SlideShare une entreprise Scribd logo

Standards and Best Practices for Confidentiality of Electronic Health Records

MEASURE Evaluation
MEASURE Evaluation

Presented by Manish Kumar and Sam Wambugu

Formation
1  sur  19
Primer: Standards and Best Practices for Confidentiality of Electronic Health Records Manish Kumar Sam Wambugu MEASURE Evaluation September28, 2015 Informatics Webinar
Outline 1. Context 2. Situation in lower- and middle-income countries (LMIC) 3. Information systems for electronic health records (EHR) 4. Key concepts 5. Security, confidentiality, and privacy analysis 6. Global standards
To describe key concepts, outline global standards, and suggest key steps for organizations to protect and manage access to and use of individual health information in electronic health records. Purpose
“Ensuring the information is processed lawfully and fairly, and is kept secure, is a common value of everyone involved in health care.” − Policy Engagement Network IDRC − 2010
Context  Strong health information systems (HIS) are critical for health systems strengthening  EHR systems are used for:  improving quality of care  reducing cost  enhancing patient mobility  better record keeping  enabling evidence-based medicine
Context, cont.  Transition from paper-based to EHR poses challenges for privacy and confidentiality, security, and data integrity  Expertise on privacy and security aspects of eHealth systems in LMIC is lacking  Understanding of key concepts, standards, and security management practices is necessary
Situation in LMIC  Most of the scientific literature is from developed country experiences  LMICs tend to lack legal and regulatory safeguards  International treaties and conventions may have been signed, but they are not enacted into laws  Where laws exist, regulations that give life to laws are absent  eHealth is not getting the same legislative momentum as e-Commerce and e-Government
Method • Reviewed secondary literature • Literature search was limited to literature published in English and accessible through scientific databases. We used:  PubMed  MeSH (medical subject headings) for “Electronic Health Records” together with other pertinent keywords: privacy, security, confidentiality, protected health information, personally identifiable information
eHealth systems 1. Electronic health records and electronic medical records that capture and store patient information 2. Laboratory information management systems 3. Prescription information systems within hospitals 4. Patient registration and scheduling systems 5. Systems for aggregating and reporting information, monitoring health programs, and tracking patients’ status 6. Clinical decision support systems 7. Patient reminder systems (for example: for prompting patients to take medications or visit a clinic) − mHealth 8. Systems for medical research Electronic systems with patient-identifiable information:
Key concepts in EHR (1) Electronic Health Records Personal Health Information Individual Identifiable Health Information Privacy Security Confidentiality
Key concepts in EHR (2) 1. Electronic health record (EHR) “One or more repositories, physically or virtually integrated, of information in computer processable form, relevant to the wellness, health, and healthcare of an individual, capable of being stored and communicated securely and of being accessible by multiple authorized users, represented according to a standardized or commonly agreed logical information model…” ISO 18308:2011 2. Personal health information “Personal health information is information about an identifiable person which relates to the physical or mental health of the individual, or to provision of health services to the individual…” ISO 27799
Key concepts in EHR (3) 3. Individually identifiable health information “Information, including demographic information that relates to:  the individual’s past, present, or future physical or mental health or condition,  the provision of healthcare to the individual, or  the past, present, or future payment for the provision of healthcare to the individual…” −Health Insurance Portability and Accountability Act (HIPAA) of 1996
Key concepts in EHR (4) 4. Privacy = individual’s right to decide about access to their personal information: what information to share, with whom to share, and how to share 5. Security = protection measures and tools that safeguards health information and health information systems from any unauthorized access to or modification of information, denial of service to authorized users, and provision of service to unauthorized users 6. Confidentiality is intertwined with privacy and security. It is a tool to protect privacy or an act of limiting disclosure of private matters.
Security analysis Confidentiality, integrity, and availability triad of NIST
Ensuring privacy, security, and confidentiality • Even though technology and standards are integral to security and privacy of health information in EHR, healthcare providers have the prime responsibility • Information security involves a number of non- technical factors: • organizational policy • human resources • communication networks • roles and processes • monitoring and compliance
Global standards (1) • Health informatics standards are set by both international and national standard organizations.  ISO is the global authority for standards  European Committee for Standardization (CEN) is the European authority for standards  American National Standards Institute (ANSI), approves official national standards in the United States • Work of these standard organizations inform and influence each others’ standard development processes. • Adoption, implementation, and compliance to standards in a healthcare system is context-specific.
Global standards (2)  Availability of international and national health informatics standards is critical but not enough to protect individual health information.  Information security involves a number of non-technical factors such as organizational policy, human resource, communication networks, roles and processes, monitoring and compliance  Inadequate identification and authentication of users, unauthorized access and inadequate monitoring of user activity, inappropriate disclosure, reporting requirements, and poor security are key sources of privacy breaches (Neame 2014)
Conclusion • While EHR systems are vital to improved and continuity of care data privacy, security and confidentiality issues can create hurdles • To be effective, the principles of privacy, confidentiality, and security in the eHealth environment must be supported by local awareness and a strong national legal and regulatory footing • Awareness and understanding of related key concepts can create an enabling environment • National and international health informatics standards and legislation are essential
MEASURE Evaluation is funded by the U.S. Agency for International Development (USAID) under terms of Cooperative Agreement AID-OAA-L-14-00004 and implemented by the Carolina Population Center, University of North Carolina at Chapel Hill in partnership with ICF International, John Snow, Inc., Management Sciences for Health, Palladium Group, and Tulane University. The views expressed in this presentation do not necessarily reflect the views of USAID or the United States government. www.measureevaluation.org For more information on MEASURE Evaluation’s work in health informatics, visit: www.cpc.unc.edu/measure/publications/fs-15-141

Recommandé

Health information security system
Health information security systemHealth information security system
Health information security system
Diana Fernandez
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliance
dixibee
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
Jocelyn Garcia
 
Overview of Health Informatics (Ramathibodi 7th Healthcare CIO)
Overview of Health Informatics (Ramathibodi 7th Healthcare CIO)Overview of Health Informatics (Ramathibodi 7th Healthcare CIO)
Overview of Health Informatics (Ramathibodi 7th Healthcare CIO)
Nawanan Theera-Ampornpunt
 
Medical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityMedical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And Security
Abbas Shojaee MD, CHDA
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
Nawanan Theera-Ampornpunt
 
Nursing informatics
Nursing informaticsNursing informatics
Nursing informatics
MariaKuriakose5
 
4 Best Practices for Analyzing Healthcare Data
4 Best Practices for Analyzing Healthcare Data4 Best Practices for Analyzing Healthcare Data
4 Best Practices for Analyzing Healthcare Data
Health Catalyst
 

Recommandé

Health information security system
Health information security systemHealth information security system
Health information security system
Diana Fernandez
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliance
dixibee
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
Jocelyn Garcia
 
Overview of Health Informatics (Ramathibodi 7th Healthcare CIO)
Overview of Health Informatics (Ramathibodi 7th Healthcare CIO)Overview of Health Informatics (Ramathibodi 7th Healthcare CIO)
Overview of Health Informatics (Ramathibodi 7th Healthcare CIO)
Nawanan Theera-Ampornpunt
 
Medical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityMedical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And Security
Abbas Shojaee MD, CHDA
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
Nawanan Theera-Ampornpunt
 
Nursing informatics
Nursing informaticsNursing informatics
Nursing informatics
MariaKuriakose5
 
4 Best Practices for Analyzing Healthcare Data
4 Best Practices for Analyzing Healthcare Data4 Best Practices for Analyzing Healthcare Data
4 Best Practices for Analyzing Healthcare Data
Health Catalyst
 
Teesside patient safety conference presentations
Teesside patient safety conference presentationsTeesside patient safety conference presentations
Teesside patient safety conference presentations
NHS Improving Quality
 
Medical Errors within the U.S. Healthcare System
Medical Errors within the U.S. Healthcare SystemMedical Errors within the U.S. Healthcare System
Medical Errors within the U.S. Healthcare System
Terry Coulon
 
Electronic Health Records: Implications for IMO State's Healthcare System
Electronic Health Records: Implications for IMO State's Healthcare SystemElectronic Health Records: Implications for IMO State's Healthcare System
Electronic Health Records: Implications for IMO State's Healthcare System
Michael Loechel
 
