comp5 unit10a lecture slides
TRANSCRIPT
History of Health Information Technology in the U.S.
History of Privacy and Security Legislation
Lecture a – Background of HIPAAThis material Comp5_Unit10 was developed by The University of Alabama Birmingham, funded by the Department of Health
and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 1U24OC000023
History of Privacy andSecurity LegislationLearning Objectives
• Explain the differences among the terms privacy, confidentiality and security
• Discuss the reasons why the administrative simplification provisions were attached to the original HIPAA legislation.
• Explain the five principles underlying the HIPAA privacy and security rules
• Discuss the reasons why the privacy rule was an action of the executive, not the legislative, branch of the federal government
2Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Definitions• Privacy• Confidentiality• Security
3Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Definitions• Privacy
– The right to be left alone– The right to keep personal information secret– The right to control personal information
4Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Definitions• Privacy
– The right to be left alone– The right to keep personal information secret– The right to control personal information
• Confidentiality– Sharing or disseminating data only to those with a
“need to know”
5Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Definitions• Privacy
– The right to be left alone– The right to keep personal information secret– The right to control personal information
• Confidentiality– Sharing or disseminating data only to those with a
“need to know”• Security
– Mechanisms to assure the safety of data and systems in which the data reside
6Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
HIPAAHealth Insurance Portability and Accountability Act
Kennedy-Kassebaum bill (1996)Public Law 104-191Administrative Simplification and
Privacy Provisions
7Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
HIPAAHealth Insurance Portability and Accountability Act
Kennedy-Kassebaum bill (1996)
Improve efficiency of healthcareStandards for electronic transmission of healthcare information
8Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
HIPAAHealth Insurance Portability and Accountability Act
Kennedy-Kassebaum bill
Improve efficiency of healthcare
Privacy of information must be assuredDeadline (8/1999) for Congress to pass
privacy/confidentiality legislation• Defaults to Secretary of HHS to propose rule• Secretary of HHS must report to Congress in 1997 on
approach
9Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Privacy and Confidentiality Pre-HIPAA
• No national law for privacy/confidentiality of health information prior to HIPAA
• Privacy Act of 1974– Protected information held by the federal
government• Joint Commission (accrediting agency for
healthcare organizations) – Information management standards include
protection of confidential information• “Patchwork” of state laws
10Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
State Laws• No comprehensive set of laws for access or
disclosure• Condition-specific rules varied by state
11Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Photo by Omaopio
Principles Underlying HIPAA Privacy and Security Rules
• Boundaries• Security• Consumer Control• Accountability• Public Responsibility
Source: (Shalala , 1997)
12Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Principles Underlying HIPAA Privacy and Security Rules
• Boundaries
13Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Photo by airunp
Principles Underlying HIPAA Privacy and Security Rules
• Boundaries• Security
14Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Principles Underlying HIPAA Privacy and Security Rules
• Boundaries• Security• Consumer Control
15Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Photo by Win Henderson/FEMA
Principles Underlying HIPAA Privacy and Security Rules
• Boundaries• Security• Consumer Control• Accountability
16Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Photo by Daderot
Principles Underlying HIPAA Privacy and Security Rules
• Boundaries• Security• Consumer Control• Accountability• Public
Responsibility
17Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
HIPAA 1998 – Present• Controversies in privacy debate
• Floor or ceiling/floor
Source: (HHS, 1999)
18Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Photo by Jesse Loughborough
HIPAA 1998 – Present• Controversies in privacy debate
• Floor or ceiling/floor• Patient consent restrictions
19Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
HIPAA 1998 – Present• Controversies in privacy debate
• Floor or ceiling/floor• Patient consent restrictions
• Congress failed to pass privacy legislation
20Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
HIPAA 1998 – 2009• Controversies in privacy debate
• Floor or ceiling/floor• Patient consent restrictions
• Congress failed to pass privacy legislation
• DHHS Privacy Rule Proposed— Fall, 1999 • Over 50,000 comments received
Source: (HHS, 1999)
21Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
Privacy and Security Rules • Final Privacy Rule Published – December, 2000
– Modified several times– Went into effect in April, 2003
• Security Rule – 2005• Other changes over the years• Major changes in 2009 as a result of HITECH
22Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
History of Privacyand Security Legislation
Summary – Lecture a• Differences among the terms privacy,
confidentiality and security• Background of the administrative simplification
provisions in the original HIPAA legislation• Five principles underlying the HIPAA Privacy and
Security Rules• Passage of HIPAA Privacy and Security Rules
23Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
History of Privacy and Security Legislation
References – Lecture a
24Health IT Workforce Curriculum Version 3.0/Spring 2012
History of Health Information Technology in the U.S. History of Privacy and Security Legislation
Lecture a
References• HHS announces proposed electronic medical records privacy regulations. Tech Law Journal [Internet].
1999 Oct 30. Available from: http://www.techlawjournal.com/privacy/19991030.htm
• Testimony on Health Insurance Portability and Accountability Act by the Honorable Donna E. Shalala Secretary, U.S. Department of Health and Human Services, before the Senate Committee on Labor & Human Resources. 1997 Sep 11. Available from: http://www.hhs.gov/asl/testify/t970911a.html
Images Slide 11: Omaopio. Available from: http://commons.wikimedia.org/wiki/File:Vintage_aloha-shirt-quilt.JPG. Slide 13: Airunp. Available from: http://commons.wikimedia.org/wiki/File:Gran_muralla_badalig_agosto_2004JPG.jpg. Slide 14: Available from: http://commons.wikimedia.org/wiki/File:US_Secret_Service_officers.jpg.Slide 15: Win Henderson/FEMA. Available from: http://commons.wikimedia.org/wiki/File:FEMA_-_16868_-
_Photograph_by_Win_Henderson_taken_on_10-06-2005_in_Louisiana.jpg. Slide 16: Dadero Available from: http://commons.wikimedia.org/wiki/File:Oblique_facade_1,_US_Supreme_Court.jpg. Slide 17: Available from: http://commons.wikimedia.org/wiki/File:Scale_of_justice_gold.png.Slide 18: Jess Loughborough CC BY-NC-ND 2.0. Available from: http://www.flickr.com/photos/sunface13/3650126198.