scholarly journals HIPAA Breach Report for October 2017

2018 ◽  
Vol 2 (6) ◽  
Author(s):  
Hoala Greevy
Keyword(s):  
Health Insurance ◽  
Medical History ◽  
Health Information ◽  
Patient Information ◽  
Medical Records ◽  
Protected Health Information ◽  
Test Results ◽  
Hipaa Compliance ◽  
Covered Entity ◽  
Hipaa Privacy Rule

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule uses Protected Health Information (PHI) to define the type of patient information that’s protected by law.1 PHI is an important factor for HIPAA compliance. PHI isn’t confined to medical records and test results. Any information distributed by a business associate that can identify a patient and is used or disclosed to a covered entity during the course of care is considered PHI. Even if that information doesn’t reveal a patient’s medical history, it is still considered PHI.

Maturing an Information Technology Privacy Program

2020 ◽  
pp. 125-143
Author(s):  
Mike Gregory ◽  
Cynthia Roberts
Keyword(s):  
Information Technology ◽  
Health Insurance ◽  
Health Information ◽  
Maturity Model ◽  
Protected Health Information ◽  
Healthcare Organizations ◽  
Privacy And Security ◽  
Security Standards ◽  
Financial Transactions ◽  
Administrative Simplification

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was initially enacted as an administrative simplification to standardize electronic transmission of common administrative and financial transactions. The program also calls for implementation specifications regarding privacy and security standards to protect the confidentiality and integrity of individually identifiable health information or protected health information. The Affordable Care Act further expanded many of the protective provisions set forth by HIPAA. Since its implementation, healthcare organizations around the nation have invested billions of dollars and have cycled through numerous program attempts aimed at meeting these standards. This chapter reviews the process taken by one organization to review the privacy policy in place utilizing a maturity model, identify deficiencies, and lead change in order to heighten the maturity of the system. The authors conclude with reflection related to effectiveness of the process as well as implications for practice.

Security

2011 ◽  
pp. 228-273
Author(s):  
Roy Rada
Keyword(s):  
United States ◽  
Health Information ◽  
The United States ◽  
Protected Health Information ◽  
Security Measures ◽  
Privacy And Security ◽  
Privacy Rule ◽  
Global Concern ◽  
Covered Entity ◽  
Security Rule

Privacy and security of health information is a global concern. However, this chapter will focus on approaches to security in the United States. In particular, the federal regulation of security in the form of the Security Rule will be studied. The HIPAA Security Rule details the system and administrative requirements that a covered entity must meet in order to assure that health information is safe from people without authorization for its access. By contrast, the Privacy Rule describes the requirements that govern the circumstances under which protected health information must be used or disclosed with and without patient involvement and when a patient may have access to his or her protected health information. The implementation of reasonable and appropriate security measures supports compliance with the Privacy Rule.

scholarly journals Linking temporal medical records using non-protected health information data

2017 ◽  
Vol 27 (11) ◽  
pp. 3304-3324 ◽  
Author(s):  
Luca Bonomi ◽  
Xiaoqian Jiang
Keyword(s):  
Data Integration ◽  
Health Information ◽  
Record Linkage ◽  
Medical Records ◽  
Data Reuse ◽  
Patient Records ◽  
Protected Health Information ◽  
Integration Process ◽  
Unique Identifier ◽  
Novel Approach

Modern medical research relies on multi-institutional collaborations which enhance the knowledge discovery and data reuse. While these collaborations allow researchers to perform analytics otherwise impossible on individual datasets, they often pose significant challenges in the data integration process. Due to the lack of a unique identifier, data integration solutions often have to rely on patient’s protected health information (PHI). In many situations, such information cannot leave the institutions or must be strictly protected. Furthermore, the presence of noisy values for these attributes may result in poor overall utility. While much research has been done to address these challenges, most of the current solutions are designed for a static setting without considering the temporal information of the data (e.g. EHR). In this work, we propose a novel approach that uses non-PHI for linking patient longitudinal data. Specifically, our technique captures the diagnosis dependencies using patterns which are shown to provide important indications for linking patient records. Our solution can be used as a standalone technique to perform temporal record linkage using non-protected health information data or it can be combined with Privacy Preserving Record Linkage solutions (PPRL) when protected health information is available. In this case, our approach can solve ambiguities in results. Experimental evaluations on real datasets demonstrate the effectiveness of our technique.

HIPAA Privacy Rule 2.0

2013 ◽  
Vol 41 (2) ◽  
pp. 525-528 ◽  
Author(s):  
Mark A. Rothstein
Keyword(s):  
Information Technology ◽  
Health Insurance ◽  
Health Information ◽  
Genetic Information ◽  
Human Services ◽  
Health And Human Services ◽  
Privacy Rule ◽  
Department Of Health ◽  
Hitech Act ◽  
Hipaa Privacy Rule

On January 25, 2013, the Federal Register published the Department of Health and Human Services (HHS) omnibus amendments to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Enforcement, and Breach Notification Rules. These modifications also include the final versions of the HIPAA regulation amendments mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and the Genetic Information Nondiscrimination Act (GINA). Although the amended rules were effective on March 26, 2013, covered entities and their business associates (which now have direct liability for violations of the regulations) have a compliance date of September 23, 2013.It has been 10 years since the April 14, 2003 compliance date for the original HIPAA Privacy Rule. Despite HHS’ clarification of some issues by posting answers to frequently asked questions (FAQs), there have been no significant amendments to the Privacy Rule since 2003.

