManagement
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Lance King
 

Mais procurados (20)

HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian Fleetham
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information security
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshow
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
Hippa training for healthcare employees
Hippa training for healthcare employeesHippa training for healthcare employees
Hippa training for healthcare employees
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentiality
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awareness
 
The Basics of HIPAA
The Basics of HIPAA The Basics of HIPAA
The Basics of HIPAA
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
HIPAA Summary for Training
HIPAA Summary for Training HIPAA Summary for Training
HIPAA Summary for Training
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliance
 
HIPAA
HIPAAHIPAA
HIPAA
 
Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12
 

Destaque

Creative Agency Websites - Website Redesign Fodder for a Social Business
Creative Agency Websites - Website Redesign Fodder for a Social BusinessCreative Agency Websites - Website Redesign Fodder for a Social Business
Creative Agency Websites - Website Redesign Fodder for a Social BusinessMargery Lynn
 
Creativity and Copywriting - Print
Creativity and Copywriting - PrintCreativity and Copywriting - Print
Creativity and Copywriting - PrintMargery Lynn
 
Creativity and Copywriting - Creativity
Creativity and Copywriting - CreativityCreativity and Copywriting - Creativity
Creativity and Copywriting - CreativityMargery Lynn
 
Creativity and Copywriting - Radio
Creativity and Copywriting - RadioCreativity and Copywriting - Radio
Creativity and Copywriting - RadioMargery Lynn
 
Creativity and Copywriting - Online
Creativity and Copywriting - OnlineCreativity and Copywriting - Online
Creativity and Copywriting - OnlineMargery Lynn
 
Gen Y for Social Business
Gen Y for Social BusinessGen Y for Social Business
Gen Y for Social BusinessMargery Lynn
 
Creativity and Copywriting - Research
Creativity and Copywriting - ResearchCreativity and Copywriting - Research
Creativity and Copywriting - ResearchMargery Lynn
 
Creativity and Copywriting - Strategy
Creativity and Copywriting - StrategyCreativity and Copywriting - Strategy
Creativity and Copywriting - StrategyMargery Lynn
 
Creativity and Copywriting - Copywriting Basics
Creativity and Copywriting - Copywriting BasicsCreativity and Copywriting - Copywriting Basics
Creativity and Copywriting - Copywriting BasicsMargery Lynn
 
State of Advertising Agency X
State of Advertising Agency XState of Advertising Agency X
State of Advertising Agency XMargery Lynn
 
The issues confronting adolescents preparing for independent living
The issues confronting adolescents preparing for independent livingThe issues confronting adolescents preparing for independent living
The issues confronting adolescents preparing for independent livingHouse of New Hope
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2martykoepke
 
8 Hour Required Medicaid Preservice
8 Hour Required Medicaid Preservice8 Hour Required Medicaid Preservice
8 Hour Required Medicaid PreserviceHouse of New Hope
 
Universal Precautions rev 9 2010
Universal Precautions rev 9 2010Universal Precautions rev 9 2010
Universal Precautions rev 9 2010House of New Hope
 

Destaque (20)

Creative Agency Websites - Website Redesign Fodder for a Social Business
Creative Agency Websites - Website Redesign Fodder for a Social BusinessCreative Agency Websites - Website Redesign Fodder for a Social Business
Creative Agency Websites - Website Redesign Fodder for a Social Business
 
Creativity and Copywriting - Print
Creativity and Copywriting - PrintCreativity and Copywriting - Print
Creativity and Copywriting - Print
 
Creativity and Copywriting - Creativity
Creativity and Copywriting - CreativityCreativity and Copywriting - Creativity
Creativity and Copywriting - Creativity
 
Creativity and Copywriting - Radio
Creativity and Copywriting - RadioCreativity and Copywriting - Radio
Creativity and Copywriting - Radio
 
Creativity and Copywriting - Online
Creativity and Copywriting - OnlineCreativity and Copywriting - Online
Creativity and Copywriting - Online
 
