Risk Management using the HITRUST De-Identification Framework
|
|
- Shanna Randall
- 5 years ago
- Views:
Transcription
1 Risk Management using the HITRUST De-Identification Framework Dr. Khaled El Emam, CEO, Privacy Analytics Kimberly Gray, J.D., Global CPO, IMS Health
2
3 Why we de-identify One of most important, useful, and effective means to protect personal privacy is through de-identification of information. Where information has been de-identified according to reasonable and specified standards (such as the HITRUST de-id framework standards), the risks of re-identification, cybercrime, breaches, and identity theft for properly de-identified data are exceedingly small.
4 Benefits of de-identification frameworks Reduce data custodian uncertainty around what would be generally accepted practices for de-identification Improve actual de-identification methods used in practice in the field Set yardsticks for regulators to use when evaluating what is acceptable practice for de-identification Define a body of knowledge for deidentification practices which can lead to certification and accreditation of professionals Help establish a community of practice around common approaches for deidentification
5 De-ID frameworks promote accountability Codes of conduct based upon a specific industry and/or geography or any other combination - may offer a framework for organizations to innovate with data while still safeguarding individual privacy. Industry codes drive self-policing and the development of best practices. Accountability mechanisms clearly can play a useful role in promoting socially beneficial uses of big data while protecting privacy.
6 Beneficial uses of health data a real world example Research performed by Dr. Millie Long and colleagues: Sophisticated analysis of large databases representing a significant time span. Dependent on linking key data from disparate sources: IMS Health de-identified medical claims data, IMS Health de-identified filled-prescription data, government knowledge bases (also de-identified). Work was intended to spotlight previously undocumented interrelationships between inflammatory bowel disease (IBD) and a variety of other illnesses. Investigators findings are that patients with IBD also have a higher likelihood of developing bacterial pneumonia, pneumocystis pneumonia, herpes zoster, and a variety of skin cancers. These findings provide a factual basis for a higher degree of monitoring and caution by patients and clinicians alike.
7 Privacy Framework Legal authority to share data Data anonymization practices Data ethics review committee / process for anticipated analytics protocols (data uses) Privacy boards or other similar organizations that consider ethical repercussions are invaluable in a world where data analytics and modeling can impact individuals or even their family members. Structure to consider: include a privacy subject matter expert, an ethics expert, at least one layperson to represent the population at large, and a mix of internal and external (to the organization) members. Consider a governance model that would include both regular meetings (perhaps quarterly) and ad hoc meetings to address new/novel issues
8 Governance Assigning overall responsibility for the de-identification program De-identification policies and procedures Training of individuals responsible for de-identification Understanding data flows Transparency around de-identification practices Determination of when and where de-identification / risk assessment needs to be performed Monitoring regulatory changes that are relevant Re-identification response protocol Examination of overlapping datasets over time Regular external review
9 Re-Identification risk Properly de-identified information, while not 100% impossible to re-identify, requires substantial resources and technical skill to re-identify. The primary risk of re-identification of deidentified data comes through academic theory and technical testing of de-identified data and related efforts designed to break de-identified data.
10 Identity Disclosure
11 Stigmatizing Inferences
12 HIPAA and De-ID
13 Privacy / Data Quality Balance
14 Direct and Quasi (indirect) identifiers Examples of direct identifiers: Name, address, telephone number, fax number, MRN, health card number, health plan beneficiary number, VID, license plate number, address, photograph, biometrics, SSN, SIN, device number, clinical trial record number Examples of quasi (indirect) identifiers: sex, date of birth or age, geographic locations (such as postal codes, census geography, information about proximity about known or unique landmarks), language spoken at home, ethnic origin, total years of schooling, marital status, criminal history, total income, visible minority status, profession, event dates, number of children, high level diagnoses and procedures.i
15 Risk Measurement Set Risk Threshold Based on the characteristics of the data recipient, the data, and precedents, a quantitative risk threshold is set. Measure Risk Based on plausible attacks, appropriate metrics are selected and used to measure actual reidentification risk from the data. De-identification Process Apply Transformations If the measured risk does not meet the threshold, specific transformations (such as generalization and suppression) are applied to reduce the risk.
