Question

A local internal medicine and cardiology practice has recently implemented their new EHR system from Allscripts. Some relatively minor building renovations were required, and additional hardware was installed. Extensive training sessions and onsite support staff spent several months meeting with all users. Superusers and managers were identified and given additional training. During the testing phases, there were several glitches that needed to be addressed. Because of the practice’s long-standing relationship with a local hospital, they had to electronically communicate seamlessly to coordinate ongoing patient care throughout the healthcare continuum. The EHR from Cerner is used by the hospital. Technology and software issues had to be addressed to ensure interoperability so that complete patient information was transmitted securely. The application of the HL7 messaging standards were evaluated for each system and then the firewall and encryption software were adapted to meet data integrity and secure transmission requirements per the required standards. The patient portal for the physician practice had to be coordinated with the hospital’s EHR so that patients were able to see information generated from their hospital admission. The cardiologists and internal medicine physicians were incorporating this information into their outpatient treatment plan. These issues have been addressed and care coordination has become more efficient thanks in part to the new electronic processes incorporated into both EHR systems.

Question: 1. Explain what types of standards protect health data and information systems from unauthorized access. Discuss how this might hinder the access from legitimate authorized HCOs or other sources. 2. Explain the importance of testing coordinated systems to address transmission and security measures.

Answer 1

1, Privacy rule and security standards for the protection of electronically protected health information protect the patient's health information, OCR(office for civil rights responsible for ensuring privacy and security rules. Under HIPAA compliance security standards protect health information, new technology using an electric information system, providers using clinical applications like CPOE(computerized physician order entry provide access for care
management. the goal of security rule protects the privacy of personal health information(PHI) that allows covered entities to accept the new technologies to improve the quality of patient care.HIPAA privacy rule protects the privacy of individually identified health information that is protected health information. e-PHI security rules maintain in electronic form.it makes confidentiality that will not share the patient's health information with an unauthorized person. privacy rule standards limit the uses and disclosures to PHI, it has policy nad procedure for authorized access to e-PHI from authorized HCO and other unauthorized person.
2,It is important to test the coordinated systems to protect the information and it will not cause the problem of data mining. control of security users of health care information help controls the use of information within and outside the boundaries.HIPAA requires health care organizations to secure protected health information(PHI). it is
important to regularly review the security control and update policies and procedures, maintaining the software and security solutions and upgrading new and better solutions coordinate the system and address and secure the patient informaiton.