MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION

of 18

Please download to get full document.

View again

All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
PDF
18 pages
0 downs
0 views
Share
Description
MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION. September 2, 2006 Frank E. Ferrante , MSEE, MSEPP President FEFGroup, LLC Past Chair, Medical Technology Policy Committee IEEE-USA, Washington, DC Presented at 28th IEEE EMBS Annual International Conference
Transcript
MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATIONSeptember 2, 2006Frank E. Ferrante, MSEE, MSEPPPresident FEFGroup, LLCPast Chair, Medical Technology Policy CommitteeIEEE-USA, Washington, DCPresented at28th IEEE EMBS Annual International ConferenceAug 30-Sept. 3, 2006, New York City, New York, USAOutline
  • Why Electronic Medical Records?
  • Software Sample/hardware samples
  • Barriers/Standards for EHR
  • HIPAA Security and Privacy Regulations
  • Medical data transmission requirements
  • Wireline and Wireless Telecommunications Services Security
  • Security of Patient Medical Records
  • References
  • Why Electronic Medical Records (EMRs)
  • Time spent filing and pulling patient charts, searching for charts
  • Time re-creating records if destroyed by natural disaster or accident
  • Cost of supplies to maintain charts
  • Cost of facility space for records (can better use of space be made?)
  • Storage and Backup Cost
  • Transcription services cost
  • Cost of doing nothing today
  • Better Security/Privacy Maintainable
  • Software/Hardware Supporting Digital Medical Records
  • Electronic Medical Record (EMR)Software
  • Soapware - check it out $300 Starting Price see: http://soapware.com/
  • e-MDs Electronic Medical Record Support Software http://www.e-mds.com
  • a4Healthsystems EMR and Access systems http://www.a4healthsystems.com
  • Companion Technologies http://www.companiontechnologies.com
  • Security and Privacy - all EMRs must be protected
  • Sample approach: indigenous authentication of digital information (US Patent 6,757,828 B1 of June 29, 2004) by Signa2 http://www.gjtdc.com
  • Backup routinely onto remote servers or storage offerings
  • What are the Barriers to EHR and e-Health Implementation?*
  • Lack of a Unique Personal Identifier
  • Lack of HIPAA Compliant Middleware
  • Lack of Incentives
  • No Paradigm or “First Mover” for Some System Components
  • Evolving Standards
  • Disincentives
  • Lack of an NHIN Architecture
  • [Fear of Cost/Benefit]
  • * [Corr 06]Barriers and SolutionsIdentifiers and Middleware
  • Lack of a Unique Personal Identifier:
  • Solutions:
  • Voluntary Personal Healthcare Identifier (IEEE-USA Voluntary Healthcare Identifier Position Statement, 17 June 2004)
  • Center for Certification of Health Information Technology Multiple ID Approach (Provider ID + Provider Unique Personal ID)
  • DOD Common Access Card Model
  • Lack of HIPAA Compliant Middleware:
  • Solutions:
  • RHIO Contracts
  • Marketplace Solutions
  • Shortcomings:
  • Public Health and Research Interfaces may not be included
  • HIPAA compliantIdentification, Authentication, and Access* [Corr 2006]EHR Standards Evolution*
  • International Statistical Classification of Diseases and Related Health Problems (ICD) from ICD-9 to ICD-10
  • ASCI X12 Version 4010 to ASCI X12 Version 5010 (HIPAA Business Transactions)
  • National Council for Prescription Drug Programs Telecommunication Standards from version 5.1 to version D.0
  • Conversion of all standards to XML
  • * [Corr 06]HIPAA Security and Privacy Regulations
  • Health Insurance Portability Assurance Act (HIPAA)
  • Security - Required stronger and more focused provision of security around medical information (supports maintaining of information privacy)
  • Privacy - Enforces increase in privacy protections for medical information (Not just speaking privacy- required under penalty if failure occurs)
  • Electronic Medical Record (EMR) Data Requirements
  • Page of text for entering and storing non-image information
  • Less than 64 Kbytes(large file)
  • Image Data
  • (Refer to estimate table)
  • Medical Images Data Transmission Requirements**Source: Ferrante, F.E.,“Evolving Telemedicine/eHealth Technology,” Telemedicine and e-Health, Vol 11, Number 3, June 2005, Mary Ann Liebert, Inc Publisher, ISSN-1530-5627.Wireless Telecommunications Services
  • Broadband Services
  • 802.11n
  • WiMax
  • Security
  • PKI
  • VPN
  • Secure ID
  • WEP/WPA/WPA2 (802.11i)
  • 1,000Ultrawideband1004G cellularWi-Fi (802.11n)WiMax mobile(802.16e)Wi-Fi (802.11a/g)103.5G cellularWi-Fi (802.11b)WiMax (802.16)Bluetooth 2.03G cellular1Bluetooth 1.22.5G cellular-12G cellularEstablishedEmergingHow New Technologies Stack UpActual performance will vary depending on factors such as how the technology is deployed, the user’s distance from base stations, and interference.WPANWLANWMANWWANData Rate(megabits per second)Source: Technology Review, October 2005Security of Patient Records
  • Wireline Communications/Computer Access
  • Database Encryption
  • Public Private Key access control
  • Routine Password Control and Management
  • Isolation of Database Server from outside access
  • except via Virtual Private Network (VPN) and Secure ID hand-held devices or Secure Private Key system
  • Wireless Communications
  • Wire Equivalent Privacy (WEP)
  • Poorly designed, vulnerable
  • Wireless Protocol Architecture (WPA)& WPA2
  • Improved Security Encoding
  • Enterprise Security Offering(Both WPA and WPA2 now available for Wireless operations as alternate to WEP)
  • References
  • [Corr 2006] Corrigan, Mike (Current Chair MTPC), “Consumer-Centered Electronic Health Records and e-Health - Roadblocks and Opportunities,” presented to GEIA Roundtable, June 29, 2006 -Available at:http://www.ieeeusa.org/volunteers/committees/mtpc/index.html
  • [IEEE-USA]IEEE Medical Technology Policy Committee Web Site - ttp://www.ieeeusa.org/volunteers/committees/mtpc/index.html
  • Backup SlidesTop Level EHR ComponentsPersonal Health Record(PHR)orPersonal EHRHealthcare Provideror Clinical EHRsPayer Recordsor Payer EHRsGlueOther HealthcareSystem RecordsLimited PHRFull PHR
  • Uncertified
  • Demographics
  • Allergies
  • Medications
  • Inoculations
  • PersonalHealth Record
  • Certified
  • Demographics
  • and Identity
  • Links to other EHR components
  • PersonalHealth RecordPersonal EHRPersonal EHRHealth Insurance PayerRecordsCarrier EHRHospitalRecordsPhysicianOffice RecordsDentalOffice RecordsPharmacyOffice RecordsLaboratoryRecordsProvider EHRsRadiologicalRecordsEMT RecordsLifetime Full PHRPersonalHealth RecordAnonymized Links with Trusted Reverse ChannelLinksPublic HealthRecordsEnvironmentalRecordsPrenatal and Pediatric RecordsResearchRecordsMilitary and VARecordsGenomicRecordsEmployer and SelfInsuranceCarrier RecordsMedicare RecordsDeath Certificateand AutopsyRecords
    Related Search
    Advertisements
    Advertisements
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks