SlideShare a Scribd company logo

Standards and Best Practices for Confidentiality of Electronic Health Records

MEASURE Evaluation
MEASURE Evaluation

Presented by Manish Kumar and Sam Wambugu

Education
1 of 19
Primer: Standards and Best Practices for Confidentiality of Electronic Health Records Manish Kumar Sam Wambugu MEASURE Evaluation September28, 2015 Informatics Webinar
Outline 1. Context 2. Situation in lower- and middle-income countries (LMIC) 3. Information systems for electronic health records (EHR) 4. Key concepts 5. Security, confidentiality, and privacy analysis 6. Global standards
To describe key concepts, outline global standards, and suggest key steps for organizations to protect and manage access to and use of individual health information in electronic health records. Purpose
“Ensuring the information is processed lawfully and fairly, and is kept secure, is a common value of everyone involved in health care.” − Policy Engagement Network IDRC − 2010
Context  Strong health information systems (HIS) are critical for health systems strengthening  EHR systems are used for:  improving quality of care  reducing cost  enhancing patient mobility  better record keeping  enabling evidence-based medicine
Context, cont.  Transition from paper-based to EHR poses challenges for privacy and confidentiality, security, and data integrity  Expertise on privacy and security aspects of eHealth systems in LMIC is lacking  Understanding of key concepts, standards, and security management practices is necessary
Situation in LMIC  Most of the scientific literature is from developed country experiences  LMICs tend to lack legal and regulatory safeguards  International treaties and conventions may have been signed, but they are not enacted into laws  Where laws exist, regulations that give life to laws are absent  eHealth is not getting the same legislative momentum as e-Commerce and e-Government
Method • Reviewed secondary literature • Literature search was limited to literature published in English and accessible through scientific databases. We used:  PubMed  MeSH (medical subject headings) for “Electronic Health Records” together with other pertinent keywords: privacy, security, confidentiality, protected health information, personally identifiable information
eHealth systems 1. Electronic health records and electronic medical records that capture and store patient information 2. Laboratory information management systems 3. Prescription information systems within hospitals 4. Patient registration and scheduling systems 5. Systems for aggregating and reporting information, monitoring health programs, and tracking patients’ status 6. Clinical decision support systems 7. Patient reminder systems (for example: for prompting patients to take medications or visit a clinic) − mHealth 8. Systems for medical research Electronic systems with patient-identifiable information:
Key concepts in EHR (1) Electronic Health Records Personal Health Information Individual Identifiable Health Information Privacy Security Confidentiality
Key concepts in EHR (2) 1. Electronic health record (EHR) “One or more repositories, physically or virtually integrated, of information in computer processable form, relevant to the wellness, health, and healthcare of an individual, capable of being stored and communicated securely and of being accessible by multiple authorized users, represented according to a standardized or commonly agreed logical information model…” ISO 18308:2011 2. Personal health information “Personal health information is information about an identifiable person which relates to the physical or mental health of the individual, or to provision of health services to the individual…” ISO 27799
Key concepts in EHR (3) 3. Individually identifiable health information “Information, including demographic information that relates to:  the individual’s past, present, or future physical or mental health or condition,  the provision of healthcare to the individual, or  the past, present, or future payment for the provision of healthcare to the individual…” −Health Insurance Portability and Accountability Act (HIPAA) of 1996
Key concepts in EHR (4) 4. Privacy = individual’s right to decide about access to their personal information: what information to share, with whom to share, and how to share 5. Security = protection measures and tools that safeguards health information and health information systems from any unauthorized access to or modification of information, denial of service to authorized users, and provision of service to unauthorized users 6. Confidentiality is intertwined with privacy and security. It is a tool to protect privacy or an act of limiting disclosure of private matters.
Security analysis Confidentiality, integrity, and availability triad of NIST
Ensuring privacy, security, and confidentiality • Even though technology and standards are integral to security and privacy of health information in EHR, healthcare providers have the prime responsibility • Information security involves a number of non- technical factors: • organizational policy • human resources • communication networks • roles and processes • monitoring and compliance
Global standards (1) • Health informatics standards are set by both international and national standard organizations.  ISO is the global authority for standards  European Committee for Standardization (CEN) is the European authority for standards  American National Standards Institute (ANSI), approves official national standards in the United States • Work of these standard organizations inform and influence each others’ standard development processes. • Adoption, implementation, and compliance to standards in a healthcare system is context-specific.
Global standards (2)  Availability of international and national health informatics standards is critical but not enough to protect individual health information.  Information security involves a number of non-technical factors such as organizational policy, human resource, communication networks, roles and processes, monitoring and compliance  Inadequate identification and authentication of users, unauthorized access and inadequate monitoring of user activity, inappropriate disclosure, reporting requirements, and poor security are key sources of privacy breaches (Neame 2014)
Conclusion • While EHR systems are vital to improved and continuity of care data privacy, security and confidentiality issues can create hurdles • To be effective, the principles of privacy, confidentiality, and security in the eHealth environment must be supported by local awareness and a strong national legal and regulatory footing • Awareness and understanding of related key concepts can create an enabling environment • National and international health informatics standards and legislation are essential
MEASURE Evaluation is funded by the U.S. Agency for International Development (USAID) under terms of Cooperative Agreement AID-OAA-L-14-00004 and implemented by the Carolina Population Center, University of North Carolina at Chapel Hill in partnership with ICF International, John Snow, Inc., Management Sciences for Health, Palladium Group, and Tulane University. The views expressed in this presentation do not necessarily reflect the views of USAID or the United States government. www.measureevaluation.org For more information on MEASURE Evaluation’s work in health informatics, visit: www.cpc.unc.edu/measure/publications/fs-15-141