16 Data Release Context
17 Layers of Protection Contractual Controls Security & Privacy Controls Perturb Data
18 Measuring Risk DIRECT IDENTIFIERS INDIRECT IDENTIFIERS SENSITIVE VARIABLES OTHER ID Name Telephone No. Sex Year of Birth Lab Test Lab Result 1 John Smith (412) M 1959 Albumin, Serum Alan Smith (413) M 1969 CreaBne Kinase Alice Brown (416) F 1955 Alkaline Phosphatase Hercules Green (613) M 1959 Bilirubin < Alicia Freds (613) F 1942 BUN/CreaBnine RaBo Gill Stringer (954) F 1975 Calcium, Serum Marie Kirkpatrick Pay Delay (416) F 1966 Free Thyroxine Index Leslie Hall (905) F 1987 Globulin, Total Douglas Henry (416) M 1959 B-type NatriureBc pepbde Fred Thompson (416) M 1967 CreaBne Kinase Two quasi-idenbfiers matching in three cells within a dataset
19 Risk Model
20 Impact on Context Risk
21 Impact on Context Risk
22 Acceptable Risk
23 Example Workflow
24 Automation
25 Certified De-identification Expert Provides the knowledge to perform risk-based de-identification Some technical background would be needed to pass the exam Additional coaching on real data sets needed to meet the experience requirement
26 CerHfied De-idenHficaHon Expert (CDE) professional credenhal starhng May 2016 (course & exam)
27 QUESTIONS
A PRIVACY ANALYTICS WHITE PAPER. The De-identification Maturity Model. Khaled El Emam, PhD Waël Hassan, PhD
A PRIVACY ANALYTICS WHITE PAPER The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD 1 Table of Contents The De-identification Maturity Model... 4 Introduction... 4 DMM Structure...
More informationSafe Harbor Vs the Statistical Method
Safe Harbor Vs the In order to leverage protected health information (PHI) for secondary purposes, an understanding of the different deidentification mechanisms is required. Under the U.S. Health Insurance
More informationDe-Identification Reduce Privacy Risks When Sharing Personally Identifiable Information
De-Identification Reduce Privacy Risks When Sharing Personally Identifiable Information De-Identification Unlock the value in your data Privacy Analytics Inc. is commercializing the technology developed
More informationA Reality Check on Health Information Privacy: How should we understand re-identification risks under HIPAA?
A Reality Check on Health Information Privacy: How should we understand re-identification risks under HIPAA? Daniel C. Barth-Jones, M.P.H., Ph.D. Assistant Professor of Clinical Epidemiology, Mailman School
More informationCONCEPTS AND METHODS FOR DE-IDENTIFYING CLINICAL TRIAL DATA. Khaled El Emam, Ph.D. (University of Ottawa) and
CONCEPTS AND METHODS FOR DE-IDENTIFYING CLINICAL TRIAL DATA Khaled El Emam, Ph.D. (University of Ottawa) and Bradley Malin, Ph.D. (Vanderbilt University) Disclaimer: The authors are responsible for the
More informationPRIVACY BREACH MANAGEMENT POLICY
\(.kon Education Education PRIVACY BREACH MANAGEMENT POLICY Effective Date: September 1, 2016 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (A TIPP Act) public bodies
More informationDe-identification and Clinical Trials Data: Oh the Possibilities!
De-identification and Clinical Trials Data: Oh the Possibilities! Bradley Malin, Ph.D. Assoc. Prof. & Vice Chair of Biomedical Informatics, School of Medicine Assoc. Prof. of Computer Science, School of
More informationLifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research
LifeBridge Health HIPAA Policy 4 Uses of Protected Health Information for Research This Policy contains the following Sections: I. Policy II. III. IV. Definitions Applicability Procedures A. Individual
More informationDE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI)
PRIVACY 8.0 DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI) Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have
More informationTHE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH
THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH Helenemarie Blake, Esq. Chief Privacy Officer, Interim Office of HIPAA & Privacy Security August 2016 SCENARIO You are putting a study together
More informationPrivacy and Security Orientation for Visiting Observers. DUHS Compliance Office
Privacy and Security Orientation for Visiting Observers DUHS Compliance Office 919-668-2573 compliance@dm.duke.edu Introduction This orientation is to provide new Visiting Observers with the HIPAA Privacy
More informationAccess to Patient Information for Research Purposes: Demystifying the Process!
Access to Patient Information for Research Purposes: Demystifying the Process! Cynthia Nappa Institutional Privacy Administrator State University of New York Upstate Medical University 1 Administrative
More informationINSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.
