Group: GTR ver M Grace Chen Taru Singhal Robert Szymanek Michael Parker

Security of eHealth InformationHIPAA Compliance at HRA

Health Research Analysts (HRA) is classified as a healthcare clearing house

HRA collects information on medical outcomes, a type of PHI, from healthcare service providers

HRA builds a national registry of outcome-related information

About HRA

How best do we capture, store and transmit PHI data? ◦ How is the data stored? ◦ How is a secure backup performed?◦ How is it encrypted?◦ What is the physical security?◦ How do we archive data?

Transmission of data? ◦ What is the best way to transmit data?◦ What Is the best encryption◦ Is E-mail safe? ftp/sftp?

Identify the Problem

HIPAA is the acronym for the federal legislation titled Health Insurance Portability and Accountability Act of 1996.

HIPAA was designed to protect patients from disclosure of protected health information (PHI).

Patients must be informed of their rights with their PHI, authorize release of information, have the right to see and amend their medical record, and be informed of what is released.

What is HIPAA

The HIPAA Privacy Rule applies to:◦ Health plans◦ Healthcare clearinghouses, part of an HIO◦ Healthcare providers that conduct covered

transactions

Healthcare Information Organization (HIO) performs certain functions or activities which require access to PHI

Healthcare clearinghouses collect data such as PHI and data-mine them

Why Compliance?

(1) the Privacy Rule which protects the privacy of individually

identifiable health information

(2) the Security Rule which sets national standards for the

security of electronic protected health information

Two key parts of HIPAA