Overview of Health Informatics
Overview of Health InformaticsOverview of Health Informatics
Overview of Health Informatics
Nawanan Theera-Ampornpunt
 
Clinical Information Systems
Clinical Information SystemsClinical Information Systems
Clinical Information Systems
Nawanan Theera-Ampornpunt
 
Introduction to Health Informatics
Introduction to Health InformaticsIntroduction to Health Informatics
Introduction to Health Informatics
asm071149
 
Laws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of TelemedicineLaws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of Telemedicine
Lynne Watanabe
 
Electronic medical record
Electronic medical recordElectronic medical record
Electronic medical record
Frank James
 
Introduction to Health Informatics
Introduction to Health InformaticsIntroduction to Health Informatics
Introduction to Health Informatics
Moustafa Hosni
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
bholmes
 
patient safety.pptx
patient safety.pptxpatient safety.pptx
patient safety.pptx
hayatalakoum1
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
PS Deb
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bev
blk70130
 
Health information system security
Health information system securityHealth information system security
Health information system security
kristinleighclark
 
The Electronic Health Record – Challenges and Solutions
The Electronic Health Record – Challenges and SolutionsThe Electronic Health Record – Challenges and Solutions
The Electronic Health Record – Challenges and Solutions
mosmedicalreview
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
Ehrecord79
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in Healthcare
Queen Myers
 
Emr presentation
Emr presentationEmr presentation
Emr presentation
Chris Oyibe
 
"Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation""Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation"
chandy-20
 
Simple and Safe Approaches Towards Patient Safety
Simple and Safe Approaches Towards Patient SafetySimple and Safe Approaches Towards Patient Safety
Simple and Safe Approaches Towards Patient Safety
Ehi Iden
 
Digital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practiceDigital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practice
Tim Lloyd
 
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
MEASURE Evaluation
 

Contenu connexe

Tendances

Medical Errors within the U.S. Healthcare System
Medical Errors within the U.S. Healthcare SystemMedical Errors within the U.S. Healthcare System
Medical Errors within the U.S. Healthcare System
Terry Coulon
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
bholmes
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
PS Deb
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bev
blk70130
 
Health information system security
Health information system securityHealth information system security
Health information system security
kristinleighclark
 
Emr presentation
Emr presentationEmr presentation
Emr presentation
Chris Oyibe
 
"Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation""Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation"
chandy-20
 

Tendances (20)

Teesside patient safety conference presentations
Teesside patient safety conference presentationsTeesside patient safety conference presentations
Teesside patient safety conference presentations
 
Medical Errors within the U.S. Healthcare System
Medical Errors within the U.S. Healthcare SystemMedical Errors within the U.S. Healthcare System
Medical Errors within the U.S. Healthcare System
 
Electronic Health Records: Implications for IMO State's Healthcare System
Electronic Health Records: Implications for IMO State's Healthcare SystemElectronic Health Records: Implications for IMO State's Healthcare System
Electronic Health Records: Implications for IMO State's Healthcare System
 
Overview of Health Informatics
Overview of Health InformaticsOverview of Health Informatics
Overview of Health Informatics
 
Clinical Information Systems
Clinical Information SystemsClinical Information Systems
Clinical Information Systems
 
Introduction to Health Informatics
Introduction to Health InformaticsIntroduction to Health Informatics
Introduction to Health Informatics
 
Laws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of TelemedicineLaws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of Telemedicine
 
Electronic medical record
Electronic medical recordElectronic medical record
Electronic medical record
 
Introduction to Health Informatics
Introduction to Health InformaticsIntroduction to Health Informatics
Introduction to Health Informatics
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
 
patient safety.pptx
patient safety.pptxpatient safety.pptx
patient safety.pptx
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bev
 
Health information system security
Health information system securityHealth information system security
Health information system security
 
The Electronic Health Record – Challenges and Solutions
The Electronic Health Record – Challenges and SolutionsThe Electronic Health Record – Challenges and Solutions
The Electronic Health Record – Challenges and Solutions
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in Healthcare
 