Recommended

Medical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityMedical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And Security
Abbas Shojaee MD, CHDA
 
Scaling Digital Health Information Systems: Reviewing Lessons and Looking int...
Scaling Digital Health Information Systems: Reviewing Lessons and Looking int...Scaling Digital Health Information Systems: Reviewing Lessons and Looking int...
Scaling Digital Health Information Systems: Reviewing Lessons and Looking int...
MEASURE Evaluation
 
Clinical Decision Support Systems
Clinical Decision Support SystemsClinical Decision Support Systems
Clinical Decision Support Systems
pradhasrini
 
Clinical Informatics
Clinical Informatics Clinical Informatics
Clinical Informatics
Iris Thiele Isip-Tan
 
How to Evaluate Emerging Healthcare Technology with Innovative Analytics
How to Evaluate Emerging Healthcare Technology with Innovative AnalyticsHow to Evaluate Emerging Healthcare Technology with Innovative Analytics
How to Evaluate Emerging Healthcare Technology with Innovative Analytics
Health Catalyst
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
ptamayo1958
 
Electronic Health Record
Electronic Health RecordElectronic Health Record
Electronic Health Record
Achisha Saikia
 
Healthcare information technology
Healthcare information technologyHealthcare information technology
Healthcare information technology
Dr.Vijay Talla
 

Recommended

Medical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityMedical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And Security
Abbas Shojaee MD, CHDA
 
Scaling Digital Health Information Systems: Reviewing Lessons and Looking int...
Scaling Digital Health Information Systems: Reviewing Lessons and Looking int...Scaling Digital Health Information Systems: Reviewing Lessons and Looking int...
Scaling Digital Health Information Systems: Reviewing Lessons and Looking int...
MEASURE Evaluation
 
Clinical Decision Support Systems
Clinical Decision Support SystemsClinical Decision Support Systems
Clinical Decision Support Systems
pradhasrini
 
Clinical Informatics
Clinical Informatics Clinical Informatics
Clinical Informatics
Iris Thiele Isip-Tan
 
How to Evaluate Emerging Healthcare Technology with Innovative Analytics
How to Evaluate Emerging Healthcare Technology with Innovative AnalyticsHow to Evaluate Emerging Healthcare Technology with Innovative Analytics
How to Evaluate Emerging Healthcare Technology with Innovative Analytics
Health Catalyst
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
ptamayo1958
 
Electronic Health Record
Electronic Health RecordElectronic Health Record
Electronic Health Record
Achisha Saikia
 
Healthcare information technology
Healthcare information technologyHealthcare information technology
Healthcare information technology
Dr.Vijay Talla
 
Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
VENODEN DHARMARAJAN
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health Care
Vaileth Mdete
 
Introduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPIntroduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUP
Atlantic Training, LLC.
 
