By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
    analyst,women,looking,at,kpi,data,on,computer,screen
    Promising Benefits of Predictive Analytics in Asset Management
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Safeguarding Patient Data in EHRs
Share
Notification Show More
Latest News
ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence
ai in omnichannel marketing
AI is Driving Huge Changes in Omnichannel Marketing
Artificial Intelligence
ai for small business tax planning
Maximize Tax Deductions as a Business Owner with AI
Artificial Intelligence
ai in marketing with 3D rendering
Marketers Use AI to Take Advantage of 3D Rendering
Artificial Intelligence
How Big Data Is Transforming the Maritime Industry
How Big Data Is Transforming the Maritime Industry
Big Data
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Big Data > Data Mining > Safeguarding Patient Data in EHRs
Data MiningData WarehousingSecurity

Safeguarding Patient Data in EHRs

onlinetech
Last updated: 2012/11/27 at 1:55 PM
onlinetech
5 Min Read
SHARE

A recent blog by the HIPAA, HITECH & HIT legal blog of Fox Rothschild revealed a survey administered by the Office of Inspector General (OIG) of the U.S. Dept. of Health & Human Services (HHS). The EHR (electronic health record) technology questionnaire is part of a study on fraud and abuse safeguards in EHRs.

A recent blog by the HIPAA, HITECH & HIT legal blog of Fox Rothschild revealed a survey administered by the Office of Inspector General (OIG) of the U.S. Dept. of Health & Human Services (HHS). The EHR (electronic health record) technology questionnaire is part of a study on fraud and abuse safeguards in EHRs.

The questionnaire may serve as insight for hospitals attempting to establish safeguards with their digital systems to protect electronic protected health information (ePHI) and prevent a potential HIPAA violation. The topics include:

Basic EHR Information
This includes what type of EHR technology is used, whether a commercial vendor product, internally developed, or a hybrid solution using both vendor and internally developed products. Additionally, it includes whether or not the hospital is part of a network of hospitals that use the same EHR technology, and the length of time the hospital has been using it.

More Read

HIPAA compliant fax

Data Security Considerations Pertaining to HIPAA Fax

Data Analytics Solutions To HIPAA Compliance During Quarantine
HIPAA Violations Cost Health Insurer $1.7 Million: Lessons Learned
HIPAA Breach Lessons Learned
HIPAA in a HITECH World: HIPAA Violations on the Rise

A question regarding how diagnoses and procedures are coded includes the options of manually coded by professionals, or automatic software coding. The OIG is also interested in whether or not the hospital has plans to adopt computer-assisted coding.

Access Controls
The survey asks about the following user authorization controls used to limit access to the EHR system:

  • Unique user ID/Password
  • Token-based (the use of an ID card, or badge)
  • Biometrics (could be in the form of a fingerprint to validate identity)
  • Public-key (digital certificates)

In addition, the survey asks about the following access control policies and procedures:

  • Automatic user log-off/session time-out
  • Minimum password configuration rules
  • Regularly changing passwords
  • User agreements or contracts to prevent password sharing

Tracking Outside Entities (Third-Parties)
The OIG asked questions about third-party (i.e., payers) access to EHR systems, and how they connect, whether remotely or on-site. They are also interested in tracking third-party system activity with unique user IDs, and the specific limitations hospitals put on third-party access to their systems (and, if any, types of data and types of control).

Another question brings insight into the OIG and their interest in barriers that may exist, prohibiting outside entities from accessing EHR systems. This may be an indicator that secure, streamlined information exchange is a priority, as they list a number of barriers that include EHR technology/hardware doesn’t support capability; insufficient human resources; funding restrictions/additional costs to implement; insufficient EHR training; inability to integrate with existing systems; concerns with patient privacy and more.

Audit Logs
The survey asks about an EHR system’s audit log and tracking of access and changes, and the specific events that the audit log records:

  • Each entry or access into an EHR system
  • Signature events (proactive or auto default completion of a patient encounter)
  • Export of EHR document (printed, electronically exported, emailed)
  • Amendments, corrections or modifications of data
  • Import of data
  • Disabling of audit log
  • Release of encounter for billing
  • Access by an authorized outside entity

Specific audit data that is recorded may include:

  • National provider ID (NPI)
  • Data/Time/User stamps
  • Access type
  • Internet Protocol (IP)/Media Access Control (MAC) address
  • Network Time Protocol (NTP)/Simple Network Time Protocol (SNTP) synchronized time
  • Method of data entry
  • Data/Time/User stamp of author

Questions include who can delete, disable or edit the audit log, as well as who specifically analyzes log data, and how often. Daily log review is required to meet PCI DSS compliance, and it is highly recommended to meet HIPAA compliance. HIPAA requires the ability to monitor log-in attempts and reporting discrepancies (§164.308(a)(5)(ii)(C) of the HIPAA Security Standards Administrative Safeguards). As a subset of the Security Awareness and Training Standard (§164.308(a)(5)), log-in monitoring requires tracking failed log-in attempts to make workforce members aware of password management and system use.

Find out more about the technical, administrative and physical security services needed to meet HIPAA compliance, and more about HIPAA hosting requirements for vendors and covered entities by reading our HIPAA Compliant Hosting white paper.

Related Links:
The HIPAA Police Are On Their Way!

References:
OIG EHR Questionnaire Focuses on Fraud Safeguards

TAGGED: EHR, hipaa
onlinetech November 27, 2012
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence
ai in omnichannel marketing
AI is Driving Huge Changes in Omnichannel Marketing
Artificial Intelligence
ai for small business tax planning
Maximize Tax Deductions as a Business Owner with AI
Artificial Intelligence
ai in marketing with 3D rendering
Marketers Use AI to Take Advantage of 3D Rendering
Artificial Intelligence

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

HIPAA compliant fax
Big Data

Data Security Considerations Pertaining to HIPAA Fax

5 Min Read
data privacy and HIPAA
Security

Data Analytics Solutions To HIPAA Compliance During Quarantine

6 Min Read

HIPAA Violations Cost Health Insurer $1.7 Million: Lessons Learned

4 Min Read
HIPPA compliance
Best PracticesBig DataData ManagementInside CompaniesITLocationPolicy and GovernancePrivacySecurity

HIPAA Breach Lessons Learned

5 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?