Emr presentation
Emr presentationEmr presentation
Emr presentation
 
"Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation""Nursing Informatics PowerPoint Presentation"
"Nursing Informatics PowerPoint Presentation"
 
Simple and Safe Approaches Towards Patient Safety
Simple and Safe Approaches Towards Patient SafetySimple and Safe Approaches Towards Patient Safety
Simple and Safe Approaches Towards Patient Safety
 

En vedette

Digital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practiceDigital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practice
Tim Lloyd
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updated
kkurapat
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
Karna *
 

En vedette (13)

Digital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practiceDigital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practice
 
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
 
Evaluations of Gender-Integrated Reproductive Health Interventions: A Review ...
Evaluations of Gender-Integrated Reproductive Health Interventions: A Review ...Evaluations of Gender-Integrated Reproductive Health Interventions: A Review ...
Evaluations of Gender-Integrated Reproductive Health Interventions: A Review ...
 
Monitoring and Evaluating Male Engagement in Family Planning Programs
Monitoring and Evaluating Male Engagement in Family Planning ProgramsMonitoring and Evaluating Male Engagement in Family Planning Programs
Monitoring and Evaluating Male Engagement in Family Planning Programs
 
Implementing the Population Registration System: Progress Towards a Data Revo...
Implementing the Population Registration System: Progress Towards a Data Revo...Implementing the Population Registration System: Progress Towards a Data Revo...
Implementing the Population Registration System: Progress Towards a Data Revo...
 
Digital Data Ethics: Harnessing without Hurting
Digital Data Ethics: Harnessing without HurtingDigital Data Ethics: Harnessing without Hurting
Digital Data Ethics: Harnessing without Hurting
 
Evaluation of the Impact of Malaria Control Interventions on All-Cause Mortal...
Evaluation of the Impact of Malaria Control Interventions on All-Cause Mortal...Evaluation of the Impact of Malaria Control Interventions on All-Cause Mortal...
Evaluation of the Impact of Malaria Control Interventions on All-Cause Mortal...
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updated
 
Fundamentals of Program Impact Evaluation
Fundamentals of Program Impact EvaluationFundamentals of Program Impact Evaluation
Fundamentals of Program Impact Evaluation
 
Lessons Learned Collecting Most Significant Change Stories in an Impact Evalu...
Lessons Learned Collecting Most Significant Change Stories in an Impact Evalu...Lessons Learned Collecting Most Significant Change Stories in an Impact Evalu...
Lessons Learned Collecting Most Significant Change Stories in an Impact Evalu...
 
Data Quality Review (DQR) Methods and Tools: Holistic, Country-Led Data Qual...
Data Quality Review (DQR) Methods and Tools: Holistic, Country-Led Data Qual...Data Quality Review (DQR) Methods and Tools: Holistic, Country-Led Data Qual...
Data Quality Review (DQR) Methods and Tools: Holistic, Country-Led Data Qual...
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 

Similaire à Standards and Best Practices for Confidentiality of Electronic Health Records

Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
kayla_ann_30
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information Exchange
Trend Micro
 
Implementing The Affordable Care Act Essay
Implementing The Affordable Care Act EssayImplementing The Affordable Care Act Essay
Implementing The Affordable Care Act Essay
Michelle Love
 
Virtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docxVirtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docx
sheronlewthwaite
 
International Journal of Telerehabilitation • telere.docx
International Journal of Telerehabilitation • telere.docxInternational Journal of Telerehabilitation • telere.docx
International Journal of Telerehabilitation • telere.docx
tarifarmarie
 
Management information system in health care
Management information system in health careManagement information system in health care
Management information system in health care
NewNurseMaria
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentation
queeniejoy
 
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docxPSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
woodruffeloisa
 
HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU Simplified
Gretchen Husted
 
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-SystemAccenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Dr.Nilesh Sudam B
 
eHealth Practice in Europe: where do we stand?
eHealth Practice in Europe: where do we stand?eHealth Practice in Europe: where do we stand?
eHealth Practice in Europe: where do we stand?
chronaki
 

Similaire à Standards and Best Practices for Confidentiality of Electronic Health Records (20)

Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
 
Mha 690 discussion 2 Seynabou
Mha 690 discussion 2 SeynabouMha 690 discussion 2 Seynabou
Mha 690 discussion 2 Seynabou
 
Health IT and OpenMRS
Health IT and OpenMRSHealth IT and OpenMRS
Health IT and OpenMRS
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information Exchange
 
Nursing Informatics
Nursing InformaticsNursing Informatics
Nursing Informatics
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:
 
Implementing The Affordable Care Act Essay
Implementing The Affordable Care Act EssayImplementing The Affordable Care Act Essay
Implementing The Affordable Care Act Essay
 
Virtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docxVirtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docx
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
 
International Journal of Telerehabilitation • telere.docx
International Journal of Telerehabilitation • telere.docxInternational Journal of Telerehabilitation • telere.docx
International Journal of Telerehabilitation • telere.docx
 
Emerose galvez
Emerose galvezEmerose galvez
Emerose galvez
 
Management information system in health care
Management information system in health careManagement information system in health care
Management information system in health care
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentation
 
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docxPSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
 
HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU Simplified
 
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-SystemAccenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
 
Health Data Sharing Scene Setting
Health Data Sharing Scene Setting Health Data Sharing Scene Setting
Health Data Sharing Scene Setting
 
eHealth Practice in Europe: where do we stand?
eHealth Practice in Europe: where do we stand?eHealth Practice in Europe: where do we stand?
eHealth Practice in Europe: where do we stand?
 
Survey of open source health information systems
Survey of open source health information systemsSurvey of open source health information systems
Survey of open source health information systems
 
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
 

Plus de MEASURE Evaluation

Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
MEASURE Evaluation
 
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
MEASURE Evaluation
 

Plus de MEASURE Evaluation (20)

Managing missing values in routinely reported data: One approach from the Dem...
Managing missing values in routinely reported data: One approach from the Dem...Managing missing values in routinely reported data: One approach from the Dem...
Managing missing values in routinely reported data: One approach from the Dem...
 
Use of Routine Data for Economic Evaluations
Use of Routine Data for Economic EvaluationsUse of Routine Data for Economic Evaluations
Use of Routine Data for Economic Evaluations
 
Routine data use in evaluation: practical guidance
Routine data use in evaluation: practical guidanceRoutine data use in evaluation: practical guidance
Routine data use in evaluation: practical guidance
 
Tuberculosis/HIV Mobility Study: Objectives and Background
Tuberculosis/HIV Mobility Study: Objectives and BackgroundTuberculosis/HIV Mobility Study: Objectives and Background
Tuberculosis/HIV Mobility Study: Objectives and Background
 
How to improve the capabilities of health information systems to address emer...
How to improve the capabilities of health information systems to address emer...How to improve the capabilities of health information systems to address emer...
How to improve the capabilities of health information systems to address emer...
 
LCI Evaluation Uganda Organizational Network Analysis
LCI Evaluation Uganda Organizational Network AnalysisLCI Evaluation Uganda Organizational Network Analysis
LCI Evaluation Uganda Organizational Network Analysis
 
Using Organizational Network Analysis to Plan and Evaluate Global Health Prog...
Using Organizational Network Analysis to Plan and Evaluate Global Health Prog...Using Organizational Network Analysis to Plan and Evaluate Global Health Prog...
Using Organizational Network Analysis to Plan and Evaluate Global Health Prog...
 
Understanding Referral Networks for Adolescent Girls and Young Women
Understanding Referral Networks for Adolescent Girls and Young WomenUnderstanding Referral Networks for Adolescent Girls and Young Women
Understanding Referral Networks for Adolescent Girls and Young Women
 
Data for Impact: Lessons Learned in Using the Ripple Effects Mapping Method
Data for Impact: Lessons Learned in Using the Ripple Effects Mapping MethodData for Impact: Lessons Learned in Using the Ripple Effects Mapping Method
Data for Impact: Lessons Learned in Using the Ripple Effects Mapping Method
 
Local Capacity Initiative (LCI) Evaluation
Local Capacity Initiative (LCI) EvaluationLocal Capacity Initiative (LCI) Evaluation
Local Capacity Initiative (LCI) Evaluation
 
