Guide to Healthcare Information Protection and Privacy for Executives
By Tim Godlove
()
About this ebook
The goal of today's healthcare organizations' information systems is open, interoperable, standards-compliant and secure information systems. As electronic data interchange (EDI) continues to gain acceptance and use, risks of protection of the confidentiality of private healthcare information have arisen. As the volume of stored healthcare information continues to grow, so too does the desire to access that
information. Insurers, employers, government papers, utilization review entities, researchers, government statisticians, peer-review bodies, and patients are all demonstrating an increased interest in healthcare information. There are some very real challenges implicit in electronic communications too which pose a further risk to the confidentiality of healthcare information.
Related to Guide to Healthcare Information Protection and Privacy for Executives
Related ebooks
Protecting Patient Information: A Decision-Maker's Guide to Risk, Prevention, and Damage Control Rating: 5 out of 5 stars5/5Textbook of Urgent Care Management: Chapter 36, Virtual Care Rating: 0 out of 5 stars0 ratingsPatient No Longer: Why Healthcare Must Deliver the Care Experience That Consumers Want and Expect Rating: 0 out of 5 stars0 ratingsCybersecurity for Healthcare Professionals Rating: 0 out of 5 stars0 ratingsHCISPP Study Guide Rating: 0 out of 5 stars0 ratingsProvider-Led Population Health Management: Key Strategies for Healthcare in the Cognitive Era Rating: 0 out of 5 stars0 ratingsHealthcare Insights: Better Care, Better Business Rating: 0 out of 5 stars0 ratingsData Makes the Difference: The Smart Nurse's Handbook for Using Data to Improve Care Rating: 0 out of 5 stars0 ratingsBefore Disrupting Healthcare Rating: 5 out of 5 stars5/5Practical Guide to Clinical Computing Systems: Design, Operations, and Infrastructure Rating: 0 out of 5 stars0 ratingsNotes on Population Health: The Healthcare Guys Rating: 0 out of 5 stars0 ratingsElectronic Health Records: Strategies for Long-Term Success Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsPrivileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations Rating: 0 out of 5 stars0 ratingsNewman's Certified Electronic Health Records Technician Study Guide Rating: 0 out of 5 stars0 ratingsClinical Informatics Literacy: 5000 Concepts That Every Informatician Should Know Rating: 0 out of 5 stars0 ratingsThe Big Unlock: Harnessing Data and Growing Digital Health Businesses in a Value-Based Care Era Rating: 0 out of 5 stars0 ratingsBehind the Healthcare Cost Curtain, there is an answer Rating: 0 out of 5 stars0 ratingsThe Successful and Audit-proof Medical Office: Second Edition Rating: 2 out of 5 stars2/5Revenue Cycle Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsManaging Privacy: Information Technology and Corporate America Rating: 0 out of 5 stars0 ratingsHealthcare Fraud War Rating: 0 out of 5 stars0 ratingsHealthcare Fraud: Auditing and Detection Guide Rating: 0 out of 5 stars0 ratingsHealth information exchange The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsProvider Revenue Cycle Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsAmerican Healthcare Reform: Fixing the Real Problems Rating: 0 out of 5 stars0 ratingsTextbook of Urgent Care Management: Chapter 8, Corporate Practice of Medicine and Other Legal Impediments Rating: 0 out of 5 stars0 ratingsHealth Management Information System A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsThe Citizen Patient: Reforming Health Care for the Sake of the Patient, Not the System Rating: 0 out of 5 stars0 ratings
Information Technology For You
Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Health Informatics: Practical Guide Rating: 0 out of 5 stars0 ratingsData Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5How to Write Effective Emails at Work Rating: 4 out of 5 stars4/5CompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsHacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsHow To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5Computer Science: A Concise Introduction Rating: 4 out of 5 stars4/5Inkscape Beginner’s Guide Rating: 5 out of 5 stars5/5An Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5Unity Game Development Essentials Rating: 5 out of 5 stars5/5Investigating Child Exploitation and Pornography: The Internet, Law and Forensic Science Rating: 5 out of 5 stars5/5Learning Website Development with Django Rating: 0 out of 5 stars0 ratingsPersonal Knowledge Graphs: Connected thinking to boost productivity, creativity and discovery Rating: 0 out of 5 stars0 ratingsSupercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Data Governance For Dummies Rating: 0 out of 5 stars0 ratingsThe Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5An Executive Guide to Identity Access Management - 2nd Edition Rating: 4 out of 5 stars4/5Computer Organization and Design: The Hardware / Software Interface Rating: 4 out of 5 stars4/5Panda3d 1.7 Game Developer's Cookbook Rating: 0 out of 5 stars0 ratingsSummary of Super-Intelligence From Nick Bostrom Rating: 5 out of 5 stars5/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5CompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratings
Reviews for Guide to Healthcare Information Protection and Privacy for Executives
0 ratings0 reviews
Book preview
Guide to Healthcare Information Protection and Privacy for Executives - Tim Godlove
Chapter 1
Healthcare Industry
Technology wants us, but what does it want for us? What do we get out of its long journey?
