Question

Determine why information security is so important in healthcare by analyzing at least two different types of safeguards for data and elaborate on what standards are looked at for each. Also, identify the types of facilities these safeguards can be used in and what are the expectations. Please try not to duplicate your classmates’ answers. There may be several different standards for each safeguard but you are required to mention at least two.

Answer 1

The privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government. Federal laws require many of the key persons and organizations that handle health information to have policies and security safeguards in place to protect your health information — whether it is stored on paper or electronically.

Privacy protections apply to your "individually identifiable health information," which means:

• Information that relates to your past, present, or future physical or mental health or condition; to the provision of health care to you; or to past, present, or future payment for the provision of health care to you.

• Information that identifies you or for which there is a reasonable basis to believe it can be used to identify you.

This information can include:

• Information your doctors, nurses, and other health care providers put in your medical record

• Conversations your doctor has about your care or treatment with nurses and others

• Information about you in your health insurer's computer system

A few of the safety measures built in to electronic health record (EHR) systems to protect your medical record may include:

1. “Access control” tools like passwords and PIN numbers, to limit access to patient information to authorized individuals, like the patient's doctors or nurses.
2. "Encrypting" stored information. That means health information cannot be read or understood except by someone who can “decrypt” it, using a special “key” made available only to authorized individuals.

• Billing information about you at your clinic
• Information used by companies or individuals that provide data, billing, or other services to doctors, hospitals, health insurers, and other health care organizations. This includes computer and data services providers, accountants, and other professional services firms.

When this information is held by an individual or organization that must follow HIPAA, it is called "protected health information."

The HIPAA Security Rule protections apply to electronic protected health information.

There are organizations that may have health information about you but do not have to follow the HIPAA Rules. For example, life insurers, employers, and workers' compensation carriers are not required to follow these Rules. However, privacy protections may be required through other laws they have to follow. The same is true for many schools and school districts, State agencies such as child protective service agencies, law enforcement agencies, and municipal offices.

How is my health information protected by HIPAA?

The people and organizations required to follow the HIPAA Privacy and Security Rules must:

• Follow the Rules about who can look at, receive, and share your health information

• Reasonably limit uses and sharing to the minimum necessary amount needed to accomplish their intended purpose. However, providers may disclose more than the minimum necessary when they are sharing information for treatment purposes.

• Have agreements in place with their service providers to ensure that they only use and share your health information according to the law

• Have procedures in place to limit who can access your health information as well as implement training programs for employees about how to protect your health information

• Put in place administrative, technical, and physical safeguards to protect your health information