Development and Validation of a Reproductive Empowerment Scale
Development and Validation of a Reproductive Empowerment ScaleDevelopment and Validation of a Reproductive Empowerment Scale
Development and Validation of a Reproductive Empowerment Scale
 
Sustaining the Impact: MEASURE Evaluation Conversation on Maternal and Child ...
Sustaining the Impact: MEASURE Evaluation Conversation on Maternal and Child ...Sustaining the Impact: MEASURE Evaluation Conversation on Maternal and Child ...
Sustaining the Impact: MEASURE Evaluation Conversation on Maternal and Child ...
 
Using Most Significant Change in a Mixed-Methods Evaluation in Uganda
Using Most Significant Change in a Mixed-Methods Evaluation in UgandaUsing Most Significant Change in a Mixed-Methods Evaluation in Uganda
Using Most Significant Change in a Mixed-Methods Evaluation in Uganda
 
Lessons Learned In Using the Most Significant Change Technique in Evaluation
Lessons Learned In Using the Most Significant Change Technique in EvaluationLessons Learned In Using the Most Significant Change Technique in Evaluation
Lessons Learned In Using the Most Significant Change Technique in Evaluation
 
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
 
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
 
Improved Performance of the Malaria Surveillance, Monitoring, and Evaluation ...
Improved Performance of the Malaria Surveillance, Monitoring, and Evaluation ...Improved Performance of the Malaria Surveillance, Monitoring, and Evaluation ...
Improved Performance of the Malaria Surveillance, Monitoring, and Evaluation ...
 
Lessons learned in using process tracing for evaluation
Lessons learned in using process tracing for evaluationLessons learned in using process tracing for evaluation
Lessons learned in using process tracing for evaluation
 
Use of Qualitative Comparative Analysis in the Assessment of the Actionable D...
Use of Qualitative Comparative Analysis in the Assessment of the Actionable D...Use of Qualitative Comparative Analysis in the Assessment of the Actionable D...
Use of Qualitative Comparative Analysis in the Assessment of the Actionable D...
 
Sustaining the Impact: MEASURE Evaluation Conversation on Health Informatics
Sustaining the Impact: MEASURE Evaluation Conversation on Health InformaticsSustaining the Impact: MEASURE Evaluation Conversation on Health Informatics
Sustaining the Impact: MEASURE Evaluation Conversation on Health Informatics
 

Dernier

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Dernier (20)

