Integrating Electronic Health Records Using Universal Patient Identifiers KSA

Size: px
Start display at page:

Download "Integrating Electronic Health Records Using Universal Patient Identifiers KSA"

Transcription

1 Integrating Electronic Health Records Using Universal Patient Identifiers KSA Ahmed Emam, Ahmed Youssef, Samir EL-Masri, Mohammed Alnuem Dept. of Information Systems College of Computers and Information Sciences King Saud University, Riyadh, KSA Abstract One of the required standards of healthcare information technology (HIT) and specially Electronic Health Records (HER) is to develop a unique patient identifier (UPI) to enable physicians, hospitals, and other authorized users to share clinical and administrative records more efficiently. Till now there is no standard format of UPI which is make it hard to exchange the patient information across the countries and to integrate among heterogeneous medical information systems. This work explores and investigates the desired attributes for any developed UPI such as Unique, Non disclosing, Invariable, Canonical, Verifiable, and Ubiquitous features. A sample case study that demonstrates how much it is necessary for Saudi Arabia to adapt and develop UPI for the patients was introduced. Also, a process framework and schema for the proposed solution was proposed to give a guideline and the basic steps toward develop a solution for adapting UPI in KSA. Keywords- Unique Patient Identifier; Electronic Health Records; Cloud Computing; Health Information Technology. I. INTRODUCTION Good clinical decisions based on bad data guarantee bad clinical outcomes; it is very true statement and this is the main motivation behind this research. Nowadays, there are many definition of healthcare information technology (HIT) main goal are saving money and significantly improving the quality of health care. International Organization for Standardization (ISO) is a worldwide federation of national standards bodies aims to setup and preparing International Standards specially ISO Technical Committee 215 for setting up standard for Health informatics. Most of development countries such as European Union, Australia, and United State of America (USA) adapt special standard, for example, USA approved Health Insurance Portability and Accountability Act (HIPAA) on To replace the paper with an electronic record while maintaining all patient s care, Electronic Medical Record (EMR) or Electronic Health Record (EHR) system become more than essential. Therefore, EHR is a computer program where patient records are created, used, exchanged, stored and retrieved. Because every healthcare provider keeps a separate paper or electronic medical record for each patient, there is no ability to integrate information between the various HER systems. When data is integrated by using EHR system, patient care improves and HIPAA compliance is ensured. HIPAA mandated setting up special requirement to improve the quality of health care and preserve the patient right. One of required standard was development of a unique patient identifier (UPI) to enable physicians, hospitals, and other authorized users to share clinical and administrative records more efficiently. UPI has too many features: reduce errors, improve interoperability, reduce the cost of marinating HER, and prevent privacy breaches. One advantage of a properly implemented UPI system is its freedom from errors through giving each person single and unique identifier that follows them throughout their lives and is used only for health records. One advantage of adapting UPI is separating between health record information and financial records information which is target for identity thieves and can improve privacy by limiting the transmission of more sensitive identifiers (names, address, and SSN). From the above advantages of adapting UPI, USA Department of Health and Human Services (DHHS) in 2005 has moved forward with steps to investigate of development of a UPI by linking patients records across different networks. The implementation of UPI is very costly and depends on several variables, including the architecture chosen to achieve connectivity between different ERH systems. To estimate the costs of implementing UPI, it would require a onetime investment and an annual maintenance cost. But before implementing UPI, there are a several assignment should be done besides money. Establishing a legal environment will be the best protection of patient privacy and encouraging the advances that interoperability would increase the health care quality and efficiency. The current situation in Kingdom Saudi Arabia (KAS), most of health care provider works as isolated island and adapt different EHR system. So, the patient can have more than on record in different EHR system, which reduce the quality of the provided service and significantly increase the risk for treatment process. The main goal of this work is to explore the adapting UPI in KSA and proposed a framework for UPI. The healthcare researcher and industry are shift violently in adapting the use of electronic health records (EHR) in medical filed. The major priority for any healthcare provider is providing a clear and high quality data to be sharable among different departments within the organization and that can be achieved though accurate Patient Identification. Because of the enormous impact that PI Integrity has on the clinical,