Powerpoint presentation on EHR
Powerpoint presentation on EHRPowerpoint presentation on EHR
Powerpoint presentation on EHR
informatics-jacqueline
 
hitech act
hitech acthitech act
hitech act
padler01
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
Jocelyn Garcia
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
PS Deb
 
The Transition from Paper to Electronic Records
The Transition from Paper to Electronic RecordsThe Transition from Paper to Electronic Records
The Transition from Paper to Electronic Records
Matthew Kim
 
Overview of Health Informatics
Overview of Health InformaticsOverview of Health Informatics
Overview of Health Informatics
Nawanan Theera-Ampornpunt
 
Laws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of TelemedicineLaws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of Telemedicine
Lynne Watanabe
 
Health information exchange (HIE)
Health information exchange (HIE)Health information exchange (HIE)
Health information exchange (HIE)
ACCESS Health Digital
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
Nawanan Theera-Ampornpunt
 
AI in Healthcare.pptx
AI in Healthcare.pptxAI in Healthcare.pptx
AI in Healthcare.pptx
Dr. Anik Chakraborty
 
Electronic medical record for Doctors
Electronic medical record for DoctorsElectronic medical record for Doctors
Electronic medical record for Doctors
Railwire
 
Teesside patient safety conference presentations
Teesside patient safety conference presentationsTeesside patient safety conference presentations
Teesside patient safety conference presentations
NHS Improving Quality
 
Pros and cons of ehr
Pros and cons of ehrPros and cons of ehr
Pros and cons of ehr
Nortec Ehr
 
Emr presentation
Emr presentationEmr presentation
Emr presentation
Chris Oyibe
 
Week 9 emr implementation final project
Week 9 emr implementation final projectWeek 9 emr implementation final project
Week 9 emr implementation final project
prdolfin
 
Electronic health record powerpoint assignment for informatics
Electronic health record powerpoint assignment for informaticsElectronic health record powerpoint assignment for informatics
Electronic health record powerpoint assignment for informatics
Michaelina Alexander
 
Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...
Nawanan Theera-Ampornpunt
 
Digital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practiceDigital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practice
Tim Lloyd
 
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
MEASURE Evaluation
 

More Related Content

What's hot

Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
VENODEN DHARMARAJAN
 
Introduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPIntroduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUP
Atlantic Training, LLC.
 
hitech act
hitech acthitech act
hitech act
padler01
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
PS Deb
 
Emr presentation
Emr presentationEmr presentation
Emr presentation
Chris Oyibe
 
Week 9 emr implementation final project
Week 9 emr implementation final projectWeek 9 emr implementation final project
Week 9 emr implementation final project
prdolfin
 
Electronic health record powerpoint assignment for informatics
Electronic health record powerpoint assignment for informaticsElectronic health record powerpoint assignment for informatics
Electronic health record powerpoint assignment for informatics
Michaelina Alexander
 

What's hot (20)

Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
Patient safety in Healthcare; Developing Patient Safety Culture by reporting ...
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health Care
 
Introduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPIntroduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUP
 
Powerpoint presentation on EHR
Powerpoint presentation on EHRPowerpoint presentation on EHR
Powerpoint presentation on EHR
 
hitech act
hitech acthitech act
hitech act
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
 
Electronic health record
Electronic health recordElectronic health record
Electronic health record
 
The Transition from Paper to Electronic Records
The Transition from Paper to Electronic RecordsThe Transition from Paper to Electronic Records
The Transition from Paper to Electronic Records
 
Overview of Health Informatics
Overview of Health InformaticsOverview of Health Informatics
Overview of Health Informatics
 
Laws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of TelemedicineLaws & regulations surrounding the evolution of Telemedicine
Laws & regulations surrounding the evolution of Telemedicine
 
Health information exchange (HIE)
Health information exchange (HIE)Health information exchange (HIE)
Health information exchange (HIE)
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
AI in Healthcare.pptx
AI in Healthcare.pptxAI in Healthcare.pptx
AI in Healthcare.pptx
 
Electronic medical record for Doctors
Electronic medical record for DoctorsElectronic medical record for Doctors
Electronic medical record for Doctors
 
Teesside patient safety conference presentations
Teesside patient safety conference presentationsTeesside patient safety conference presentations
Teesside patient safety conference presentations
 
Pros and cons of ehr
Pros and cons of ehrPros and cons of ehr
Pros and cons of ehr
 
Emr presentation
Emr presentationEmr presentation
Emr presentation
 
Week 9 emr implementation final project
Week 9 emr implementation final projectWeek 9 emr implementation final project
Week 9 emr implementation final project
 
Electronic health record powerpoint assignment for informatics
Electronic health record powerpoint assignment for informaticsElectronic health record powerpoint assignment for informatics
Electronic health record powerpoint assignment for informatics
 
Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...
 