HIPAA PRIVACY RULE & AUTHORIZATION Definitions Breach. The term breach means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy
More informationSCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training
SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative
More informationMatching Accuracy of Patient Tokens in De-Identified Health Data Sets
Matching Accuracy of Patient Tokens in De-Identified Health Data Sets A False Positive Analysis Executive Summary One of the most important and early tasks all healthcare analytics organizations face is
More informationSample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital
Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital October 2010 2 Please Note: The purpose of this document is to demonstrate
More informationGuidance on De-identification of Protected Health Information September 4, 2012.
Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule September 4, 2012 OCR gratefully
More informationDeveloping a framework for the secondary use of My Health record data WA Primary Health Alliance Submission
Developing a framework for the secondary use of My Health record data WA Primary Health Alliance Submission November 2017 1 Introduction WAPHA is the organisation that oversights the commissioning activities
More informationA Study on Personal Health Information De-identification Status for Big Data
, pp.54-58 http://dx.doi.org/10.14257/astl.2016.136.14 A Study on Personal Health Information De-identification Status for Big Data Young-Chul Chung 1, Ya-Ri Lee 2, Jung-Sook Kim 3* 1, Ho-Kyun Park 4 1
More informationThe Impact of The HIPAA Privacy Rule on Research
The Impact of The HIPAA Privacy Rule on Research This is simplification? Upstate Medical University WHAT HASN T CHANGED All research involving human subjects must be reviewed and approved by the IRB. The
More informationThe HIPAA Privacy Rule and Research: An Overview
The HIPAA Privacy Rule and Research: An Overview Joy Pritts, JD Research Associate Professor Health Policy Institute Georgetown University jlp@georgetown.edu 1 Topics HIPAA Background Overview of Privacy
More informationAdvanced HIPAA Communications and University Relations
Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability
More informationCommission on Dental Accreditation Guidelines for Filing a Formal Complaint Against an Educational Program
Commission on Dental Accreditation Guidelines for Filing a Formal Complaint Against an Educational Program The Commission strongly encourages attempts at informal or formal resolution through the program's
More informationThe Queen s Medical Center HIPAA Training Packet for Researchers
The Queen s Medical Center HIPAA Training Packet for Researchers 1 The Queen s Medical Center HIPAA Training Packet for Researchers Table of Contents Overview of HIPAA and Research 3 Penalties for violations
More informationPrivacy and EHR Information Flows in Canada
Privacy and EHR Information Flows in Canada Common understandings of the Pan-Canadian Health Information Privacy Group Pan-Canadian Health Information Privacy Group June 30, 2010 Acknowlegements This document
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the DoD Women, Infants, and Children Overseas Participant Information Management System (WIC PIMS) TRICARE Management Activity (TMA) SECTION 1: IS A PIA REQUIRED? a.
More informationClinical Data Transparency CLINICAL STUDY REPORTS APPROACH TO PROTECTION OF PERSONAL DATA
Clinical Data Transparency CLINICAL STUDY REPORTS APPROACH TO PROTECTION OF PERSONAL DATA CLINICAL STUDY REPORTS APPROACH TO PROTECTION OF PERSONAL DATA Background TransCelerate BioPharma Inc. is a non-profit
More informationNavigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections
Navigating HIPAA Regulations Michelle C. Stickler, DEd Director, Research Subjects Protections mcstickler@vcu.edu 828-0131 Key Definitions Covered Entity: Organization that handles identifiable health
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the Medical Readiness Decision Support System (MRDSS) United States Air Force SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD) information system
More informationAdministrative Burden of Research Compliance
Administrative Burden of Research Compliance Measuring and Minimizing David L. Wynes, Ph.D. Vice President for Research Administration Emory University 1 FDP Faculty Burden Survey (X2) PIs estimated that
More informationPennsylvania Patient and Provider Network (P3N)
Pennsylvania Patient and Provider Network (P3N) Cross-Boundary Collaboration and Partnerships Commonwealth of Pennsylvania David Grinberg, Deputy Executive Director 717-214-2273 dgrinberg@pa.gov Project
More informationEncouraging the Use of, and Rethinking Protections for De-Identified (and Anonymized ) Health Data
Encouraging the Use of, and Rethinking Protections for De-Identified (and Anonymized ) Health Data June 2009 This paper advocates for stronger standards for de-identification of health data. Patient data