1.1 Introduction
The rapid changes in healthcare and information technology have effects on health information over traditional methods of maintaining health and medical information. The privacy and security risks of automating health information which allow patient records to be accessed by authorized medical personnel anywhere and at any time, are designed to provide a variety of benefits. The benefits claimed for electronic health records are that, by being able to quickly and accurately access a person's entire health history, errors will be drastically cut and patient care will be significantly improved. However, as with just about every trade-off in life, the good must be taken with the bad; and there are just as many disadvantages to electronic health records as there are benefits. The disadvantages stem from not only the lack of privacy and confidentially associated with these records, but also the inability to properly control who has access to them.
The healthcare industry is exceedingly diverse, consisting of various organizations such as small physician practices and large health systems, laboratories, pharmaceuticals, biomedical companies, private and public payers, regulators and public health organizations, all of which rely on the efficient and effective exchange of patient-related information. This chapter should assist in the understanding of the diversity of the healthcare industry, the types of technologies and flows of information that require various levels of protection, and how healthcare information is exchanged within the industry.
1.2 Understanding the Healthcare Industry
The healthcare industry is one that covers a broad range of topics and delves a multitude of social, scientific, economic and political concerns. This overview of the industry discusses issues such as the different types of healthcare organizations, healthcare technology, insurance, patient records, research, human resource management and various types of information and financial management.
As Healthcare has been thrust into the digital world and interest in healthcare grows exponentially, many issues pertaining to the accumulation of healthcare data have come to light. These include privacy and confidentiality, sharing of data, use of accumulated data for medical purposes, development of quality of care issues, protocols and guidelines. The Healthcare industry is undergoing unprecedented changes right now. The reforms of the Affordable Care Act, greater consumer choice, public and private exchanges, and new technology are all upending operating business models, as is a fundamental shift from the traditional fee-for-service approach to one based on quality and outcomes. These different ways of doing business have the potential to revamp the healthcare value chain and redistribute value among stakeholders, creating threats and opportunities for both payors and providers.
Achieving and maintaining compliance with the ever-changing privacy, security, and other regulations imposed by HIPAA and HITECH, as well as other federal and state privacy laws such as the Genetic Information Nondiscrimination Act (GINA) and state breach notification laws has increased the challenges of security and privacy compliance. The passage of HITECH dramatically changed the federal government’s approach to HIPAA by escalating enforcement and increasing penalties for non-compliance, while establishing burdensome new requirements for breach notification. This has increased the risks to both covered entities and their business associates.
1.2.1 Understanding the Healthcare Environment
The health care industry in America has become progressively more economically and politically driven. It has also been revolutionized by modern technology and scientific discovery. Simply put, it is a field undergoing perpetual change. Some of these changes have been positive, such as the ability to use wireless communication devices to diagnose housebound patients (Shi & Singh, 2005). From work to education and human interaction, the reach of the myriad technologies has increased the volume of information that is available, how it is shaped, understood and deployed, and how individuals and organizations interact.