Gen Y for Social Business
Gen Y for Social BusinessGen Y for Social Business
Gen Y for Social Business
 
Creativity and Copywriting - Research
Creativity and Copywriting - ResearchCreativity and Copywriting - Research
Creativity and Copywriting - Research
 
Creativity and Copywriting - Strategy
Creativity and Copywriting - StrategyCreativity and Copywriting - Strategy
Creativity and Copywriting - Strategy
 
Creativity and Copywriting - Copywriting Basics
Creativity and Copywriting - Copywriting BasicsCreativity and Copywriting - Copywriting Basics
Creativity and Copywriting - Copywriting Basics
 
Confidentiality-Arlicia- mha 690-discussion 2
Confidentiality-Arlicia- mha 690-discussion 2 Confidentiality-Arlicia- mha 690-discussion 2
Confidentiality-Arlicia- mha 690-discussion 2
 
State of Advertising Agency X
State of Advertising Agency XState of Advertising Agency X
State of Advertising Agency X
 
MUI for Ohio DD (9/2013)
MUI for Ohio DD (9/2013)MUI for Ohio DD (9/2013)
MUI for Ohio DD (9/2013)
 
The issues confronting adolescents preparing for independent living
The issues confronting adolescents preparing for independent livingThe issues confronting adolescents preparing for independent living
The issues confronting adolescents preparing for independent living
 
Hippa
HippaHippa
Hippa
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2
 
8 Hour Required Medicaid Preservice
8 Hour Required Medicaid Preservice8 Hour Required Medicaid Preservice
8 Hour Required Medicaid Preservice
 
Self-Advocacy
Self-AdvocacySelf-Advocacy
Self-Advocacy
 
HIPAA
HIPAAHIPAA
HIPAA
 
Universal Precautions rev 9 2010
Universal Precautions rev 9 2010Universal Precautions rev 9 2010
Universal Precautions rev 9 2010
 

Semelhante a Personal Health Records & HIPAA

PHRs, Health 2.0 and the Impact of Social Media on Health Care
PHRs, Health 2.0 and the Impact of Social Media on Health CarePHRs, Health 2.0 and the Impact of Social Media on Health Care
PHRs, Health 2.0 and the Impact of Social Media on Health CareBob Coffield
 
Economic Stimulus Package V4
Economic Stimulus Package V4Economic Stimulus Package V4
Economic Stimulus Package V4bakerdb
 
Confidentiality presentation(1)
Confidentiality presentation(1)Confidentiality presentation(1)
Confidentiality presentation(1)Kimberlin1
 
Protected health information
Protected health informationProtected health information
Protected health informationmiszkeeta
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingvrgill22
 
Health Insurance Portability & Accountability Act (HIPAA).pptx
Health Insurance Portability & Accountability Act (HIPAA).pptxHealth Insurance Portability & Accountability Act (HIPAA).pptx
Health Insurance Portability & Accountability Act (HIPAA).pptxHariomjaiswal14
 
Overview of hipaa & tools for hipaa compliance
Overview of hipaa & tools for hipaa complianceOverview of hipaa & tools for hipaa compliance
Overview of hipaa & tools for hipaa complianceSquare 9
 
Hipaa in clinical trails
Hipaa in clinical trailsHipaa in clinical trails
Hipaa in clinical trailsTejaswi Reddy
 
HIPPA---Chantel Artis Spencer
HIPPA---Chantel Artis SpencerHIPPA---Chantel Artis Spencer
HIPPA---Chantel Artis Spencershay1234
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentialityjessie66
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentialityHemang Patel
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarcEtienne6
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
MEDICAL ANSWERING SERVICE
MEDICAL ANSWERING SERVICE MEDICAL ANSWERING SERVICE
MEDICAL ANSWERING SERVICE Milk663
 
Does your Mobile App require HIPAA Compliance.pdf
Does your Mobile App require HIPAA Compliance.pdfDoes your Mobile App require HIPAA Compliance.pdf
Does your Mobile App require HIPAA Compliance.pdfShelly Megan
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayJamie Boyd
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 