More informationHIPAA PRIVACY TRAINING
HIPAA PRIVACY TRAINING HIPAA Privacy Training Objective Present a general overview of HIPAA and define important terms Understand the purpose of HIPAA and the Privacy Rule Understand the term Protected
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the Military Health System (MHS) Learn Defense Health Agency (DHA) SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD) information system or electronic
More informationBest practices in using secondary analysis as a method
Best practices in using secondary analysis as a method Katharine Green, PhD(c), CNM University of Massachusetts Amherst, USA July, 2015 University of Massachusetts Amherst, U.S.A. Secondary data analysis:
More informationpic National Prescription Drug Utilization Information System Database Privacy Impact Assessment
pic National Prescription Drug Utilization Information System Database Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s
More informationHealthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation
Healthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation June 20, 2012 ID Experts Webinar www.idexpertscorp.com Mahmood
More informationYALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996
YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA Health Insurance Portability and Accountability Act of 1996 Handbook Table of Contents I. Introduction What is HIPAA? What is PHI? What is a Covered Entity
More informationHIPAA Privacy Regulations Governing Research
HIPAA Privacy Regulations Governing Research HIPAA Health Insurance Portability and Accountability Act In a Nutshell The Privacy Regulations govern a provider s use and disclosure of health information
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT INSTRUCTIONS Read through this presentation. Submit completed post test to the Portage County MRC Coordinator. Estimated completion time: 1 hour Learning
More informationPrivacy Policy - Australian Privacy Principles (APPs)
Policy New England North West Health Ltd (Trading as HealthWISE New England North West) will be referred to as HealthWISE for the purposes of this document. HealthWISE recognises that Information Privacy
More informationHIPAA COMPLIANCE APPLICATION
1 HIPAA COMPLIANCE APPLICATION PROJECT TITLE: PRINCIPAL INVESTIGATOR Name (Last, First): Please complete this form if you intend to use/disclose protected health information (PHI) in your research. An
More informationThis policy has implications for all managers, staff, board members, students, apprentices and trainees, contractors and volunteers.
Privacy Policy Purpose This document describes BGT s policy regarding the collection, use, storage, disclosure of and access to personal information, including health information, in relation to the personal
More informationCLINICIAN S GUIDE TO HIPAA PRIVACY
CLINICIAN S GUIDE TO HIPAA PRIVACY Introduction... 2 What is HIPAA?... 2 Health Information Privacy... 2 Protected Health Information... 3 Identifiers... 3 HIPAA s Impact on Clinical Practice, Treatment,
More informationPRIVACY BREACH GUIDELINES
PRIVACY BREACH GUIDELINES Purpose The may provide some guidance to government institutions, local authorities, and health information trustees (hereinafter Organizations) in Saskatchewan when a privacy
More informationWhat is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More information2011 Measures 2013 Objectives Goal is to guide and support care processes and care coordination
Improve quality, safety, efficiency, and reduce health disparities Provide access to comprehensive patient health data for patient s health care team Use evidencebased order sets and CPOE Apply clinical
More informationHOW TO MAINTAIN A LAB NOTEBOOK- RECORD KEEPING AND HIPAA. Fern Tsien, PhD Department of Genetics LSUHSC
HOW TO MAINTAIN A LAB NOTEBOOK- RECORD KEEPING AND HIPAA Fern Tsien, PhD Department of Genetics LSUHSC Type and Format Check with your mentor if he/she requires a specific format depending on the type
More informationSUBJECT: Army Directive (Implementation of the Army Human Capital Big Data Strategy)
S E C R E T A R Y O F T H E A R M Y W A S H I N G T O N MEMORANDUM FOR SEE DISTRIBUTION SUBJECT: Army Directive 2017-04 (Implementation of the Army Human Capital Big 1. Reference Department of the Army,
More informationCPRD Clinical Practice Research Datalink
CPRD Clinical Practice Research Datalink john.parkinson@cprd.com NCIN June 2012 Simon Davies CEO of Teenage Cancer Trust spoke to us recently about changing the current clinical trial system to auto-enrol
More informationX Name of Patient (Please Print) X Signature of Patient (or Parent/Legal Guardian) X Name of Parent/Legal Guardian (Please Print)
In Office Policies Identification - For the protection of our patients, and to reduce medical identity theft, all patients are required to present a valid insurance ID card and/or driver s license at the
More informationExpanding Role of the HIM Professional: Where Research and HIM Roles Intersect
Page 1 of 6 The Expanding Role of the HIM Professional: Where Research and HIM Roles Intersect by Jessica Bailey, PhD, RHIA, CCS, and William Rudman, PhD Abstract This article examines the evolving role
More informationIRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix
IRB 101 Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix Contents Brief discussion of regulations IRB Structure Levels of Approval Informed Consent HIPAA/HITECH
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the VIRTUAL INFORMATION & PUBLICATION ENTERPRISE RESOURCE Defense Contract Audit Agency SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD) information
More informationIHE IT Infrastructure Handbook. De-Identification
Integrating the Healthcare Enterprise 5 IHE IT Infrastructure Handbook 10 De-Identification 15 20 Date: March 14, 2014 Author: IHE IT Infrastructure Technical Committee Email: ITI@ihe.net 25 Please verify
More informationPhUSE De-Identification Working Group: Providing De-Identification Standards to CDISC Data Models
PharmaSUG 2015 - Paper DS10 PhUSE De-Identification Working Group: Providing De-Identification Standards to CDISC Data Models Jean-Marc Ferran, Qualiance & PhUSE, Copenhagen, Denmark Jacques Lanoue, Novartis,
More informationMortality Data in Healthcare Analytics
Mortality Data in Healthcare Analytics Sourcing Robust Data In a HIPAA-Compliant Manner Executive Summary The incorporation of mortality data into healthcare data sets allows fraud prevention, accurate
More informationDraft Code of Practice FOR PUBLIC CONSULTATION
Draft Code of Practice FOR PUBLIC CONSULTATION Foreword Data Governance Australia DGA is committed to setting industry standards and benchmarks for the responsible and ethical collection, use and management
More informationHIPAA Compliancy Group, LLC. 2017
1 Meet Your Expert Proud Sponsor Visionary Contributor Endorsed Partner Marc Haskelson Compliancy Group, CEO Marc@compliancygroup.com CompTIA Channel Advisory Board Co Chair CompTIA Business Applications
More informationPrivacy and Security Compliance: The. Date Presenter Name of Member Organization
Privacy and Security Compliance: The Basics Date Presenter Name of Member Organization Privacy and Security Compliance: The Context for What We Do Privacy and Security compliance within (your office) is
More information101 Davenport Road, Toronto, Ontario Canada M5R 3P1 Telephone Toll Free (Ontario) Facsimile
101 Davenport Road, Toronto, Ontario Canada M5R 3P1 www.cno.org Telephone 416 928-0900 Toll Free (Ontario) 1 800 387-5526 Facsimile 416 928-6507 101, chemin Davenport, Toronto (Ontario) Canada M5R 3P1
More informationOPPORTUNITIES FOR DATA INTEGRATION AND BEST PRACTICE INTERVENTIONS TO IMPROVE CLINICAL AND FINANCIAL OUTCOMES
OPPORTUNITIES FOR DATA INTEGRATION AND BEST PRACTICE INTERVENTIONS TO IMPROVE CLINICAL AND FINANCIAL OUTCOMES Elizabeth S Miller, MPA November 2014 President BPKMiller Associates 1 2 3 HEDIS DATA IMPROVEMENT:
More informationI. Researcher Information
Annotations Updated: vember 25, 2016 Form Updated: August 8, 2016 Health Information Management 4040-300 Carlton Street, Winnipeg, Manitoba, Canada R3B 3M9 T 204-945-7139 F 204-945-1911 www.manitoba.ca
More informationSystem-wide Policy: Use and Disclosure of Protected Health Information for Research
System-wide Policy: Use and Disclosure of Protected Health Information for Research Origination Date: May 2016 Next Review Date: May 2019 Effective Date: May 2016 Reference #: SYS ADMIN-RA-005 Approval
More informationStandard Operating Procedures (SOP) Research and Development Office
Standard Operating Procedures (SOP) Research and Development Office Title of SOP: Principles of Data Collection and Storage SOP Number: 8 Supercedes: 1.0 Effective date: August 2013 Review date: August
More informationPart 2: PCMH 2014 Standards
Part 2: PCMH 2014 Standards Heather Russo, CCE PCMH Consultant September 15, 2015 Advancing Healthcare Improving Health For Practices Recognized at Level 2 or Level 3 under the 2011 Standards Your Guide
More informationUPMC Passavant POLICY MANUAL
UPMC Passavant POLICY MANUAL SUBJECT: Organizational Plan, Patient Care Services POLICY: 200.142 DATE: November 2015 INDEX TITLE: Nursing MISSION: Patient Care Services at UPMC Passavant is integral to
More informationOntario s Digital Health Assets CCO Response. October 2016
Ontario s Digital Health Assets CCO Response October 2016 EXECUTIVE SUMMARY Since 2004, CCO has played an expanding role in Ontario s healthcare system, using digital assets (data, information and technology)
More informationA Case Example: CHHS Data De-Identification Guidelines. Improving Public Health Data Dissemination through Policy and Tools
A Case Example: CHHS Data De-Identification Guidelines Improving Public Health Data Dissemination through Policy and Tools June 23, 2016 A Case Example from California California Health and Human Services
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the. Department of Defense Consolidated Cancer Registry (CCR) System. Defense Health Agency (DHA)
