Security
How do I secure patient records on the computer?
Files can be secured and protected on a computer or laptop through encryption of the hard drive. When proper encryption is carried out, no one can access the data stored on a computer hard drive without the correct sign-on information.
For more details, visit: http://www.earthlinksecurity.com/articles/Understanding_Encryption
%20/index.html
Can I use email to communicate with patients?
Yes, but it’s important that your email system has the appropriate security features in place. The HIPAA Privacy Rule requires reasonable safeguards to be in place. There are certain requirements of the HIPAA Security Rule requirements. There are many firms providing secure email for communication between physicians and their patients AND between physicians for consultation purposes.
For more details, visit: http://findarticles.com/p/articles/mi_hb4365/is_/ai_n29397559
What mechanisms are being used to secure health information exchange?
The education of staff and maintenance of technology are pivotal for the secure exchange of health information. It’s key that staff and providers are properly trained to eliminate potential risky behaviors. In addition, make sure all system protections (firewalls, spyware detection, etc.) are installed, operational and up-to-date.
For more details, visit:
http://www.nap.edu/catalog.php?record_id=5595
“For The Record: Protecting Electronic Health Information” by the Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure, Commission on Physical Sciences, Mathematics and Applications, and the National Research Council
http://www.ncbi.nlm.nih.gov/pubmed/16548416
Y.B. Choi et al (2006). Challenges Associated with Privacy in Health Care Industry: Implementation of HIPAA and the Security Rules. J. Med. Sys. 30(1) 57-64
What steps should be taken to ensure that health information is only used by those involved in the care of a particular patient?
A health care provider must adopt policies and procedures that restrict access and uses of health care information based on the specific rules of the members of their workforces.
Will patients have the ability to limit what and to whom their health information is shared?
Patients have the right to request that a health care provider restrict the use or disclosure of their health care information for treatment, payment or health care operations, disclosure to persons involved in the patient’s health care or payment for health care, or disclosure to notify family members or others about the patient’s general condition, location, or death. However, a health care provider does not have to agree to any of these requested restrictions.
Who will be responsible for the monitoring of access to particular patients information?
Connecting For Health, a public/private collaboration operated by The Markle Foundation, created the first detailed, consensus-based approach to consumer access and privacy practices for important new internet-based health information services. It consists of a set of 17 mutually-reinforcing technical documents and specifications, testing interfaces, code, privacy and security policies, and model contract language.
For more details, visit: http://www.connectingforhealth.org/commonframework/index.html
