Beyond the HIPAA Privacy Rule

Author: Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule
Publisher: National Academies Press
ISBN: 9780309124997
Release Date: 2009-02-24
Genre: Computers

In the realm of health care, privacy protections are needed to preserve patients' dignity and prevent possible harms. Ten years ago, to address these concerns as well as set guidelines for ethical health research, Congress called for a set of federal standards now known as the HIPAA Privacy Rule. In its 2009 report, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research, the Institute of Medicine's Committee on Health Research and the Privacy of Health Information concludes that the HIPAA Privacy Rule does not protect privacy as well as it should, and that it impedes important health research.

Beyond the HIPAA Privacy Rule

Author: Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule
Publisher: National Academies Press
ISBN: 9780309141376
Release Date: 2009-02-24
Genre: Medical

In the realm of health care, privacy protections are needed to preserve patients' dignity and prevent possible harms. Ten years ago, to address these concerns as well as set guidelines for ethical health research, Congress called for a set of federal standards now known as the HIPAA Privacy Rule. In its 2009 report, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research, the Institute of Medicine's Committee on Health Research and the Privacy of Health Information concludes that the HIPAA Privacy Rule does not protect privacy as well as it should, and that it impedes important health research.

Effect of the HIPAA Privacy Rule on Health Research

Author: Institute of Medicine
Publisher: National Academies Press
ISBN: 9780309102919
Release Date: 2006-09-20
Genre: Medical

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted to improve the portability and continuity of health insurance; promote medical savings accounts; improve access to long-term care services and coverage; and simplify the administration of health insurance. HIPAA's Administrative Simplification provisions focus on facilitating the electronic exchange of information for financial and administrative functions related to patient care. However, the very advances that make it easier to transmit information also present challenges to preserving the confidentiality of potentially sensitive personal information contained in medical records. In 2003, the President's Cancer Panel discovered HIPAA Privacy Rule slowed research on cancer survivors, as well as causing increased bureaucracy, informed consent problems, and complications for clinical trials. Effect of the HIPAA Privacy Rule on Health Research evaluates the impact of HIPAA provisions and provides guidance to legislators on amendments needed to make this law better serve the interests of cancer survivors and others.

The Practical Guide to HIPAA Privacy and Security Compliance Second Edition

Author: Rebecca Herold
Publisher: CRC Press
ISBN: 9781439855591
Release Date: 2014-10-20
Genre: Business & Economics

Following in the footsteps of its bestselling predecessor, The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition is a one-stop, up-to-date resource on Health Insurance Portability and Accountability Act (HIPAA) privacy and security, including details on the HITECH Act, the 2013 Omnibus Rule, and the pending rules. Updated and revised with several new sections, this edition defines what HIPAA is, what it requires, and what you need to do to achieve compliance. The book provides an easy-to-understand overview of HIPAA privacy and security rules and compliance tasks. Supplying authoritative insights into real-world HIPAA privacy and security issues, it summarizes the analysis, training, and technology needed to properly plan and implement privacy and security policies, training, and an overall program to manage information risks. Instead of focusing on technical jargon, the book spells out what your organization must do to achieve and maintain compliance requirements on an ongoing basis.

Building a HIPAA Compliant Cybersecurity Program

Author: Eric C. Thompson
Publisher: Apress
ISBN: 9781484230602
Release Date: 2017-11-11
Genre: Computers

Use this book to learn how to conduct a timely and thorough Risk Analysis and Assessment documenting all risks to the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI), which is a key component of the HIPAA Security Rule. The requirement is a focus area for the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) during breach investigations and compliance audits. This book lays out a plan for healthcare organizations of all types to successfully comply with these requirements and use the output to build upon the cybersecurity program. With the proliferation of cybersecurity breaches, the number of healthcare providers, payers, and business associates investigated by the OCR has risen significantly. It is not unusual for additional penalties to be levied when victims of breaches cannot demonstrate that an enterprise-wide risk assessment exists, comprehensive enough to document all of the risks to ePHI. Why is it that so many covered entities and business associates fail to comply with this fundamental safeguard? Building a HIPAA Compliant Cybersecurity Program cuts through the confusion and ambiguity of regulatory requirements and provides detailed guidance to help readers: Understand and document all known instances where patient data exist Know what regulators want and expect from the risk analysis process Assess and analyze the level of severity that each risk poses to ePHI Focus on the beneficial outcomes of the process: understanding real risks, and optimizing deployment of resources and alignment with business objectives What You’ll Learn Use NIST 800-30 to execute a risk analysis and assessment, which meets the expectations of regulators such as the Office for Civil Rights (OCR) Understand why this is not just a compliance exercise, but a way to take back control of protecting ePHI Leverage the risk analysis process to improve your cybersecurity program Know the value of integrating technical assessments to further define risk management activities Employ an iterative process that continuously assesses the environment to identify improvement opportunities Who This Book Is For Cybersecurity, privacy, and compliance professionals working for organizations responsible for creating, maintaining, storing, and protecting patient information

For the Record

Author: Commission on Physical Sciences, Mathematics, and Applications
Publisher: National Academies Press
ISBN: 9780309056977
Release Date: 1997-06-09
Genre: Medical

When you visit the doctor, information about you may be recorded in an office computer. Your tests may be sent to a laboratory or consulting physician. Relevant information may be transmitted to your health insurer or pharmacy. Your data may be collected by the state government or by an organization that accredits health care or studies medical costs. By making information more readily available to those who need it, greater use of computerized health information can help improve the quality of health care and reduce its costs. Yet health care organizations must find ways to ensure that electronic health information is not improperly divulged. Patient privacy has been an issue since the oath of Hippocrates first called on physicians to "keep silence" on patient matters, and with highly sensitive data--genetic information, HIV test results, psychiatric records--entering patient records, concerns over privacy and security are growing. For the Record responds to the health care industry's need for greater guidance in protecting health information that increasingly flows through the national information infrastructure--from patient to provider, payer, analyst, employer, government agency, medical product manufacturer, and beyond. This book makes practical detailed recommendations for technical and organizational solutions and national-level initiatives. For the Record describes two major types of privacy and security concerns that stem from the availability of health information in electronic form: the increased potential for inappropriate release of information held by individual organizations (whether by those with access to computerized records or those who break into them) and systemic concerns derived from open and widespread sharing of data among various parties. The committee reports on the technological and organizational aspects of security management, including basic principles of security; the effectiveness of technologies for user authentication, access control, and encryption; obstacles and incentives in the adoption of new technologies; and mechanisms for training, monitoring, and enforcement. For the Record reviews the growing interest in electronic medical records; the increasing value of health information to providers, payers, researchers, and administrators; and the current legal and regulatory environment for protecting health data. This information is of immediate interest to policymakers, health policy researchers, patient advocates, professionals in health data management, and other stakeholders.

Health Data in the Information Age

Author: Institute of Medicine (U.S.). Committee on Regional Health Data Networks
Publisher: National Academies
ISBN: NAP:13823
Release Date: 1994-01-01
Genre: Business & Economics

Regional health care databases are being established around the country with the goal of providing timely and useful information to policymakers, physicians, and patients. But their emergence is raising important and sometimes controversial questions about the collection, quality, and appropriate use of health care data. This book provides a clear set of guidelines and principles for exploiting the potential benefits of aggregated health data--without jeopardizing confidentiality. Index.

Privacy Research and Best Practices

Author: National Academies of Sciences, Engineering, and Medicine
Publisher: National Academies Press
ISBN: 9780309389228
Release Date: 2016-02-24
Genre: Computers

Recent disclosures about the bulk collection of domestic phone call records and other signals intelligence programs have stimulated widespread debate about the implications of such practices for the civil liberties and privacy of Americans. In the wake of these disclosures, many have identified a need for the intelligence community to engage more deeply with outside privacy experts and stakeholders. At the request of the Office of the Director of National Intelligence, the National Academies of Sciences, Engineering, and Medicine convened a workshop to address the privacy implications of emerging technologies, public and individual preferences and attitudes toward privacy, and ethical approaches to data collection and use. This report summarizes discussions between experts from academia and the private sector and from the intelligence community on private sector best practices and privacy research results.