PRIVACY IMPACT ASSESSMENT (PIA) For the Department of Defense Consolidated Cancer Registry (CCR) System Defense Health Agency (DHA) SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD)
More informationHIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD
HIPAA & Research Overview for the Privacy Board March 22, 2011 UAMS HIPAA Office Vera M. Chenault, JD The Privacy Board - YOU HIPAA Privacy Rule establishes the requirements for membership and role of
More informationPrivacy Impact Assessment: care.data
High quality care for all, now and for future generations Document Control Document Purpose Document Name Information Version 1.1 Publication Date 03/04/2014 Description Associated Documents Issued by
More informationNew HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance
New HIPAA Privacy Regulations Governing Research Karen Blackwell, MS Director, HIPAA Compliance kblackwe@kumc.edu 913-588 588-0942 HIPAA Health Insurance Portability and Accountability Act In a Nutshell
More informationAPPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION
FORM W/H-01 APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION Research for which this form is appropriate generally involves only existing patient records or specimens.
More informationSECONDARY USE OF DATA IN HEALTH RESEARCH: ETHICS AND PRIVACY CONSIDERATIONS. Donna Roche & Sandra Veenstra
1 SECONDARY USE OF DATA IN HEALTH RESEARCH: ETHICS AND PRIVACY CONSIDERATIONS Donna Roche & Sandra Veenstra Outline 2 Landscape oversight Privacy best practices Ethics considerations Chicken and egg problem
More informationData Integration and Big Data In Ontario Brian Beamish Information and Privacy Commissioner of Ontario
Data Integration and Big Data In Ontario Brian Beamish Information and Privacy Commissioner of Ontario Access, Privacy and Records and Information Management (RIM) Symposium October 17, 2016 Our Office
More informationHIPAA THE PRIVACY RULE
HIPAA THE PRIVACY RULE Reviewed December 2012 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of antidepressant medications in their mail. 2 HISTORY Many
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the DCAA Integrated Information Network (IIN) Defense Contract Audit Agency SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD) information system
More informationAdult Health History
Adult Health History Name: DOB: Please list medications, including: vitamins, herbs, homeopathic remedies, and nonprescription medicines on the attached medication sheet. Medical History: High blood pressure
More informationHIT Usability and Data Breaches. Ritu Agarwal University of Maryland
HIT Usability and Data Breaches Ritu Agarwal University of Maryland Digital Vulnerabilities Private medical data for 20,000 emergency room patients at Stanford Hospital exposed to the public for nearly
More informationNURSING (MN) Nursing (MN) 1
Nursing (MN) 1 NURSING (MN) MN501: Advanced Nursing Roles This course explores skills and strategies essential to successful advanced nursing role implementation. Analysis of existing and emerging roles
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the Air Force Defense Integrated Military Human Resources System (AF DIMHRS) Air Force SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD) information
More informationI SBN Crown copyright Astron B31267
I SBN 0-7559- 0875-9 Crown copyright 2003 Astron B31267 9 780755 908752 w w w. s c o t l a n d. g o v. u k NHS Code of Practice on Protecting Patient Confidentiality 1 INTRODUCTION 1.1 Accurate and secure
More informationClinical Trials at PMH
Clinical Trials at PMH What You Need To Know UHN Patient Education Improving Health Through Education A Guide for Patients, Their Families and Friends in the PMH Cancer Program This information is to be
More informationPRIVACY BREACH MANAGEMENT GUIDELINES. Ministry of Justice Access and Privacy Branch
Ministry of Justice Access and Privacy Branch December 2015 Table of Contents December 2015 What is a privacy breach? 3 Preventing privacy breaches 3 Responding to privacy breaches 4 Step 1 Contain the
More informationRelease of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA
Release of Medical Records in Ohio OHIMA March, 2010 Ann Hubbuch, JD, RHIA Vice President Corporate Compliance Licking Memorial Health Systems Ohio Revised Code (ORC) One part of the puzzle What controls.hipaa
More informationTechnology Standards of Practice
2016 Technology Standards of Practice Used with permission from the Association of Social Work Boards (2016) Table of Contents Technology Standards of Practice 2 Definitions 2 Section 1 Practitioner Competence
More informationThe future of patient care. 6 ways workflow automation will transform the healthcare experience
The future of patient care 6 ways workflow automation will transform the healthcare experience Workflow automation: The foundation for improved patient care The patient lifecycle goes through many phases.