Viewers also liked

Digital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practiceDigital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practice
Tim Lloyd
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updated
kkurapat
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
bholmes
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
Karna *
 

Viewers also liked (14)

Digital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practiceDigital health at DH: guidance, support and best practice
Digital health at DH: guidance, support and best practice
 
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
Impact Evaluation of Approaches to Strengthen Health Facility Operation and M...
 
Evaluations of Gender-Integrated Reproductive Health Interventions: A Review ...
Evaluations of Gender-Integrated Reproductive Health Interventions: A Review ...Evaluations of Gender-Integrated Reproductive Health Interventions: A Review ...
Evaluations of Gender-Integrated Reproductive Health Interventions: A Review ...
 
Monitoring and Evaluating Male Engagement in Family Planning Programs
Monitoring and Evaluating Male Engagement in Family Planning ProgramsMonitoring and Evaluating Male Engagement in Family Planning Programs
Monitoring and Evaluating Male Engagement in Family Planning Programs
 
Implementing the Population Registration System: Progress Towards a Data Revo...
Implementing the Population Registration System: Progress Towards a Data Revo...Implementing the Population Registration System: Progress Towards a Data Revo...
Implementing the Population Registration System: Progress Towards a Data Revo...
 
Digital Data Ethics: Harnessing without Hurting
Digital Data Ethics: Harnessing without HurtingDigital Data Ethics: Harnessing without Hurting
Digital Data Ethics: Harnessing without Hurting
 
Evaluation of the Impact of Malaria Control Interventions on All-Cause Mortal...
Evaluation of the Impact of Malaria Control Interventions on All-Cause Mortal...Evaluation of the Impact of Malaria Control Interventions on All-Cause Mortal...
Evaluation of the Impact of Malaria Control Interventions on All-Cause Mortal...
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updated
 
Fundamentals of Program Impact Evaluation
Fundamentals of Program Impact EvaluationFundamentals of Program Impact Evaluation
Fundamentals of Program Impact Evaluation
 
Lessons Learned Collecting Most Significant Change Stories in an Impact Evalu...
Lessons Learned Collecting Most Significant Change Stories in an Impact Evalu...Lessons Learned Collecting Most Significant Change Stories in an Impact Evalu...
Lessons Learned Collecting Most Significant Change Stories in an Impact Evalu...
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
 
Data Quality Review (DQR) Methods and Tools: Holistic, Country-Led Data Qual...
Data Quality Review (DQR) Methods and Tools: Holistic, Country-Led Data Qual...Data Quality Review (DQR) Methods and Tools: Holistic, Country-Led Data Qual...
Data Quality Review (DQR) Methods and Tools: Holistic, Country-Led Data Qual...
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 

Similar to Standards and Best Practices for Confidentiality of Electronic Health Records

Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
kayla_ann_30
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information Exchange
Trend Micro
 
Implementing The Affordable Care Act Essay
Implementing The Affordable Care Act EssayImplementing The Affordable Care Act Essay
Implementing The Affordable Care Act Essay
Michelle Love
 
Virtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docxVirtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docx
sheronlewthwaite
 
International Journal of Telerehabilitation • telere.docx
International Journal of Telerehabilitation • telere.docxInternational Journal of Telerehabilitation • telere.docx
International Journal of Telerehabilitation • telere.docx
tarifarmarie
 
Management information system in health care
Management information system in health careManagement information system in health care
Management information system in health care
NewNurseMaria
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentation
queeniejoy
 
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docxPSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
woodruffeloisa
 
HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU Simplified
Gretchen Husted
 
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-SystemAccenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Dr.Nilesh Sudam B
 
eHealth Practice in Europe: where do we stand?
eHealth Practice in Europe: where do we stand?eHealth Practice in Europe: where do we stand?
eHealth Practice in Europe: where do we stand?
chronaki
 