Semelhante a Personal Health Records & HIPAA (20)

PHRs, Health 2.0 and the Impact of Social Media on Health Care
PHRs, Health 2.0 and the Impact of Social Media on Health CarePHRs, Health 2.0 and the Impact of Social Media on Health Care
PHRs, Health 2.0 and the Impact of Social Media on Health Care
 
Saúde 2.0
Saúde 2.0Saúde 2.0
Saúde 2.0
 
Economic Stimulus Package V4
Economic Stimulus Package V4Economic Stimulus Package V4
Economic Stimulus Package V4
 
Confidentiality presentation(1)
Confidentiality presentation(1)Confidentiality presentation(1)
Confidentiality presentation(1)
 
Protected health information
Protected health informationProtected health information
Protected health information
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy training
 
Health Insurance Portability & Accountability Act (HIPAA).pptx
Health Insurance Portability & Accountability Act (HIPAA).pptxHealth Insurance Portability & Accountability Act (HIPAA).pptx
Health Insurance Portability & Accountability Act (HIPAA).pptx
 
Overview of hipaa & tools for hipaa compliance
Overview of hipaa & tools for hipaa complianceOverview of hipaa & tools for hipaa compliance
Overview of hipaa & tools for hipaa compliance
 
Hipaa in clinical trails
Hipaa in clinical trailsHipaa in clinical trails
Hipaa in clinical trails
 
HIPPA---Chantel Artis Spencer
HIPPA---Chantel Artis SpencerHIPPA---Chantel Artis Spencer
HIPPA---Chantel Artis Spencer
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentiality
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentiality
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentation
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
MEDICAL ANSWERING SERVICE
MEDICAL ANSWERING SERVICE MEDICAL ANSWERING SERVICE
MEDICAL ANSWERING SERVICE
 
Does your Mobile App require HIPAA Compliance.pdf
Does your Mobile App require HIPAA Compliance.pdfDoes your Mobile App require HIPAA Compliance.pdf
Does your Mobile App require HIPAA Compliance.pdf
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act Essay
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 

Último

Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service AvailableDipal Arora
 
Premium Bangalore Call Girls Jigani Dail 6378878445 Escort Service For Hot Ma...
Premium Bangalore Call Girls Jigani Dail 6378878445 Escort Service For Hot Ma...Premium Bangalore Call Girls Jigani Dail 6378878445 Escort Service For Hot Ma...
Premium Bangalore Call Girls Jigani Dail 6378878445 Escort Service For Hot Ma...tanya dube
 
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...adilkhan87451
 
Top Rated Pune Call Girls (DIPAL) ⟟ 8250077686 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls (DIPAL) ⟟ 8250077686 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls (DIPAL) ⟟ 8250077686 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls (DIPAL) ⟟ 8250077686 ⟟ Call Me For Genuine Sex Serv...Dipal Arora
 
Andheri East ^ (Genuine) Escort Service Mumbai ₹7.5k Pick Up & Drop With Cash...
Andheri East ^ (Genuine) Escort Service Mumbai ₹7.5k Pick Up & Drop With Cash...Andheri East ^ (Genuine) Escort Service Mumbai ₹7.5k Pick Up & Drop With Cash...
Andheri East ^ (Genuine) Escort Service Mumbai ₹7.5k Pick Up & Drop With Cash...Anamika Rawat
 
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service AvailableDipal Arora
 
Models Call Girls In Hyderabad 9630942363 Hyderabad Call Girl & Hyderabad Esc...
Models Call Girls In Hyderabad 9630942363 Hyderabad Call Girl & Hyderabad Esc...Models Call Girls In Hyderabad 9630942363 Hyderabad Call Girl & Hyderabad Esc...
Models Call Girls In Hyderabad 9630942363 Hyderabad Call Girl & Hyderabad Esc...GENUINE ESCORT AGENCY
 