Conducting Biosocial Surveys

Author: Panel on Collecting, Storing, Accessing, and Protecting Biological Specimens and Biodata in Social Surveys
Publisher: National Academies Press
ISBN: 9780309157063
Release Date: 2010-09-02
Genre: Computers

Recent years have seen a growing tendency for social scientists to collect biological specimens such as blood, urine, and saliva as part of large-scale household surveys. By combining biological and social data, scientists are opening up new fields of inquiry and are able for the first time to address many new questions and connections. But including biospecimens in social surveys also adds a great deal of complexity and cost to the investigator's task. Along with the usual concerns about informed consent, privacy issues, and the best ways to collect, store, and share data, researchers now face a variety of issues that are much less familiar or that appear in a new light. In particular, collecting and storing human biological materials for use in social science research raises additional legal, ethical, and social issues, as well as practical issues related to the storage, retrieval, and sharing of data. For example, acquiring biological data and linking them to social science databases requires a more complex informed consent process, the development of a biorepository, the establishment of data sharing policies, and the creation of a process for deciding how the data are going to be shared and used for secondary analysis--all of which add cost to a survey and require additional time and attention from the investigators. These issues also are likely to be unfamiliar to social scientists who have not worked with biological specimens in the past. Adding to the attraction of collecting biospecimens but also to the complexity of sharing and protecting the data is the fact that this is an era of incredibly rapid gains in our understanding of complex biological and physiological phenomena. Thus the tradeoffs between the risks and opportunities of expanding access to research data are constantly changing. Conducting Biosocial Surveys offers findings and recommendations concerning the best approaches to the collection, storage, use, and sharing of biospecimens gathered in social science surveys and the digital representations of biological data derived therefrom. It is aimed at researchers interested in carrying out such surveys, their institutions, and their funding agencies.

Proposed Revisions to the Common Rule for the Protection of Human Subjects in the Behavioral and Social Sciences

Author: National Research Council
Publisher: National Academies Press
ISBN: 9780309298094
Release Date: 2014-03-31
Genre: Social Science

Proposed Revisions to the Common Rule for the Protection of Human Subjects in the Behavioral and Social Sciences examines how to update human subjects protections regulations so that they effectively respond to current research contexts and methods. With a specific focus on social and behavioral sciences, this consensus report aims to address the dramatic alterations in the research landscapes that institutional review boards (IRBs) have come to inhabit during the past 40 years. The report aims to balance respect for the individual persons whose consent to participate makes research possible and respect for the social benefits that productive research communities make possible. The ethics of human subjects research has captured scientific and regulatory attention for half a century. To keep abreast of the universe of changes that factor into the ethical conduct of research today, the Department of Health and Human Services published an Advance Notice of Proposed Rulemaking (ANPRM) in July 2011. Recognizing that widespread technological and societal transformations have occurred in the contexts for and conduct of human research since the passage of the National Research Act of 1974, the ANPRM revisits the regulations mandated by the Act in a correspondingly comprehensive manner. Its proposals aim to modernize the Common Rule and to improve the efficiency of the work conducted under its auspices. Proposed Revisions to the Common Rule for the Protection of Human Subjects in the Behavioral and Social Sciences identifies issues raised in the ANPRM that are critical and feasible for the federal government to address for the protection of participants and for the advancement of the social and behavioral sciences. For each identified issue, this report provides guidance for IRBs on techniques to address it, with specific examples and best practice models to illustrate how the techniques would be applied to different behavioral and social sciences research procedures.

Guide to the De Identification of Personal Health Information

Author: Khaled El Emam
Publisher: CRC Press
ISBN: 9781482218800
Release Date: 2013-04-12
Genre: Business & Economics

Offering compelling practical and legal reasons why de-identification should be one of the main approaches to protecting patients’ privacy, the Guide to the De-Identification of Personal Health Information outlines a proven, risk-based methodology for the de-identification of sensitive health information. It situates and contextualizes this risk-based methodology and provides a general overview of its steps. The book supplies a detailed case for why de-identification is important as well as best practices to help you pin point when it is necessary to apply de-identification in the disclosure of personal health information. It also: Outlines practical methods for de-identification Describes how to measure re-identification risk Explains how to reduce the risk of re-identification Includes proofs and supporting reference material Focuses only on transformations proven to work on health information—rather than covering all possible approaches, whether they work in practice or not Rated the top systems and software engineering scholar worldwide by The Journal of Systems and Software, Dr. El Emam is one of only a handful of individuals worldwide qualified to de-identify personal health information for secondary use under the HIPAA Privacy Rule Statistical Standard. In this book Dr. El Emam explains how we can make health data more accessible—while protecting patients’ privacy and complying with current regulations.