Similar to Standards and Best Practices for Confidentiality of Electronic Health Records (20)

Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
 
Mha 690 discussion 2 Seynabou
Mha 690 discussion 2 SeynabouMha 690 discussion 2 Seynabou
Mha 690 discussion 2 Seynabou
 
Health IT and OpenMRS
Health IT and OpenMRSHealth IT and OpenMRS
Health IT and OpenMRS
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information Exchange
 
Nursing Informatics
Nursing InformaticsNursing Informatics
Nursing Informatics
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:
 
Implementing The Affordable Care Act Essay
Implementing The Affordable Care Act EssayImplementing The Affordable Care Act Essay
Implementing The Affordable Care Act Essay
 
Virtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docxVirtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docx
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
 
International Journal of Telerehabilitation • telere.docx
International Journal of Telerehabilitation • telere.docxInternational Journal of Telerehabilitation • telere.docx
International Journal of Telerehabilitation • telere.docx
 
Emerose galvez
Emerose galvezEmerose galvez
Emerose galvez
 
Management information system in health care
Management information system in health careManagement information system in health care
Management information system in health care
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentation
 
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docxPSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
PSYC 3500 Strategies for Enhancing Learning and MemorySelf-Evalu.docx
 
HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU Simplified
 
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-SystemAccenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
Accenture-Singapore-Journey-to-Build-National-Electronic-Health-Record-System
 
Health Data Sharing Scene Setting
Health Data Sharing Scene Setting Health Data Sharing Scene Setting
Health Data Sharing Scene Setting
 
eHealth Practice in Europe: where do we stand?
eHealth Practice in Europe: where do we stand?eHealth Practice in Europe: where do we stand?
eHealth Practice in Europe: where do we stand?
 
Survey of open source health information systems
Survey of open source health information systemsSurvey of open source health information systems
Survey of open source health information systems
 
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
 

More from MEASURE Evaluation

Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
MEASURE Evaluation
 
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
MEASURE Evaluation
 

More from MEASURE Evaluation (20)

Managing missing values in routinely reported data: One approach from the Dem...
Managing missing values in routinely reported data: One approach from the Dem...Managing missing values in routinely reported data: One approach from the Dem...
Managing missing values in routinely reported data: One approach from the Dem...
 
Use of Routine Data for Economic Evaluations
Use of Routine Data for Economic EvaluationsUse of Routine Data for Economic Evaluations
Use of Routine Data for Economic Evaluations
 
Routine data use in evaluation: practical guidance
Routine data use in evaluation: practical guidanceRoutine data use in evaluation: practical guidance
Routine data use in evaluation: practical guidance
 
Tuberculosis/HIV Mobility Study: Objectives and Background
Tuberculosis/HIV Mobility Study: Objectives and BackgroundTuberculosis/HIV Mobility Study: Objectives and Background
Tuberculosis/HIV Mobility Study: Objectives and Background
 
How to improve the capabilities of health information systems to address emer...
How to improve the capabilities of health information systems to address emer...How to improve the capabilities of health information systems to address emer...
How to improve the capabilities of health information systems to address emer...
 
LCI Evaluation Uganda Organizational Network Analysis
LCI Evaluation Uganda Organizational Network AnalysisLCI Evaluation Uganda Organizational Network Analysis
LCI Evaluation Uganda Organizational Network Analysis
 
Using Organizational Network Analysis to Plan and Evaluate Global Health Prog...
Using Organizational Network Analysis to Plan and Evaluate Global Health Prog...Using Organizational Network Analysis to Plan and Evaluate Global Health Prog...
Using Organizational Network Analysis to Plan and Evaluate Global Health Prog...
 