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...Anamika Rawat
 
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Availableperfect solution
 
Call Girls Madurai Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Madurai Just Call 9630942363 Top Class Call Girl Service AvailableCall Girls Madurai Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Madurai Just Call 9630942363 Top Class Call Girl Service AvailableGENUINE ESCORT AGENCY
 
Call Girls Mysore Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Mysore Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Mysore Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Mysore Just Call 8250077686 Top Class Call Girl Service AvailableDipal Arora
 
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...chennailover
 
VIP Hyderabad Call Girls Bahadurpally 7877925207 ₹5000 To 25K With AC Room 💚😋
VIP Hyderabad Call Girls Bahadurpally 7877925207 ₹5000 To 25K With AC Room 💚😋VIP Hyderabad Call Girls Bahadurpally 7877925207 ₹5000 To 25K With AC Room 💚😋
VIP Hyderabad Call Girls Bahadurpally 7877925207 ₹5000 To 25K With AC Room 💚😋TANUJA PANDEY
 
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...Sheetaleventcompany
 
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...Sheetaleventcompany
 
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...parulsinha
 
Call Girls Kolkata Kalikapur 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Call Girls Kolkata Kalikapur 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...Call Girls Kolkata Kalikapur 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Call Girls Kolkata Kalikapur 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...Namrata Singh
 
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...chandars293
 
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...khalifaescort01
 

Último (20)

Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Varanasi Just Call 8250077686 Top Class Call Girl Service Available
 
Premium Bangalore Call Girls Jigani Dail 6378878445 Escort Service For Hot Ma...
Premium Bangalore Call Girls Jigani Dail 6378878445 Escort Service For Hot Ma...Premium Bangalore Call Girls Jigani Dail 6378878445 Escort Service For Hot Ma...
Premium Bangalore Call Girls Jigani Dail 6378878445 Escort Service For Hot Ma...
 
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
 
Top Rated Pune Call Girls (DIPAL) ⟟ 8250077686 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls (DIPAL) ⟟ 8250077686 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls (DIPAL) ⟟ 8250077686 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls (DIPAL) ⟟ 8250077686 ⟟ Call Me For Genuine Sex Serv...
 
Andheri East ^ (Genuine) Escort Service Mumbai ₹7.5k Pick Up & Drop With Cash...
Andheri East ^ (Genuine) Escort Service Mumbai ₹7.5k Pick Up & Drop With Cash...Andheri East ^ (Genuine) Escort Service Mumbai ₹7.5k Pick Up & Drop With Cash...
Andheri East ^ (Genuine) Escort Service Mumbai ₹7.5k Pick Up & Drop With Cash...
 
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
 
Models Call Girls In Hyderabad 9630942363 Hyderabad Call Girl & Hyderabad Esc...
Models Call Girls In Hyderabad 9630942363 Hyderabad Call Girl & Hyderabad Esc...Models Call Girls In Hyderabad 9630942363 Hyderabad Call Girl & Hyderabad Esc...
Models Call Girls In Hyderabad 9630942363 Hyderabad Call Girl & Hyderabad Esc...
 
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
 
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
 
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
 
Call Girls Madurai Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Madurai Just Call 9630942363 Top Class Call Girl Service AvailableCall Girls Madurai Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Madurai Just Call 9630942363 Top Class Call Girl Service Available
 
Call Girls Mysore Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Mysore Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Mysore Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Mysore Just Call 8250077686 Top Class Call Girl Service Available
 
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
 
VIP Hyderabad Call Girls Bahadurpally 7877925207 ₹5000 To 25K With AC Room 💚😋
VIP Hyderabad Call Girls Bahadurpally 7877925207 ₹5000 To 25K With AC Room 💚😋VIP Hyderabad Call Girls Bahadurpally 7877925207 ₹5000 To 25K With AC Room 💚😋
VIP Hyderabad Call Girls Bahadurpally 7877925207 ₹5000 To 25K With AC Room 💚😋
 
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
 
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
 
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
 
Call Girls Kolkata Kalikapur 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Call Girls Kolkata Kalikapur 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...Call Girls Kolkata Kalikapur 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Call Girls Kolkata Kalikapur 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
 