Most aspects of modern life in the U.S. have been impacted by the proliferation of information and communications technology over the past three decades. Healthcare has woefully lagged adapting this technology and having it drive reorganization and reform. There are three ways that this technology can and will change health care. As the sixth largest economic undertaking in the world, health care is replete with countless administrative processes that, given the nature of the work, demand a high level of reliability. Automation of these processes, particularly when they occur within integrated systems, is the only way to achieve inexpensive, highly reliable exchanges of information ranging from the purely administrative to clinical records. Not surprisingly, this use of health IT is occurring first. Secondly, the process of clinical decision-making and support is improved dramatically as clinicians and consumers have access to new information tools and supports. This includes the movement of more traditional provider-patient interactions into new media and technology. As these tools first need to be developed and then accepted by professionals and patients, this part of the transition will lag behind the more purely administrative. Finally, the real revolution in health care IT will come with the full recognition that health care is essentially a knowledge-based business, and that knowledge widely and freely available to end users, the patient/consumer, will have profound impact on cost, efficacy, quality and access.
Others changes have not been so desirable, such as the exorbitant costs of health insurance, quality medical care and growing inequities in access to healthcare based on culture and income. As Heirich (1998) explains, Both the underlying ideas on which healthcare is based and the organization of care is changing, as is the way all this relates to larger social, economic, and political forces
(p. 343). Examining these forces requires looking at the components that comprise them.
1.2.2 Types of Organizations in the Healthcare Sector
The types of organizations in the healthcare sector are numerous. There are the actual healthcare providers, such as the doctors, nurses, dentists, psychologists and other types of practitioners that diagnose and/or treat patients. Then there are the pharmacists, pharmacies, pharmaceutical manufacturers and pharmaceutical marketers that deal with the medications involved in health care. There are also the manufacturers and distributors of medical supplies and technology, without whom the industry could not operate. The healthcare delivery organizations sector plays a central role in efforts to improve the use of evidence-based care. As entities that organize and employ physicians and other clinicians, deliver care to patients, and, in some cases, conduct research, sector members have opportunities to influence the generation and use of evidence through many channels.
Most notable these days are the insurance providers, both public and private, that not only determine if a patient’s treatments are covered but also determine how long he is allowed to stay in the hospital, what doctors he is allowed to see and just about everything related to medical care. Last but not least are the healthcare policymakers who pass laws on such things as banning smoking in public buildings, requiring changes in the nutritional value of school lunches and demanding wheelchair access ramps.
1.2.3 Health Information Technology
The effective and efficient management of health information is critical. As technology has continuously advanced, the ability to keep better patient records, create networks between providers and manage virtually all types of health related data has improved significantly. Technology has advanced to the point where data in almost any format is more easily collected than ever before. Information can be gathered about clients, health indicator/risk factors, statistics, demographics, mandated health reporting and so on.
Despite investing over $1.7 trillion annually in healthcare, the health system is plagued with inefficiency and poor quality. Better information systems could help. Overcoming these challenges requires ongoing investment in framework, standards, and policy development. Most providers lack the information systems necessary to coordinate a patient’s care with other providers, share needed information, monitor compliance with prevention and disease-management guidelines, and measure and improve performance. If most hospitals and doctors’ offices adopted health information technology, the potential efficiency savings for both inpatient and outpatient care could average over $77 billion per year.
A good example of health information technology and data management is the Electronic Health Record (EHR). The principle behind the system is that it collates information about individuals from different information systems; such as – registration, clinical records, laboratory and diagnostic imaging. The central idea is to be able to exchange health information across the healthcare system, thus providing information flow to improve quality and efficiency of care (Stead, Kelly & Kolodner, 2005).