2 financial, and administrative business of healthcare, it is imperative that the quality of an organization s identity integrity be addressed as a major priority within an organization and most certainly prior to sharing data externally with other stakeholders. Stakeholders should require quality data from fellow participants prior to participation in any data exchange. In development countries, health care fraud accounts for an estimated 3 to 10 percent of all health care costs, or 80 to 120 billion dollars of loss per year. Accurate identification and verification of identity is important also to reduce frauds due to medical identity theft [1]. II. RELATED WORK Carpenter [1] mentioned that the department of Health and Human Services in 1973 reported that they are object to move forward toward Standard Universal Identification. The proposed Universal Patient Identifier (UPI) should have the following features: uniqueness, verifiability, reliability, and tracking. The proposed UPI consists of 7 digit date code, 6 digit geographical code relate to the place of birth, 5 digit sequence code to identify born on the same date in the same geographical area, and one single check digit, which make the total size is 19 digits. For examples, ^044273^00047^2 represent a person born in March 1, 1993 in Minneapolis, MN- USA. The proposed UPI can be used as Universal Provider Identification (UPI) by adding one digit refer to P(provider), or MD, or RN etc. The author assumed that the proposed UPI is reasonable and flexible and can be easily adapted using the available infrastructure. The proposed UPI will coded using base 34 digits bit base and check digit algorithm used to protect against miskey and digit inversion. Universal Healthcare IDentifier (UHID) is the result of a 2 year standards development process by ASTM committee E31.12 on medical informatics during the summer of This research work [3] consists of selective quotes in italics of portions of the proposed standard. The author mentioned the main functions of using UHID, which are: positive identification of patients when clinical care is rendered, automated linkage of various computer based records on the same patient for the creation of lifelong electronic healthcare files; providing a mechanism to support data security for the protection of privileged clinical information, and enable the use of technology for patient records handling to keep health care operating costs at a minimum. The author mentioned the most important criteria for UHID, which are Atomic, Content-free, Cost-effective, Disidentifiable, Secured, Focused, Identifiable, Permanent, Unique, and Variable. The work proposed UHID schema structure, which starts by 16 digit Sequential Identifier (SI), a single character delimiter, 6 check digits, and 6 encryption Digits and the full identifier constitutes 29 digits ( ). An evaluation for the proposed schema against the required standard criteria and it shows that the proposed scheme appears to adequately meet all but two of the criteria (cost and ability to "split") listed in the standard. Kohane [3] mentioned that use of SSN is not safe and provided some article support his vision and he proposed a framework Health Information Identification and De- Identification Toolkit (HIIDIT). HIIDIT is not an identification system but a generator of identification systems and it take into consideration the following dimensions that are encompassed by HIIDIT : Directory local to determine the degree of patient consent in information ( for example, 1 for Patients, 2 for Provider, 3 for Provider organization, 4 for Trusted escrow and third party, and 5 for Governmental authority), Scope of Identification to represent the geographical or organizational scope of the identification and the nature of the data linked to a particular identifier, Certifying Authority (CA) to certifies varying degrees of authority and credibility correspond to a particular patient, Scope of Identifier Secrecy to keep a patient identifier confidential and disclosed (for example, 1 for Just the patient, 2 for Patient & family, friends or guardians, 3 for Provider, 4 for Class of Providers, 5 for All providers, 6 for Healthcare institution, 7 for Insurer, 8 for Government, 9 for any combinations). The research work explained how HIIDIT system work and he claims that the HIIDIT's function matched and adequate of the required four dimensions of identification systems. Finally, he recommends using HIIDIT for sharing data between health care institutions that are competing in the market. Integrated Advanced Information Management Systems (IAIMS) and Unified Medical Language System (UMLS) projects involved large amount of useful patient data, clinical information, and biomedical knowledge in electronic and it increased dramatically since the 1980s. Besty [2] stated that, in a 1998 the National Committee on Vital and Health Statistics (NCVHS) described three types of computer-based health records: patient, personal, and population health records are needed to facilitate coordination, research, and assessment for clinical care. Since, digital library term was introduced by National Science Foundation in 1994 and can be focus on information accessible via the Internet and encompasses. Since the digital library is not a single entity and it need technology to link different resources. Nowadays, Identity is a key concept in the global world and the report stated that, In 2000 the UNICEF has calculated that 50 million babies (41% of births worldwide) were not registered and thus without any identity document at all. The European Union tried to cover this gap through EURODAC system, which consists of a Central Unit equipped with a computerized central database for comparing the fingerprints of asylum applicants and a system for electronic data transmission between Member States and the database. EURODAC enables Member States to identify asylum seekers by comparing fingerprints to determine whether an asylum seeker or a foreign national found illegally present within a Member State [5]. In 2004 the European Commission has funded a project called Biometric Identification Technology Ethics (BITE)