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 

Standards and Best Practices for Confidentiality of Electronic Health Records

  • 1. Primer: Standards and Best Practices for Confidentiality of Electronic Health Records Manish Kumar Sam Wambugu MEASURE Evaluation September28, 2015 Informatics Webinar
  • 2. Outline 1. Context 2. Situation in lower- and middle-income countries (LMIC) 3. Information systems for electronic health records (EHR) 4. Key concepts 5. Security, confidentiality, and privacy analysis 6. Global standards
  • 3. To describe key concepts, outline global standards, and suggest key steps for organizations to protect and manage access to and use of individual health information in electronic health records. Purpose
  • 4. “Ensuring the information is processed lawfully and fairly, and is kept secure, is a common value of everyone involved in health care.” − Policy Engagement Network IDRC − 2010
  • 5. Context  Strong health information systems (HIS) are critical for health systems strengthening  EHR systems are used for:  improving quality of care  reducing cost  enhancing patient mobility  better record keeping  enabling evidence-based medicine
  • 6. Context, cont.  Transition from paper-based to EHR poses challenges for privacy and confidentiality, security, and data integrity  Expertise on privacy and security aspects of eHealth systems in LMIC is lacking  Understanding of key concepts, standards, and security management practices is necessary
  • 7. Situation in LMIC  Most of the scientific literature is from developed country experiences  LMICs tend to lack legal and regulatory safeguards  International treaties and conventions may have been signed, but they are not enacted into laws  Where laws exist, regulations that give life to laws are absent  eHealth is not getting the same legislative momentum as e-Commerce and e-Government
  • 8. Method • Reviewed secondary literature • Literature search was limited to literature published in English and accessible through scientific databases. We used:  PubMed  MeSH (medical subject headings) for “Electronic Health Records” together with other pertinent keywords: privacy, security, confidentiality, protected health information, personally identifiable information
  • 9. eHealth systems 1. Electronic health records and electronic medical records that capture and store patient information 2. Laboratory information management systems 3. Prescription information systems within hospitals 4. Patient registration and scheduling systems 5. Systems for aggregating and reporting information, monitoring health programs, and tracking patients’ status 6. Clinical decision support systems 7. Patient reminder systems (for example: for prompting patients to take medications or visit a clinic) − mHealth 8. Systems for medical research Electronic systems with patient-identifiable information:
  • 10. Key concepts in EHR (1) Electronic Health Records Personal Health Information Individual Identifiable Health Information Privacy Security Confidentiality
  • 11. Key concepts in EHR (2) 1. Electronic health record (EHR) “One or more repositories, physically or virtually integrated, of information in computer processable form, relevant to the wellness, health, and healthcare of an individual, capable of being stored and communicated securely and of being accessible by multiple authorized users, represented according to a standardized or commonly agreed logical information model…” ISO 18308:2011 2. Personal health information “Personal health information is information about an identifiable person which relates to the physical or mental health of the individual, or to provision of health services to the individual…” ISO 27799
  • 12. Key concepts in EHR (3) 3. Individually identifiable health information “Information, including demographic information that relates to:  the individual’s past, present, or future physical or mental health or condition,  the provision of healthcare to the individual, or  the past, present, or future payment for the provision of healthcare to the individual…” −Health Insurance Portability and Accountability Act (HIPAA) of 1996
  • 13. Key concepts in EHR (4) 4. Privacy = individual’s right to decide about access to their personal information: what information to share, with whom to share, and how to share 5. Security = protection measures and tools that safeguards health information and health information systems from any unauthorized access to or modification of information, denial of service to authorized users, and provision of service to unauthorized users 6. Confidentiality is intertwined with privacy and security. It is a tool to protect privacy or an act of limiting disclosure of private matters.
  • 14. Security analysis Confidentiality, integrity, and availability triad of NIST
  • 15. Ensuring privacy, security, and confidentiality • Even though technology and standards are integral to security and privacy of health information in EHR, healthcare providers have the prime responsibility • Information security involves a number of non- technical factors: • organizational policy • human resources • communication networks • roles and processes • monitoring and compliance
  • 16. Global standards (1) • Health informatics standards are set by both international and national standard organizations.  ISO is the global authority for standards  European Committee for Standardization (CEN) is the European authority for standards  American National Standards Institute (ANSI), approves official national standards in the United States • Work of these standard organizations inform and influence each others’ standard development processes. • Adoption, implementation, and compliance to standards in a healthcare system is context-specific.
  • 17. Global standards (2)  Availability of international and national health informatics standards is critical but not enough to protect individual health information.  Information security involves a number of non-technical factors such as organizational policy, human resource, communication networks, roles and processes, monitoring and compliance  Inadequate identification and authentication of users, unauthorized access and inadequate monitoring of user activity, inappropriate disclosure, reporting requirements, and poor security are key sources of privacy breaches (Neame 2014)
  • 18. Conclusion • While EHR systems are vital to improved and continuity of care data privacy, security and confidentiality issues can create hurdles • To be effective, the principles of privacy, confidentiality, and security in the eHealth environment must be supported by local awareness and a strong national legal and regulatory footing • Awareness and understanding of related key concepts can create an enabling environment • National and international health informatics standards and legislation are essential
  • 19. MEASURE Evaluation is funded by the U.S. Agency for International Development (USAID) under terms of Cooperative Agreement AID-OAA-L-14-00004 and implemented by the Carolina Population Center, University of North Carolina at Chapel Hill in partnership with ICF International, John Snow, Inc., Management Sciences for Health, Palladium Group, and Tulane University. The views expressed in this presentation do not necessarily reflect the views of USAID or the United States government. www.measureevaluation.org For more information on MEASURE Evaluation’s work in health informatics, visit: www.cpc.unc.edu/measure/publications/fs-15-141