More informationSeason s Greetings from all of us to all of you!
Winter 2011 Newsletter Newsletter for Registrars including Timeliness Reminders, Calendar of Events and Updates N e w s, n e w s a n d m o r e n e w s... In this issue Season s Greetings from all of us
More informationSubmission to the Consultation on Development of a Framework on Secondary Use of My Health Record Data
Submission to the Consultation on Development of a Framework on Secondary Use of My Health Record Data Introduction Thank you for the invitation to make a submission to the consultation on secondary use
More informationLaboratory Services Policy, Professional
Laboratory Services Policy, Professional UnitedHealthcare Medicare Advantage Reimbursement Policy CMS 1500 Reimbursement Policy Policy Number Annual Approval Date 12/13/2017 Approved By Oversight Committee
More informationSession Number G24 Responding to a Data Breach and Its Impact. Karen Johnson Chief Deputy Director California Department of Health Care Services
Session Number G24 Responding to a Data Breach and Its Impact Karen Johnson Chief Deputy Director California Department of Health Care Services 1 Outline PCI and PCH Breach Incident Incident Response Lessons
More informationUnderstanding Diversion in the Pharmacy Kimberly S. New JD BSN RN
Understanding Diversion in the Pharmacy Kimberly S. New JD BSN RN All Rights Reserved Scope of the Problem Diversion can t be prevented entirely Substantial safety, quality, regulatory and legal risk Mitigate
More informationA Multi-Phased Approach to Using Clinical Data to Drive Evidence-Based EMR Redesign. Kulik, Carole Marie; Foad, Wendy; Brown, Gretchen
The Henderson Repository is a free resource of the Honor Society of Nursing, Sigma Theta Tau International. It is dedicated to the dissemination of nursing research, researchrelated, and evidence-based
More informationHEALTH HISTORY QUESTIONNAIRE
Patient Name: of Birth: HEALTH HISTORY QUESTIONNAIRE Primary Care Physician: Other physicians you currently see: Emergency Phone #: Contact Person/Relationship: Reason for the Visit: Please list your medications
More informationThe University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office
The University of Toledo Corporate Compliance and HIPAA Training Presented by: The Compliance and Privacy Office Topics Compliance HIPAA (Health Insurance Portability and Accountability Act) FERPA( Family
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the Fuji CR/DR Family on FDX Console USAF SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD) information system or electronic collection of information
More informationThe EU GDPR: Implications for U.S. Universities and Academic Medical Centers
The EU GDPR: Implications for U.S. Universities and Academic Medical Centers Mark Barnes February 21, 2018 Agenda Introduction Jurisdictional Scope of the GDPR Compared with the Directive Offering Goods
More informationPRIVACY IMPACT ASSESSMENT (PIA) For the
PRIVACY IMPACT ASSESSMENT (PIA) For the Special Needs Program Management Information System (SNPMIS) Defense Health Agency (DHA) SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD) information
More informationMedical Privacy and Business Process Design
Stanford Computer Forum March 17, 2008 Medical Privacy and Business Process Design John C Mitchell Stanford Motivating examples Vanderbilt Hospital Patient Portal Messaging system that route requests,
More information