MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION

Description:

Voluntary Personal Healthcare Identifier (IEEE-USA Voluntary Healthcare ... Technology Multiple ID Approach (Provider ID Provider Unique Personal ID) ... – PowerPoint PPT presentation

Number of Views:187
Avg rating:3.0/5.0
Slides: 19
Provided by: frankfe
Category:

less

Transcript and Presenter's Notes

Title: MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION


1
MAINTAINING SECURITY AND PRIVACY OF PATIENT
INFORMATION
  • September 2, 2006
  • Frank E. Ferrante, MSEE, MSEPP
  • President FEFGroup, LLC
  • Past Chair, Medical Technology Policy Committee
  • IEEE-USA, Washington, DC
  • Presented at
  • 28th IEEE EMBS Annual International Conference
  • Aug 30-Sept. 3, 2006, New York City, New York,
    USA

2
Outline
  • Why Electronic Medical Records?
  • Software Sample/hardware samples
  • Barriers/Standards for EHR
  • HIPAA Security and Privacy Regulations
  • Medical data transmission requirements
  • Wireline and Wireless Telecommunications Services
    Security
  • Security of Patient Medical Records
  • References

3
Why Electronic Medical Records (EMRs)
  • Time spent filing and pulling patient charts,
    searching for charts
  • Time re-creating records if destroyed by natural
    disaster or accident
  • Cost of supplies to maintain charts
  • Cost of facility space for records (can better
    use of space be made?)
  • Storage and Backup Cost
  • Transcription services cost
  • Cost of doing nothing today
  • Better Security/Privacy Maintainable

4
Software/Hardware Supporting Digital Medical
Records
  • Electronic Medical Record (EMR)Software
  • Soapware - check it out 300 Starting Price see
    http//soapware.com/
  • e-MDs Electronic Medical Record Support Software
    http//www.e-mds.com
  • a4Healthsystems EMR and Access systems
    http//www.a4healthsystems.com
  • Companion Technologies http//www.companiontechnol
    ogies.com
  • Security and Privacy - all EMRs must be protected
  • Sample approach indigenous authentication of
    digital information (US Patent 6,757,828 B1 of
    June 29, 2004) by Signa2 http//www.gjtdc.com
  • Backup routinely onto remote servers or storage
    offerings

5
What are the Barriers to EHR and e-Health
Implementation?
  • Lack of a Unique Personal Identifier
  • Lack of HIPAA Compliant Middleware
  • Lack of Incentives
  • No Paradigm or First Mover for Some System
    Components
  • Evolving Standards
  • Disincentives
  • Lack of an NHIN Architecture
  • Fear of Cost/Benefit

Corr 06
6
Barriers and SolutionsIdentifiers and Middleware
  • Lack of a Unique Personal Identifier
  • Solutions
  • Voluntary Personal Healthcare Identifier
    (IEEE-USA Voluntary Healthcare Identifier
    Position Statement, 17 June 2004)
  • Center for Certification of Health Information
    Technology Multiple ID Approach (Provider ID
    Provider Unique Personal ID)
  • DOD Common Access Card Model
  • Lack of HIPAA Compliant Middleware
  • Solutions
  • RHIO Contracts
  • Marketplace Solutions
  • Shortcomings
  • Public Health and Research Interfaces may not be
    included

HIPAA compliant Identification, Authentication,
and Access
Corr 2006
7
EHR Standards Evolution
  • International Statistical Classification of
    Diseases and Related Health Problems (ICD) from
    ICD-9 to ICD-10
  • ASCI X12 Version 4010 to ASCI X12 Version 5010
    (HIPAA Business Transactions)
  • National Council for Prescription Drug Programs
    Telecommunication Standards from version 5.1 to
    version D.0
  • Conversion of all standards to XML

Corr 06
8
HIPAA Security and Privacy Regulations
  • Health Insurance Portability Assurance Act
    (HIPAA)
  • Security - Required stronger and more focused
    provision of security around medical information
    (supports maintaining of information privacy)
  • Privacy - Enforces increase in privacy
    protections for medical information (Not just
    speaking privacy- required under penalty if
    failure occurs)

9
Electronic Medical Record (EMR) Data Requirements
  • Page of text for entering and storing non-image
    information
  • Less than 64 Kbytes(large file)
  • Image Data
  • (Refer to estimate table)

10
Medical Images Data Transmission Requirements
Source Ferrante, F.E.,Evolving
Telemedicine/eHealth Technology, Telemedicine
and e-Health, Vol 11, Number 3, June 2005, Mary
Ann Liebert, Inc Publisher, ISSN-1530-5627.
11
Wireless Telecommunications Services
  • Broadband Services
  • 802.11n
  • WiMax
  • Security
  • PKI
  • VPN
  • Secure ID
  • WEP/WPA/WPA2 (802.11i)

12
How New Technologies Stack Up
Actual performance will vary depending on factors
such as how the technology is deployed, the
users distance from base stations, and
interference.
WPAN
WLAN
WMAN
WWAN
Data Rate (megabits per second)
Source Technology Review, October 2005
13
Security of Patient Records
  • Wireline Communications/Computer Access
  • Database Encryption
  • Public Private Key access control
  • Routine Password Control and Management
  • Isolation of Database Server from outside access
  • except via Virtual Private Network (VPN) and
    Secure ID hand-held devices or Secure Private Key
    system
  • Wireless Communications
  • Wire Equivalent Privacy (WEP)
  • Poorly designed, vulnerable
  • Wireless Protocol Architecture (WPA) WPA2
  • Improved Security Encoding
  • Enterprise Security Offering(Both WPA and WPA2
    now available for Wireless operations as
    alternate to WEP)

14
References
  • Corr 2006 Corrigan, Mike (Current Chair MTPC),
    Consumer-Centered Electronic Health Records and
    e-Health - Roadblocks and Opportunities,
    presented to GEIA Roundtable, June 29, 2006
    -Available at http//www.ieeeusa.org/volunteers/
    committees/mtpc/index.html
  • IEEE-USAIEEE Medical Technology Policy
    Committee Web Site - ttp//www.ieeeusa.org/volunte
    ers/committees/mtpc/index.html

15
Backup Slides
16
Top Level EHR Components
Personal Health Record (PHR) or Personal EHR
Healthcare Provider or Clinical EHRs
Payer Records or Payer EHRs
Glue
Other Healthcare System Records
17
Limited PHR
Full PHR
Personal Health Record
  • Uncertified
  • Demographics
  • Allergies
  • Medications
  • Inoculations
  • Certified
  • Demographics
  • and Identity
  • Links to other EHR components

Personal Health Record
Personal EHR
Personal EHR
Health Insurance Payer Records
Carrier EHR
Hospital Records
Physician Office Records
Dental Office Records
Pharmacy Office Records
Laboratory Records
Provider EHRs
Radiological Records
EMT Records
18
Lifetime Full PHR
Personal Health Record
Anonymized Links with Trusted Reverse Channel
Links
Public Health Records
Environmental Records
Prenatal and Pediatric Records
Research Records
Military and VA Records
Genomic Records
Employer and Self Insurance Carrier Records
Medicare Records
Death Certificate and Autopsy Records
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!