Patient Data De-Identification

2020 ◽  
pp. 991-1010 ◽  
Author(s):  
Shweta Yadav ◽  
Asif Ekbal ◽  
Sriparna Saha ◽  
Parth S Pathak ◽  
Pushpak Bhattacharyya
Keyword(s):  
Health Information ◽  
Medical Records ◽  
Patient Data ◽  
Supervised Machine Learning ◽  
Automatic Identification ◽  
Protected Health Information ◽  
Final Recall ◽  
Clinical Text ◽  
Insight Into ◽  
Significant Attention

With the rapid increment in the clinical text, de-identification of patient Protected Health Information (PHI) has drawn significant attention in recent past. This aims for automatic identification and removal of the patient Protected Health Information from medical records. This paper proposes a supervised machine learning technique for solving the problem of patient data de- identification. In the current paper, we provide an insight into the de-identification task, its major challenges, techniques to address challenges, detailed analysis of the results and direction of future improvement. We extract several features by studying the properties of the datasets and the domain. We build our model based on the 2014 i2b2 (Informatics for Integrating Biology to the Bedside) de-identification challenge. Experiments show that the proposed system is highly accurate in de-identification of the medical records. The system achieves the final recall, precision and F-score of 95.69%, 99.31%, and 97.46%, respectively.

Maturing an Information Technology Privacy Program

2021 ◽  
pp. 2008-2022
Author(s):  
Mike Gregory ◽  
Cynthia Roberts
Keyword(s):  
Information Technology ◽  
Health Insurance ◽  
Health Information ◽  
Maturity Model ◽  
Protected Health Information ◽  
Healthcare Organizations ◽  
Privacy And Security ◽  
Security Standards ◽  
Financial Transactions ◽  
Administrative Simplification

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was initially enacted as an administrative simplification to standardize electronic transmission of common administrative and financial transactions. The program also calls for implementation specifications regarding privacy and security standards to protect the confidentiality and integrity of individually identifiable health information or protected health information. The Affordable Care Act further expanded many of the protective provisions set forth by HIPAA. Since its implementation, healthcare organizations around the nation have invested billions of dollars and have cycled through numerous program attempts aimed at meeting these standards. This chapter reviews the process taken by one organization to review the privacy policy in place utilizing a maturity model, identify deficiencies, and lead change in order to heighten the maturity of the system. The authors conclude with reflection related to effectiveness of the process as well as implications for practice.

HIPAA 101 for the Private Practitioner

2017 ◽  
pp. 477-491
Author(s):  
Lorna Hecker
Keyword(s):  
Risk Assessment ◽  
Health Insurance ◽  
Health Information ◽  
Private Practitioner ◽  
Protected Health Information ◽  
Security Risk ◽  
Hitech Act ◽  
Security Risk Assessment ◽  
Definition Of ◽  
Security Regulations

This chapter introduces basic requirements of the Health Insurance Portability and Accountability Act (HIPAA), including privacy regulations applicable to HIPAA-covered entities and security regulations applicable to both HIPAA-covered entities and business associates. The privacy regulations covered in this chapter include the definition of psychotherapy notes under HIPAA regulations, the “minimum necessary” requirement, HIPAA authorizations, personal representatives, and the need for an accounting of certain disclosures of client’s protected health information. Also explored is the interaction and state law and HIPAA regulations, especially in relation to the practitioner’s Notice of Privacy Practices. The security regulation’s administrative, physical, and technical safeguards are discussed, including an introduction to the HIPAA required security risk assessment. Also explained is the breach notification law that was enacted through the 2009 Health Information Economic and Clinical Health (HITECH) Act.

scholarly journals Optimizing the Sensitivity of the Head Thrust Test for Identifying Vestibular Hypofunction

2004 ◽  
Vol 84 (2) ◽  
pp. 151-158 ◽  
Author(s):  
Michael C Schubert ◽  
Ronald J Tusa ◽  
Lawrence E Grine ◽  
Susan J Herdman
Keyword(s):  
Health Information ◽  
Sensitivity And Specificity ◽  
Semicircular Canal ◽  
Medical Records ◽  
Semicircular Canals ◽  
Test Results ◽  
Lateral Semicircular Canal ◽  
Ocular Reflex ◽  
Vestibular Hypofunction ◽  
Vestibulo Ocular Reflex

Abstract Background and Purpose. The head thrust test (HTT) is used to assess the vestibulo-ocular reflex. Sensitivity and specificity for diagnosing unilateral vestibular hypofunction (UVH) in patients following vestibular ablation is excellent (100%), although sensitivity is lower (35%–39%) for patients with nonsurgically induced UVH. The variability of the test results may be from moving the subject's head outside the plane of the lateral semicircular canals as well as using a head thrust of predictable timing and direction. The purpose of this study was to examine sensitivity and specificity of the horizontal HTT in identifying patients with UVH and bilateral vestibular hypofunction (BVH) when the head was flexed 30 degrees in attempt to induce acceleration primarily in the lateral semicircular canal and the head was moved unpredictably. Subjects. The medical records of 176 people with and without vestibular dysfunction (n=79 with UVH, n=32 with BVH, and n=65 with nonvestibular dizziness) were studied. Methods. Data were retrospectively tabulated from a de-identified database (ie, with health information stripped of all identifiers). Results. Sensitivity of the HTT for identifying vestibular hypofunction was 71% for UVH and 84% for BVH. Specificity was 82%. Discussion and Conclusion. Ensuring the head is pitched 30 degrees down and thrust with an unpredictable timing and direction appears to improve sensitivity of the HTT.

Sign in / Sign up

Export Citation Format

Share Document