3 (www.biteproject.org) and the purpose of the BITE project was to provide a forum to initiate the public conversation on ethical and policy issues raised by the deployment and the application of biometric identification technology in various fields. BITE report defined the potential weak point of any biometric scheme, which is a liveness check (technological countermeasure to spoofing using artifacts). Latex finger, a prosthetic eye, a plaster hand, or DAT voice recordings are good examples for liveness checks. In 2004, French government decided by law to start a national project for an electronic health record called the personal medical record (PMR). Ouantin [6] proposed this research work to establish and reassure French patients regarding the security of their medical data which will be stored at a national level through creation of a secure patient identifier. The author stated that hashing the social security number would help to meet the confidentiality of personal information contained in the PMR and provide access to patient or to public health bodies. Double hashing proposed to provide anonymity safely and a portal of the application from health professional will provide a reversible encryption coding HIN. The research proposed using of a smart card attributed to professionals in both the private sector and public hospitals. For the security of exchanges among health professionals, the author strongly recommends using of networks like virtual private network. For mobility and interoperability concern, the author suggested adapting Europeans Regulation (EC No 883/2004). In [7], authors propose the fingerprint, iris, retina scan, and DNA (FIRD) framework that utilizes a patient s biometric characteristics to uniquely associate them to their medical data. The framework establishes an infrastructure that will distinctively identify a patient to his or her complete electronic healthcare record (EHCR) with exact precision and accuracy. The framework s inner workings collect records that are not properly assigned to the unique patient identifier (UPI), remove records that do not belong to the patient, and correct errors and omissions within the patient s EHCR. The authors suggested that creation of a standardized nationwide electronic healthcare record system in the United States would require a way to match a composite of an individual s recorded healthcare information to an identified individual patient out of approximately 300 million people to a 1:1 match, resulting in a final information compilation that provides a complete healthcare history to the healthcare provider, while reducing medical errors and lowering healthcare cost. III. APPROACHES FOR PATIENT IDENTIFICATION Usually, patients visiting healthcare providers identify themselves in person at the reception point and authenticate their identity by ways of picture ID, insurance card, doctor s name and/or appointment time. A patient, typically, may have many healthcare providers, including primary care physician, specialists, therapists and other medical practitioners. In addition, a patient may use multiple healthcare insurance companies for different types of insurances, such as dental, vision and so forth. Several visits for different healthcare providers result in patient s health information distributed among different healthcare providers in the form of disparate Electronic Medical Records (EMR). The above scenario raises a problem of how to integrate medical records belonging to the same patient from different healthcare providers that are disparate nationwide. What is actually needed is a national healthcare information network that allows authorized practitioners to collect and share health information about patients from different healthcare providers all over the country. One of the most challenging questions in this case is how would such system uniquely identify each patient and link him/her to composite medical records in one-to-one match. Currently, each provider has its own centralized database of EMR and, typically, assigns unique record locators (often called medical-record numbers) to the records resulting from a patient s visits. Such record locators vary widely, from simple patient and family names to modified Social Security or insurance numbers, to provider-generated alphanumeric codes. Properly identified patients can approve the sharing of these medical records with other providers and insurers by signing an authorization form, clearly identifying the provider of record, the individual or entity to receive the record, and the boundaries or limitations on the information to be shared. The migration from traditional EMR systems to national healthcare information systems as described above involves three requirements: authenticating individuals, unambiguously linking individuals to their records, and authorizing controlled access to those records. Implementing these requirements creates new challenges, for example, face-to-face methods of identifying and authenticating patients, providers, or others logging onto a network no longer applies; methods of electronic identification and authentication are required. Likewise, knowing a patient s name or medical-record number from a single provider is not sufficient to unambiguously access that patient s records from other providers or a regional health information organization (RHIO); each entity may be using different numbering schemes or name constructions. Furthermore, demographic information either change over time such as address or are not unique such as SSN and names; the larger the network, the more likely it is that more than one person will have the same name and other demographic data. Finally, compromised data integrity, widespread unauthorized distribution, and other network security attacks are very common for the national health network, new security measures are needed [8]. IT proponents assure us that these challenges can be overcome, but doing so demands new solutions. This paper focused mostly on one component of these new challenges: defining the best electronic patientidentifier system for the purpose of sharing personal health information through a national health network which will improve the privacy and efficiency of the health care system and the quality of healthcare itself. There are these two approaches to accomplish this task (1) statistical matching and (2) Unique Patient Identifier (UPI) [8]. We will discuss each of these two approaches and the advantages and disadvantages of each one.