1.2.4 Health Insurance (e.g., public vs. private, types, payment models)
According to Williams and Torrens (2010) the three categories of health insurance are Voluntary Health Insurance (VHI) which is private health insurance usually denoting current industrial employment
(p. 80); Social Health Insurance (SHI) which encompasses government sponsored insurance plans such as Medicare and Worker’s Compensation; and public welfare health care programs which medical treatment is provided free of charge.
The three methods for categorizing health insurance in the United States are: 1) by the typical combination of products; 2) by the type of organization sponsoring the coverage; and 3) by funding mechanism. The three types of managed care plans are: 1) Health Maintenance Organizations (HMO); 2) Preferred Provider Organizations (PPO); and 3) Point-of-Service (POS) plans (Williams & Torrens, 2010).
As managed care has grown, it has raised new concerns about the quality of health care being delivered, especially for Medicare and Medicaid patients. Under a fee-for-service system, people worried that unnecessary diagnostic tests and medical services were being ordered for patients and that the nation's health care costs were out of control. Overuse of services and inappropriate use of health care resources were viewed as the primary problem. Not surprisingly, managed care's financial incentives have the opposite effect (Ahking, Giaccotto & Santerre, 2009).
Currently, public and policymakers are concerned that patients are being denied access to medically needed care in efforts to save money, which is essentially the motivation for the controversial Obamacare
policies, which are really called the Patient Protection and Affordable Care Act (PPACA). According to Wheelan (2010) Some kind of health coverage for every citizen would mean fewer child deaths from asthma, fewer cancer deaths in minority communities and fewer veterans who depend on emergency rooms for their primary care.
Yet critics are concerned about where exactly the money will come from to pay for this care.
1.2.5 Coding
Coding is the use of standardized languages to categorize and describe medical data, particularly in terms of bioinformatics (i.e. identifying pathologies). One of the most noted coding systems in SNOMED, which stands for the Systematized Nomenclature of Medicine. SNOMED is extremely effective at coding the sort of information pathologists use - anatomical sites, clinical diagnoses, surgical procedures, causative agents. Used to its full potential, SNOMED is very versatile, but also very complicated. SNOMED was designed as a comprehensive nomenclature of clinical medicine for the purpose of accurately storing and/or retrieving records of clinical care in human and veterinary medicine.
ICD is the coding system used by the World Health Organization (WHO) to classify diseases and other health problems recorded on many types of health and vital records including death certificates and health records.
ICD stands for International Classification of Diseases. The most current version is ICD-10, meaning that it is the tenth version of the code. No earlier than October 1, 2015 the United States will adopt the latest version of medical codes by updating to ICD-10. Last updated in 1977 the new ICD-10 will increase the number of codes from approximately 13,600 to more than 144,000.
1.2.6 Billing, Payment, and Reimbursement
There are five different classifications for billing, payment and reimbursement. First is the profit-driven commercial health industry, which includes both multiline and single line carriers. Second are the Blue Cross/Blue Shield plans, which focus on providing insurance to cover hospital expenses (Williams & Torrens, 2010). Third is Health Maintenance Organization, or HMO, which Reuland (2002) describes as as a type of insurance where the members, also potential patients, pay a fixed monthly fee to their HMO in return for the financing and delivery of their medical services for a fixed period of time
(p. 297). The fourth type is self-funded or partially self-funded insurance. Finally, the fifth type is union sponsored or partially union sponsored insurance (Williams & Torrens, 2010).
HMOs are plans that furnish health care at a lower cost than traditional fee-for-service
plans. An HMO patient has to select a health care medical provider from a pre-determined list of providers within a specific medical group, each of whom has signed a contract in which they commit themselves to seeing patients at a reduced cost. Most HMO co-payments are between the range of $5 and $15 dollars (for an office visit) (Shi & Singh, 2005).
Funding mechanisms are divided into three different classifications. The first is full insurance which, remains the principle funding mechanism for the millions of small and medium size businesses
in America (Williams & Torrens, 2010, p. 113). The second is partial funding in which employers pay part of employees’ medical coverage. The third is self-insurance in which the individual is entirely responsible for his or her own coverage (Williams & Torrens, 2010).