Understanding Referral Networks for Adolescent Girls and Young Women
Understanding Referral Networks for Adolescent Girls and Young WomenUnderstanding Referral Networks for Adolescent Girls and Young Women
Understanding Referral Networks for Adolescent Girls and Young Women
 
Data for Impact: Lessons Learned in Using the Ripple Effects Mapping Method
Data for Impact: Lessons Learned in Using the Ripple Effects Mapping MethodData for Impact: Lessons Learned in Using the Ripple Effects Mapping Method
Data for Impact: Lessons Learned in Using the Ripple Effects Mapping Method
 
Local Capacity Initiative (LCI) Evaluation
Local Capacity Initiative (LCI) EvaluationLocal Capacity Initiative (LCI) Evaluation
Local Capacity Initiative (LCI) Evaluation
 
Development and Validation of a Reproductive Empowerment Scale
Development and Validation of a Reproductive Empowerment ScaleDevelopment and Validation of a Reproductive Empowerment Scale
Development and Validation of a Reproductive Empowerment Scale
 
Sustaining the Impact: MEASURE Evaluation Conversation on Maternal and Child ...
Sustaining the Impact: MEASURE Evaluation Conversation on Maternal and Child ...Sustaining the Impact: MEASURE Evaluation Conversation on Maternal and Child ...
Sustaining the Impact: MEASURE Evaluation Conversation on Maternal and Child ...
 
Using Most Significant Change in a Mixed-Methods Evaluation in Uganda
Using Most Significant Change in a Mixed-Methods Evaluation in UgandaUsing Most Significant Change in a Mixed-Methods Evaluation in Uganda
Using Most Significant Change in a Mixed-Methods Evaluation in Uganda
 
Lessons Learned In Using the Most Significant Change Technique in Evaluation
Lessons Learned In Using the Most Significant Change Technique in EvaluationLessons Learned In Using the Most Significant Change Technique in Evaluation
Lessons Learned In Using the Most Significant Change Technique in Evaluation
 
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
Malaria Data Quality and Use in Selected Centers of Excellence in Madagascar:...
 
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
Evaluating National Malaria Programs’ Impact in Moderate- and Low-Transmissio...
 
Improved Performance of the Malaria Surveillance, Monitoring, and Evaluation ...
Improved Performance of the Malaria Surveillance, Monitoring, and Evaluation ...Improved Performance of the Malaria Surveillance, Monitoring, and Evaluation ...
Improved Performance of the Malaria Surveillance, Monitoring, and Evaluation ...
 
Lessons learned in using process tracing for evaluation
Lessons learned in using process tracing for evaluationLessons learned in using process tracing for evaluation
Lessons learned in using process tracing for evaluation
 
Use of Qualitative Comparative Analysis in the Assessment of the Actionable D...
Use of Qualitative Comparative Analysis in the Assessment of the Actionable D...Use of Qualitative Comparative Analysis in the Assessment of the Actionable D...
Use of Qualitative Comparative Analysis in the Assessment of the Actionable D...
 
Sustaining the Impact: MEASURE Evaluation Conversation on Health Informatics
Sustaining the Impact: MEASURE Evaluation Conversation on Health InformaticsSustaining the Impact: MEASURE Evaluation Conversation on Health Informatics
Sustaining the Impact: MEASURE Evaluation Conversation on Health Informatics
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 

Recently uploaded (20)

Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 

Standards and Best Practices for Confidentiality of Electronic Health Records

  • 1. Primer: Standards and Best Practices for Confidentiality of Electronic Health Records Manish Kumar Sam Wambugu MEASURE Evaluation September28, 2015 Informatics Webinar
  • 2. Outline 1. Context 2. Situation in lower- and middle-income countries (LMIC) 3. Information systems for electronic health records (EHR) 4. Key concepts 5. Security, confidentiality, and privacy analysis 6. Global standards
  • 3. To describe key concepts, outline global standards, and suggest key steps for organizations to protect and manage access to and use of individual health information in electronic health records. Purpose
  • 4. “Ensuring the information is processed lawfully and fairly, and is kept secure, is a common value of everyone involved in health care.” − Policy Engagement Network IDRC − 2010
  • 5. Context  Strong health information systems (HIS) are critical for health systems strengthening  EHR systems are used for:  improving quality of care  reducing cost  enhancing patient mobility  better record keeping  enabling evidence-based medicine
  • 6. Context, cont.  Transition from paper-based to EHR poses challenges for privacy and confidentiality, security, and data integrity  Expertise on privacy and security aspects of eHealth systems in LMIC is lacking  Understanding of key concepts, standards, and security management practices is necessary
  • 7. Situation in LMIC  Most of the scientific literature is from developed country experiences  LMICs tend to lack legal and regulatory safeguards  International treaties and conventions may have been signed, but they are not enacted into laws  Where laws exist, regulations that give life to laws are absent  eHealth is not getting the same legislative momentum as e-Commerce and e-Government
  • 8. Method • Reviewed secondary literature • Literature search was limited to literature published in English and accessible through scientific databases. We used:  PubMed  MeSH (medical subject headings) for “Electronic Health Records” together with other pertinent keywords: privacy, security, confidentiality, protected health information, personally identifiable information
  • 9. eHealth systems 1. Electronic health records and electronic medical records that capture and store patient information 2. Laboratory information management systems 3. Prescription information systems within hospitals 4. Patient registration and scheduling systems 5. Systems for aggregating and reporting information, monitoring health programs, and tracking patients’ status 6. Clinical decision support systems 7. Patient reminder systems (for example: for prompting patients to take medications or visit a clinic) − mHealth 8. Systems for medical research Electronic systems with patient-identifiable information:
  • 10. Key concepts in EHR (1) Electronic Health Records Personal Health Information Individual Identifiable Health Information Privacy Security Confidentiality
  • 11. Key concepts in EHR (2) 1. Electronic health record (EHR) “One or more repositories, physically or virtually integrated, of information in computer processable form, relevant to the wellness, health, and healthcare of an individual, capable of being stored and communicated securely and of being accessible by multiple authorized users, represented according to a standardized or commonly agreed logical information model…” ISO 18308:2011 2. Personal health information “Personal health information is information about an identifiable person which relates to the physical or mental health of the individual, or to provision of health services to the individual…” ISO 27799
  • 12. Key concepts in EHR (3) 3. Individually identifiable health information “Information, including demographic information that relates to:  the individual’s past, present, or future physical or mental health or condition,  the provision of healthcare to the individual, or  the past, present, or future payment for the provision of healthcare to the individual…” −Health Insurance Portability and Accountability Act (HIPAA) of 1996
  • 13. Key concepts in EHR (4) 4. Privacy = individual’s right to decide about access to their personal information: what information to share, with whom to share, and how to share 5. Security = protection measures and tools that safeguards health information and health information systems from any unauthorized access to or modification of information, denial of service to authorized users, and provision of service to unauthorized users 6. Confidentiality is intertwined with privacy and security. It is a tool to protect privacy or an act of limiting disclosure of private matters.
  • 14. Security analysis Confidentiality, integrity, and availability triad of NIST
  • 15. Ensuring privacy, security, and confidentiality • Even though technology and standards are integral to security and privacy of health information in EHR, healthcare providers have the prime responsibility • Information security involves a number of non- technical factors: • organizational policy • human resources • communication networks • roles and processes • monitoring and compliance
  • 16. Global standards (1) • Health informatics standards are set by both international and national standard organizations.  ISO is the global authority for standards  European Committee for Standardization (CEN) is the European authority for standards  American National Standards Institute (ANSI), approves official national standards in the United States • Work of these standard organizations inform and influence each others’ standard development processes. • Adoption, implementation, and compliance to standards in a healthcare system is context-specific.
  • 17. Global standards (2)  Availability of international and national health informatics standards is critical but not enough to protect individual health information.  Information security involves a number of non-technical factors such as organizational policy, human resource, communication networks, roles and processes, monitoring and compliance  Inadequate identification and authentication of users, unauthorized access and inadequate monitoring of user activity, inappropriate disclosure, reporting requirements, and poor security are key sources of privacy breaches (Neame 2014)
  • 18. Conclusion • While EHR systems are vital to improved and continuity of care data privacy, security and confidentiality issues can create hurdles • To be effective, the principles of privacy, confidentiality, and security in the eHealth environment must be supported by local awareness and a strong national legal and regulatory footing • Awareness and understanding of related key concepts can create an enabling environment • National and international health informatics standards and legislation are essential
  • 19. MEASURE Evaluation is funded by the U.S. Agency for International Development (USAID) under terms of Cooperative Agreement AID-OAA-L-14-00004 and implemented by the Carolina Population Center, University of North Carolina at Chapel Hill in partnership with ICF International, John Snow, Inc., Management Sciences for Health, Palladium Group, and Tulane University. The views expressed in this presentation do not necessarily reflect the views of USAID or the United States government. www.measureevaluation.org For more information on MEASURE Evaluation’s work in health informatics, visit: www.cpc.unc.edu/measure/publications/fs-15-141