4 A) Statistical Matching :Statistical matching attempts to integrate enough information about an individual to form a unique key used to locate his/her electronic health record. It strings attributes such as: last name, first name, date of birth (DOB), phone number, address, zip code, and gender. It may also use medical record numbers and all or parts of social security number (SSN). The problem in such key is that some attributes, such as name, DOB, and zip code, are not unique to the individual; others, such as address, may change overtime. As the database of records gets larger, more personal attributes must be added to keep the key unique. A nearly unique and relatively stable attribute, such as SSN, patient identity, and healthcare provider name, may be used to reduce ambiguity in large databases. The difficulty to distinguish between first and last names, the usage of different format, and data entry errors, such as misspellings and number transposition, may also cause ambiguities in linking patient to their records. Searching algorithms used in this approach vary from requiring an exact match on a specific set of attributes or to more advanced probabilistic pattern matching. The development of statistical matching depends on human to clarify questions and reduce ambiguity this is called disambiguation. Advanced algorithms preprocess the health-records database to determine the frequency of every attribute and score the match according to the discriminating ability of the specific attributes of that database. For example, a match of the name Smith typically would not score nearly as well as a match of a less-common name. The scores can be used with threshold values of acceptance and rejection, as well as with regions of possible matches that can be adjudicated by humans. However, setting the acceptance and rejection limits higher or lower affects false positive, false negative, and indeterminate results. Minimizing one type of error comes at the cost of increasing other types of error. B) Unique Patient Identifier :Unique patient identification is a method for linking patients to their electronic medical records that are exist globally in a domain (state, country, region, or world). Unique Patient Identifier (UPI) is a unique, non changing alphanumeric key for each patient that associated with every health record belonging to that patient. Finding the patient s records anywhere within the healthcare system is then a matter of verifying that the patient is the person owning the key (authentication) and asking each healthcare system or provider in the domain whether it has information associated with that key [8]. The American Society for Testing and Materials (ASTM, 2000) Standard Guide lists desirable attributes of a UPI, including that it be: Unique: Each UPI is associated with only one person; different individuals can not share the same UPI; this attribute permits the collection and aggregation of health information into one complete medical record. Non disclosing: This means the UPI should not contain any personal information such as name, address or mobile number. This attribute aims to prevent revealing patient confidential information or data inquiry. The combination of selected personal attributes used in statistical matching violates this attribute. Invariable: The UPI should not change in the person s lifetime (except in case of identity theft or similar problem). This attribute solve the main problem in statistical matching which is the changes in some of the personal attributes, such as name and address, making it difficult to find previous records. Canonical: Each individual should have only one UPI. Multiple UPIs have actually been proposed as a means of giving a patient control of disclosure, but they can also lead to fragmentation of the individual s healthcare data. Verifiable: This aims to validate of the UPI and is done generally through the use of additional check digits numbers that must match some mathematical combination of the UPI s remaining digits without additional information. Verifiability helps to prevent input errors that exist in statistical matching method. Ubiquitous: Every patient should have one. This is difficult to achieve, particularly if participation is voluntary, but the alternative is a hybrid system, in which some patient data cannot be found using a UPI. IV. ERRORS IN LINKING TO ME D IC AL RECORDS There are two types of errors in statistical matching: false positives, in which there is a link to the wrong patient s records, and false negatives, in which not all of a patient s records are found. Figure 1, which is adopted from [8], shows a representation of these types of errors. The horizontal scale shows the score of a particular match. As more and more attributes match and as the match is weighted by its score, or value, the higher is the probability that the patient is correctly matched to that record. A low score indicates a low probability of match (and a high probability that it does not match). It is possible to use a threshold above which the record is assumed to match and below which it is not assumed to match, which leads to the shaded areas above and below the threshold. The area shaded to the right of the threshold is the region corresponding to false positives, or picking up the wrong patient s records. The shaded area to the left of the threshold is the region of false negatives, or the records of the patient that are not picked up because of some non matching personal attributes. Another approach illustrated in this figure is to define a region of ambiguity within which possible matches are tagged for human resolution or disambiguation [8].

