The 130th Annual Meeting of APHA

Abstract #51863

Melvin A. York, MBA, CMC, PMP, Digital Safetynet Inc., 4018 5th Street, NW, Washington, DC 20011, 202-291-6542, myork@dchealth.com, Yvonne Claudio, MS, University of Maryland University College, 15151 Deer Valley Terrace, Silver Spring, MD 20906, and Ebony A. Davis, MPH, State Center for Health Statistics, District of Columbia Department of Health, 825 N. Capitol Street, N.E., Washington, DC 20002.

This paper discusses the issues of sharing and integrating data in a intranet and internet environment that mandates securing information from losses, breaches of integrity and assuring compliance with public policy, laws and regulations governing protecting the privacy of personal information.

The benefits of real time data sharing and repository integration are addressed in terms of improved data accuracy, management efficiencies, and improvements in trend analysis, data correlation and requirements forecasting. The restraints and requirements for security and privacy are presented as additional requirements that must be addressed in developing relationships with business partners and technology specialist and technology vendor’s responsibility for designing systems to comply with privacy and security laws while meeting operational requirements.

The potential benefits for reducing “fraud and abuse” in health services eligibility determination, claims processing and invoice payments are also addressed to justify the commitments needed for assuring funding sources, over-sight organizations and auditors that health care assets are being managed to mitigate risk from losses and law suites associated with violation of privacy laws.

The conclusion of the presentation emphasizes the responsibilities of the primary health information collectors for securing and protecting health information governed by laws such as the Health Insurance Portability and Accountability Act (HIPAA). There is discussion of both optional and required measures to facilitate compliance with privacy and security laws that include: policies and procedures; training; technology devices (H/W and S/W); Business Partner Agreements; Chain of Trust Agreements; Memorandums of Understanding (MOU) and “Privacy and Security” personnel assignments.

Learning Objectives:

• ·Present requirements to protect health information with identifiers per HIPAA,
• ·Identify risks associated with failure to protect health information,
• ·Benefits of including requirements for protection in information system designs,
• ·Identifying responsibilities and actions needed to comply with health privacy laws (i.e. HIPAA).

Keywords: Health Information, Protection

Presenting author's disclosure statement:
Disclosure not received
Relationship: Not Received.