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
 
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
 

Personal Health Records & HIPAA

  • 1. Thinking Beyond HIPAA: PHRs and Privacy
  • 2. Outline ✓ HIPAA Privacy Rule and “covered entities” ✓ PHRs ✓ Google Health’s privacy policy vs. HealthVault’s ✓ Arguments for/against extending HIPAA coverage ✓ Author’s recommendation
  • 3. What you need to know about HIPAA
  • 4. HIPAA The Health Insurance Portability and Accountability Act (HIPAA) of 1996 Privacy Rule governs covered entities use and disclosure of individual’s protected health information (PHI) in any form. It has built-in standards for privacy and security, including standards governing disclosure, access, and correction. PHI is a subset of individually identifiable health information that is maintained or transmitted in any form (including oral) and is created or received by a health care provider. It relates to the past, present or future physical or mental condition of an individual; provision of health care to an individual; or payment for that health care; and identifies or could be used to identify the individual. Source: EPIC.org Source: Office for Civil Rights
  • 5. HIPAA The HIPAA Privacy Rule gives you a right to privacy for those people (covered entities) you HAVE to share your health secrets, not those you CHOOSE.
  • 6. A “Covered Entity” Is: HIPAA A healthcare clearinghouse Converts health data into or out of standard formats Or A sponsor Provides Medicare prescription drug cards Or A healthcare provider Provides healthcare or services as defined under HIPAA. Or A health plan Provides insurance
  • 7. A “Non-Covered Entity” Is Everything Else. Including: HIPAA Internet Companies Employers &
  • 8. HIPAA Because HIPAA gives patients the right to access, inspect, and copy PHI held by covered entities, patients are able to manually input their health information into PHRs offered by non-covered entities. This is why HIPAA non-covered entities are not necessarily in defiance of HIPAA.
  • 9. Covered Entity Non-Covered Entity HIPAA HIPAA still regulates how information from a covered entity enters a PHR. =Most Control Source: Office for Civil Rights
  • 10. HIPAA Privacy Shortcomings HIPAA ✓ Large degree of sharing information without consent - Loophole in “health care operations” category - Loophole in usage of limited data sets In a limited data set only 16 specified identifiers are removed, which is 2 identifiers short of fully de-identified data: 1) Dates: including those for the patient’s birth, admissions, treatment, discharge, and payment history 2) Geographical locators: such as city, state, and ZIP codes to stay with the patients records.” Source: Modern Healthcare Source: Office for Civil Rights
  • 11. Limited Data “Just giving a date of birth, gender and ZIP code can identify 86% of people in the United States by name.” - Paul Tang, Chief Medical Information Officer of Palo Alto Medical Foundation Modern Healthcare, 01607480, September 29, 2008, Vol. 38, Issue 39
  • 12. Ex. Loopholes Loophole Ex. Loophole Ex. “A drug manufacturer can pay a physician or a pharmacy to send refill “Health care entities are allowed, for reminders to patients, or to send fundraising activities, to release to information about a drug to all business associates - without explicit patients identified with a particular individual authorization - limited conditions or taking particular patient information...This clause was medications. Although the drug responsible for the data breached at manufacturer would not get the PHI UCLA Medical Center when they from the physician or pharmacy, it hired an outside firm to do a fund would accomplish the same raising program.” marketing goals by paying someone else to promote its products.” Source: EPIC.org Source: Chilmark Research
  • 13. What you need to know about PHRs
  • 14. PHRs “A personal health record (PHR) is an electronic record of an individual’s health information by which the individual controls access to the information and may have the ability to manage, track, and participate in his or her own health care.” Source: Office for Civil Rights
  • 15. EHRs Not to be confused with PHR, EHR stands for electronic health record and refers to a system that collects patient medical data from multiple sources exclusively for health care providers.
