New technologies and the web help address security threats.
This annotated bibliography summarizes thirty references published between 2000 and 2011 that examine ways to ensure the confidentiality, integrity, and availability of electronic protected health information (e-PHI) during data transmission and the need to provide protection against reasonably anticipated threats to the security or integrity of e-PHI. Four sub-questions frame this bibliography: (a) how can HIPAA-covered entities assess existing security frameworks in relation to the HIPAA security rule, (b) what are the potential risks and liabilities due to HIPAA violation during e-PHI data exchanges, (c) how can covered entities protect the confidentiality, integrity, and availability of e-PHI data exchanges, and (d) how can covered entities select appropriate emerging technologies purported to improve the security of e-PHI data exchanges.
|Factors Driving the Need for DAR Protections|
|Assess Existing Security Frameworks||MedDocs Central (2011) provides a twenty-eight item HIPAA security checklist for health care providers, intended to assist in a self-assessment of the existing security framework prior to implementing health information technology capabilities such as electronic health information exchange.|
|Identify Potential Risks and Liabilities||
HHS (2011) provides an eight step risk analysis process:
|Protect e-PHI Confidentiality, Integrity, and Availability||
Lerner and Koh (2004) describe three larger types of safeguards, including:
|Select Appropriate Emerging Technologies||
Health insurance providers report a commitment to the goal of creating an interconnected health care system in which health information can be exchanged electronically, so that doctors and hospitals have patients' information in the right place, at the right time (AHIP, 2008). The implications of HIPAA related security breaches can be serious and covered entities must have a greater stake in ensuring information security at all levels.
Complying with the security rules not only protects covered entities from internal or external security threats but also safeguards organizations from any potential federal, civil, or criminal penalties that may be imposed upon them due to a violation. Appropriate security measures must be carefully implemented to protect e-PHI within covered entities to comply with the law and to ultimately improve the overall quality of patient care.
Author: Sandesh Kuckian, business systems analyst, MedImpact Healthcare Systems, Inc.2011 University of Oregon, AIM Program Graduate.
Abstract: HIPAA requires covered entities to follow standards for protecting the security of electronic protected health information (e-PHI). This study examines the need to develop a secure data exchange in order to maintain compliance with the goals of the HIPAA Security Rule. Literature published between 2000 and 2011 is analyzed to ensure the confidentiality, integrity, and availability of e-PHI while allowing entities to adopt new technologies to improve the quality, safety, and efficiency of patient care.