1.2.7 Workflow Management
According to Ransom et al. (2008), "The Workflow Management Coalition (Hollingsworth 1995) defines workflow automation as the ‘computerized facilitation or automation of a business process, in whole or in part’." Automation clearly reduces personal involvement in the data collecting process.
But on the other hand, it provides many benefits which include time savings, cost savings, and increased accuracy. This is because these types of programs are specifically designed to provide a proficient and efficient way of tracking a variety of data.
As Ransom et al. (2008) explain, In the context of healthcare, workflow automation provides the ability to encapsulate other information technologies and services and make them available for incorporation into processes of care. Such services include surveys; outbound recorded telephone messages; outbound e-mail messages; printing and mailing of generic or tailored educational materials; outbound faxes; electronic pager or short text messaging; and requests for third-party telemonitoring, care management, and disease management programs.
1.2.8 Regulatory Environment (e.g., security, privacy, oversight)
The healthcare industry has to be regulated because ultimately, it is a business, and that means it has the potential for corruption, lack of attention to detail and irresponsibility. To regulate these critical issues, there is a regulatory body known as the JCAHO, which stands for The Joint Commission on the Accreditation of Healthcare Organizations. However it has recently changed its name to simply the Joint Commission
and is no longer known as the JCAHO. The purpose of the Joint Commission is to provide accreditation to health care organizations that meet its high list of standards, in order to ensure that patients are receiving the best quality of care and the highest level of safety.
When patients or other health care professionals see the Gold Seal that represents the Joint Commission’s accreditation, they know that they are looking at an organization that has impeccably high standards – otherwise they never would have passed the rigorous inspection process. Their seal of approval has a lot of meaning in the health care industry because as an independent, not-for-profit organization
they are completely objective. According to their website, The Joint Commission accredits and certifies more than 15,000 health care organizations and programs in the United States. Joint Commission accreditation and certification is recognized nationwide as a symbol of quality that reflects an organization’s commitment to meeting certain performance standards
(p. 1).
The HIPAA privacy rule which went into effect in 2003 for most healthcare providers ushered in a new era of privacy compliance. Prior to the implementation of the HIPAA privacy rule, healthcare providers, frequently with guidance from HIM professionals' expertise, were bound primarily by state-specific privacy laws that often focused on highly sensitive information such as behavioral health and HIV/AIDS. Although federal privacy laws existed, they were primarily limited to the Privacy Act of 1974 as well as the protection of substance abuse information, neither of which broadly affected health information.
Health reform will substantially impact how life sciences and health care organizations, regardless of sector, size, and region, realize their security and privacy objectives. Regardless of the regulatory forum, there will be significant pressure on organizations to meet challenges associated with the protection of personal health information (PHI). At the same time, health care organizations face increased collaboration and information sharing requirements both internally and externally, as well as competitive pressure to maximize investments in health information technology. Privacy & Security Health information technology promises a number of potential benefits for individuals, health care providers, and the nation’s health care system. It has the ability to advance clinical care, improve population health, and reduce costs. At the same time, this environment also poses new challenges and opportunities for protecting individually identifiable health information.
1.2.9 Patient Care and Safety
Patient care and safety are of the utmost importance. When a patient is hospitalized, he often receives care from many different healthcare professionals, and in a variety of different settings. If for example a patient has a heart attack and calls 9-11, first the EMTs will arrive and administer some form of treatment in the home, such as dispensing aspirin or nitrogen pills, then hooking the patient up to a mobile respirator and transporting him to the EMT vehicle. Once inside the ambulance, the patient may be administered additional services depending on his state.
Once the patient arrives at the hospital, he will likely go to the emergency room where a different set of practitioners will work on him. If he goes into surgery, he will be transported again, then seen and treated by the anesthesiologist, then surgeons, then nurses in the recovery ward and then ward nurses when he is moved to a hospital room.
With all of these hand offs
or handovers
going on, mistakes can be made and quality of care can be jeopardized.