  • 16. EHRs & ARRA The House just passed the American Recovery & Reinvestment Act (ARRA) of 2009, in part to incentivize healthcare providers to migrate to EHRs. Sequentially this legislation may increase the availability and reliability of PHRs. Health Information Technology Provision: Provides $19 billion of financial incentives to help physicians purchase and implement HIT, specifically for the development of uniform electronic standards. Source: AMA Source: American Medical Association & Health Data Management Magazine
  • 17. ARRA Privacy Provision: Expands the current HIPAA privacy & security protections around the e-transfer of patient health info through Health Information Technology systems. And, proposes temporary breach notification requirements for previously unregulated entities. NOTE: The Privacy Provision is a “Draft Rule,” meaning that it is a temporary requirement that will remain in effect until Congress passes new legislation based on a “A breach of security is defined as the acquisition of identifiable health report currently in development by the Health & Human information of an individual, from a PHR, Services and the Federal Trade Commission. without authorization. De-identified information fall outside the scope of the rule. Source: info.rmatics.org Source: American Medical Association & Health Data Management Magazine
  • 18. ARRA The FTC staff estimates that PHR related companies would on average experience 11 data breaches a year, with the associated breach notification costs averaging $1M a year for each company. Source: Modern Healthcare. April 20, 2009 v39 i16 p10.
  • 19. Things to look for in privacy policies
  • 20. NC Privacy Policies Privacy policies vary widely among PHRs offered by HIPAA non-covered entities. Even the top two Internet company’s PHR privacy policies have discrepancies, which makes informed consent less likely. NOTE: The following slides represent privacy policy information I found posted on the websites of Google Health and Microsoft HealthVault.
  • 21. Sharing Info Sharing Info Sharing Info “We do not sell user health information, and we do “No Program or individual has access to your info not share it with other individuals or services unless a through the Service unless and until an authorized user explicitly authorizes us to do so, or in the limited user opts-in.” circumstances described in our privacy policy.” “Service users with whom you have shared your “If you share your information with others, you can records can also give a Program access to those view a list of who has access to your information and records. You can see a complete history of how you can revoke sharing privileges at any time.” Programs have accessed the information in your records.” “You can approve access for some websites to view You can decide which Programs you want to use. You your health information. If a website accesses your must approve (or deny) the Program’s access. The access health information and stores a copy of your info, request will include (a) the type of info the Program will that copy will be governed by that site’s privacy access and (b) what the Program wants to do with the info policy...Google is not responsible for the content, (view, add, modify). The Service [also] provides links to performance, or privacy policy of third-party each Program’s privacy statements at the time the Service websites.” asks you to authorize the Program’s access.” Source: Google Health Privacy Policy & HealthVault Privacy Policy
  • 22. “Microsoft may use aggregated info from the Service to improve the quality of the Service and for Non PII “Aggregate, de-identified user information can be marketing of the Service...Microsoft does not use used to publish trends.” your individual account and record information from the Service for marketing without first asking for and receiving your opt-in consent.” “We use personal information collected through the Service, including health info, to provide you with important info about the Service; to send you the PII Directed to another privacy policy provided by Google. HealthVault e-mail newsletter if you opt-in; & to determine your age and location to help determine whether you qualify for an account.” Employees “Microsoft occasionally hires other companies to “A limited number of employees in particular job provide limited services on our behalf, such as functions may have access to user information in answering customer questions about products. We order to operate and improve Google Health.” give those companies only the personal information they need to deliver the service.” Source: Google Health Privacy Policy & HealthVault Privacy Policy