Protecting Data Privacy in Health Services Research

Author: Division of Health Care Services
Publisher: National Academies Press
ISBN: 9780309071871
Release Date: 2000-12-13
Genre: Computers

The need for quality improvement and for cost saving are driving both individual choices and health system dynamics. The health services research that we need to support informed choices depends on access to data, but at the same time, individual privacy and patient-health care provider confidentiality must be protected.

Privacy and the Past

Author: Susan C. Lawrence
Publisher: Rutgers University Press
ISBN: 9780813574370
Release Date: 2016-05-11
Genre: Medical

When the new HIPAA privacy rules regarding the release of health information took effect, medical historians suddenly faced a raft of new ethical and legal challenges—even in cases where their subjects had died years, or even a century, earlier. In Privacy and the Past, medical historian Susan C. Lawrence explores the impact of these new privacy rules, offering insight into what historians should do when they research, write about, and name real people in their work. Lawrence offers a wide-ranging and informative discussion of the many issues involved. She highlights the key points in research ethics that can affect historians, including their ethical obligations to their research subjects, both living and dead, and she reviews the range of federal laws that protect various kinds of information. The book discusses how the courts have dealt with privacy in contexts relevant to historians, including a case in which a historian was actually sued for a privacy violation. Lawrence also questions who gets to decide what is revealed and what is kept hidden in decades-old records, and she examines the privacy issues that archivists consider when acquiring records and allowing researchers to use them. She looks at how demands to maintain individual privacy both protect and erase the identities of people whose stories make up the historical record, discussing decisions that historians have made to conceal identities that they believed needed to be protected. Finally, she encourages historians to vigorously resist any expansion of regulatory language that extends privacy protections to the dead. Engagingly written and powerfully argued, Privacy and the Past is an important first step in preventing privacy regulations from affecting the historical record and the ways that historians write history.

Improving the Quality of Health Care for Mental and Substance Use Conditions

Author: Institute of Medicine
Publisher: National Academies Press
ISBN: 0309133661
Release Date: 2006-03-29
Genre: Medical

Each year, more than 33 million Americans receive health care for mental or substance-use conditions, or both. Together, mental and substance-use illnesses are the leading cause of death and disability for women, the highest for men ages 15-44, and the second highest for all men. Effective treatments exist, but services are frequently fragmented and, as with general health care, there are barriers that prevent many from receiving these treatments as designed or at all. The consequences of this are seriousâ€"for these individuals and their families; their employers and the workforce; for the nation’s economy; as well as the education, welfare, and justice systems. Improving the Quality of Health Care for Mental and Substance-Use Conditions examines the distinctive characteristics of health care for mental and substance-use conditions, including payment, benefit coverage, and regulatory issues, as well as health care organization and delivery issues. This new volume in the Quality Chasm series puts forth an agenda for improving the quality of this care based on this analysis. Patients and their families, primary health care providers, specialty mental health and substance-use treatment providers, health care organizations, health plans, purchasers of group health care, and all involved in health care for mental and substanceâ€"use conditions will benefit from this guide to achieving better care.

Clinical Data as the Basic Staple of Health Learning

Author: IOM Roundtable on Evidence-Based Medicine (Series); Institute of Medicine
Publisher: National Academies Press
ISBN: 9780309120609
Release Date: 2010-12-14
Genre: Medical

Successful development of clinical data as an engine for knowledge generation has the potential to transform health and health care in America. As part of its Learning Health System Series, the Roundtable on Value & Science-Driven Health Care hosted a workshop to discuss expanding the access to and use of clinical data as a foundation for care improvement.