  • 23. “We use a variety of security technologies and procedures...we store the personal information you Security “Google Health secures information by using SSL encryption, back up systems, and other cutting- provide on computer servers w/ limited access that edge information security technology.” are located in controlled facilities (in the U.S.A.)...the Service sends all communications (except e-mail) using SSL.” Compliance Deleting Info “You can completely delete your info at any time. “You can close your account at any time. We Such deletions will take immediate effect in your will wait 90 days before permanently deleting account, and backup copies may persist for a your account.” short time.” “HealthVault complies with the HONcode (Health On The Net Foundation) standard for trustworthy “Google adheres to the US Safe Harbor privacy health information.” principles.” “Microsoft is a member of the TRUSTe Privacy Program.” Source: Google Health Privacy Policy & HealthVault Privacy Policy
  • 24. “For material changes, changes to the privacy policy, we will notify you either by placing a NO mention of a notification if the privacy policy notice on the home page of the HealthVault Web Comm is changed or a stipulation necessitating opt-in sit or by sending you a notification directly...Your consent to new changes. continued use of the service constitutes your agreement to this privacy statement and any updates.” 3 different sites you have to refer to for 3 different sites you have to refer to for complete privacy policy coverage: Comm complete privacy policy coverage: Google Health Developer Policies, Service Agreement, Code of Conduct, Health Department of Commerce for Safe Harbor on the Net Foundation Framework, Google Privacy Policy Overall, the GH policy is conversational, concise Readability with little to no industry jargon. Note: Only those privacy issues specific to the Google Comprehensive policy, some industry jargon, Health Product were listed (to learn about the sufficient level of detail. more generic, applicable policies, users are directed to the Google company privacy policy). Source: Google Health Privacy Policy & HealthVault Privacy Policy
  • 25. The strengths of the Microsoft HealthVault Privacy Strengths Policy are: communication with The strengths of the Google Health Privacy Policy subscribers, opt-in standards & are: readability & opt-in standards. granular control of personal health data when sharing with 3rd parties. The weaknesses of the Google Health Privacy Weaknesses Policy are: defining key terms (like PII), The weaknesses of the Google Health Privacy no granular control of personal health Policy is: defining key terms (like PII) & data when sharing with 3rd parties, readability. communication with subscribers.
  • 26. NC Privacy Policies “Among experts, Microsoft earns generally high marks for its promise not to divulge information without a user’s say so. HealthVault lets patients search for health information without leaving the site - so other sites can’t access users IP address or other identifying data. And before connecting to a patient to a partner’s or advertiser’s site, it posts that site’s privacy policy.” - Deborah Peel, Founder of Patient Privacy Rights Source: The Washington Post. March 11, 2008. Page HE01.
  • 27. Arguments for and against extending HIPAA
  • 28. Pro HIPAA ✓ Minimum necessary clause ✓ Consistency among privacy coverage ✓ Strong security provisions ✓ Strong consumer coverage when enforced by HHS ✓ Less burden on individual consent “Practice that protected health information should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. The minimum necessary standard requires covered entities to evaluate their practices and enhance safeguards as needed to limit unnecessary or inappropriate access to and disclosure of protected health information.” Source: HHS.org
  • 29. Against HIPAA ✓ Insufficient rules to address issues unique to PHRs - Ex. risks & penalties for data re-identification ✓ Not enforced unless patient recognized ✓ Limited data set is outdated standards for de-identifying ✓ Loopholes that allow for disclosure without consent
  • 30. Against HIPAA “Bringing third-party PHRs under the scope of HIPAA authorizes the disclosure of highly sensitive data outside the health care system, with each such disclosure subject only to patient authorization.” Meaning the burden of protecting healthcare privacy would be more on the patients themselves if HIPAA was extended to non- covered entities, which could offer more bargaining power to PHR providers. Source: Center for Democracy & Technology
  • 31. Opinion: Revise HIPAA before extending it
  • 32. Opinion: Revise ✓ Restrict PHR vendors from engaging in certain practices, alleviating some of the burden from the patient ✓ Necessitate opt-ins for all personal information shared ✓ Revoke the health care operations clause from PHR coverage ✓ Enact stricter rules on limited data sets (i.e. removing birth year) ✓ Standardize key terms, like personal health information
  • 34. Strength Weakness PHR SWOT Patient control Little to no fiscal cost Privacy Portability Data Liquidity Promotes preventative medicine Accuracy of data Easier to manage chronic diseases Abundance of unhelpful data Easier to manage health of others Opportunity Threat Revisions to HIPAA Current HIPAA Privacy Rule extended Granular control of 3rd-party access Partnerships Security Interoperability Doctor Liability Improved research Accuracy of data Counter healthcare costs
  • 35. Category Criteria HV GH Contact Info Altarum Criteria Effective Date Communication w/ vendor Notification of change in policy Opt-in to changes Alternative language Readability Readability (1-3) 1 being best 2 1 FAQ De-activated accounts Coverage Buy/sell company Cookies Solicit voluntary participation Gathering non-personal data Web-service logs Opt-out options Different policy for identifiable & de-identified Business Associates Family members Clinical trials Detail how/if information is Research shared Marketing Law Enforcement Other Consent Prior to Sharing Personal Health Information Definition of critical terms De-identified HIPAA URAC Data guidelines compliant w/ Safe Harbor Guidelines privacy codes American Medical Association Health on the Net Foundation SSL Encryption Security provisions Location of servers
  • 36. Definitions Privacy: An individual’s right to control the acquisition, uses, or disclosures of his or her identifiable data Confidentiality: Refers to the obligations of those who receive information to respect the privacy interests of those to who the data relate Security: Refers to the physical, technological, or administrative safeguards or tools used to protect identifiable health data from unwarranted access or disclosure Source: Altarum
  • 37. Bibliography Anderson, Howard J. “PHRs: Where Are We Headed?; Cutting through the hype about personal health records to assess their long-term viability.” Health Data Management. May 2008. Retrieved 27th May 2009. Lexis Nexis. Armijo, D. S Chin . J Christensen. J Desper. A Hong. K Knewale. R Lecker. Altarum. “Review of the Personal Health Record (PHR) Service Provider Market: Privacy and Security.” January 5, 2007. Retrieved 26 May 2009. Google. Center for Democracy and Technology. “Why the HIPAA Privacy Rules Would Not Adequately Protect Personal Health Records.” September 2008. Retrieved 26 May 2009. Lexis Nexis. Chilmark Research, “iPHR Market Report: Analysis & Trends of Internet-based Personal Health Records Market.: May 2008. Retrieved 27 May 2009. Google. Conn, Joseph. “Safe and secure?; Data encryption just one option under security law.” Modern Healthcare. May 11, 2009. Retrieved 28 May 2009. Lexis Nexis. Cushman, Reid. “PHRs and the Next HIPAA.” Retrieved 28 May 2009. Lexis Nexis. Gerber, Michael S. “New Ways to Manage Health Data.” The Washington Post. March 11, 2008. Retrieved 28th May 2009. Google. More, John. “Why Extending HIPAA to PHRs is NOT a Good Idea.” May 5, 2008. Chilmark Research blog. Retrieved 26 May 2009. Robeznieks, Andis. “Getting personal; Legal Liability, patient- data overload among issues making physicians uneasy over emergence of personal health records.” Modern Healthcare. May 12, 2007. Retrieved 27 May 2009. Lexis Nexis.
  • 38. Bibliography American Medical Association: http://www.ama-assn.org/ Electronic Privacy Center: http://epic.org/ Fierce Health IT: http://www.fiercehealthit.com/search? cx=011289095233894766042%3Ac5fapsqk1gy&cof=FORID%3A9&as_q=PHR&sa=Go#1226 Google Health Privacy Policy: http://www.google.com/intl/en-US/health/privacy.html Government Health IT: http://govhealthit.com/portals/electronic-health-records.aspx Microsoft HealthVault Privacy Policy: http://healthvault.com/privacy-policy.html Office for Civil Rights. “Personal Health Records and the HIPAA Privacy Rule.” Retrieved 26 May 2009. Google. http://209.85.173.132/search?q=cache:hvTysWy8IfsJ:www.hhs.gov/ocr/privacy/hipaa/ understanding/special/healthit/phrs.pdf+Personal+Health+Records+and+the+HIPAA+privacy +rule&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a Privacy Rights Clearinghouse: http://www.privacyrights.org/ U.S. Department of Health & Human Services: http://www.hhs.gov/ocr/privacy/index.html