5 in many applications, ensuring a low rate of false-positive errors becomes quite difficult in such large databases and UPI became an insisting need to reduce the error. Fig. 1: False positive and false negative errors [8] A) False-Positive Errors Linking to the wrong health information about a patient can cause wrong treatment based on wrong condition, perform wrong operation, serve wrong patient, mistakes on blood types, errors in lab test, or wrong medications and diagnosis. This kind of error is the result of healthcare ID theft, accidental record overlay (more than one distinct individual assigned to the same record), a threshold set too low, or a set of personal attributes used in the search that, in combination, are inadequately unique for the size and nature of the population being examined [8]. An important cause of false positives is the use of an insufficient number of attributes in a search for matches. In [8] an experiment was conducted to illustrate this problem. In this experiment, a large personal-attribute database of 80 million individuals, similar in size to a large RHIO or state-sized records database was used to evaluate false positive errors. First, a 42,000-record subset of this database is used, similar to the size of a small hospital or large clinic. For a random individual, there would be about a 2-in-3 chance (1/1.44) of finding another person s record with the same last name. However, if first name, birth year, and zip code are added, the number of possible false matches is reduced to only one in 3,500 (1/3.5E3). The use of a unique part of the SSN in the stream of keys quickly reduces the probability of a false match to near zero. This, of course, assumes that the keys for matching are entered correctly. When using the larger database of 80 million records, it is a bit more difficult to eliminate false positives. There would be a 98% chance that a false-positive match would occur with just the last name compared to roughly 66% for the small-population analysis in small database, this shows how the false-positive rate is sensitive to factors such as population size. When date of birth is added to the key, the chance of a false positive match drops to 33%. And, finally, after the last four digits of the SSN, the first name, and the zip code have been used to form the composite key, the rate of false positives drops to 1 in 39 million. In conclusion, with enough correct personal-attribute keys, the false positives can be controlled to occur with very low probability. However, eliminating the almost-unique SSN key dramatically increases the false-positive rate. If the database gets much larger, as in an NHIN, additional attributes or some, almost unique, key, such as the SSN, is certainly required to keep this error rate small. If the use of an SSN as a key is ruled out, as it increasingly appears to be B) False-Negative Errors False negative errors imply not finding some of the patient records. They represent a fragmentation of a patient s health history and can lead to missing or incomplete information about medical conditions, previous surgeries, medications, or allergies, which in turn lead to possible life-threatening treatment errors and potential lawsuits. Missing information can also lead to inefficiencies, such as the cost of reordering of diagnostic tests and of delays and errors in treatment. Such inefficiencies have been estimated to cost the healthcare system more than $8 billion annually [3]. It is also much more difficult to analyze patient data for research or clinical quality and process improvement when some of the patient data are not found because of such fragmentation. False negatives may be the result of changing personal attributes, such as name or address; of keying errors; and of changes in format, such as the order of first and last names. All of these situations can cause the recording of some of the patient s data as new records, effectively fragmenting potentially important health information. Another false negative problem is record duplication records are found that falsely appear to be those of another patient when in fact they should be identified as belonging to the reference patient. V. HEALTHCARE SYSTEM IN KSA According to the Ministry of Health in Saudi Arabia, the healthcare system consist of a network of primary healthcare centers and clinics that provide basic and advanced services with some mobile clinics for remote rural areas. The Ministry of Health operates most of the hospitals and the clinics and centers. While the reset remaining facilities are operated by government agencies, including the Ministry of Defense, the National Guard, the Ministry of the Interior, and several other ministries. Some researcher classifies Saudi health care system as a mixture of the American health care system and Canadian system. On other words, there are free government hospitals like in Canada and they have private hospitals for insured and cash paying patients with instant care like America. Since health care is free for Saudi s, the Saudi government forces the companies to provide health insurance for its employees and their families. The quality of health care in Saudi generally can be classified as high and equal to that in some Europe countries, except for highly specialized treatment. In the following section, we will explore a sample case study that demonstrates how much diversity among the current health care provider in KSA. For example, King Saud University delivered health care services through two large University Hospitals; King Abdul-Aziz University Hospital (KAUH) and King Khalid University Hospital (KKUH) in conjunction with two big clinic centers. Both hospitals and clinics provide primary and secondary care services for Saudi

6 patients from Northern Riyadh area with free of including some medications [KSU website]. The current running medical information in the both hospitals and clinics centers used a sequential assignment number for any new patient as shown in figure (2). VI. FRAMEWORK FOR UPI IN KSA With the differences and specific nature of the proposed UPI system, we developed the UPI system process framework. An overview of the UPI process framework is visualized in figure (5). Our framework copes with different issues raised from related work section. The UPI process framework can be seen as three managerial levels; the strategic, tactical and operational level. For each level, processes are designed consisting of relevant activities and the relations between activities and the data produced in the activities can be achieved through SOA web service. Fig. 2. Health care card from King Khalid University Fig.3. Health care card from National Guard Fig. 5. UPI Process Framework Fig.4. Health care card from King Saud University As shown in figure (2), there is NO patient number but the name of the patient and identification number is given by adding the last patient ID number with 1. Another sever problem is some patient can have been treated in either/both hospital(s) and/or some clinic center, that patient can have a different ID number in all different location. Therefore, there is NO way for physician to electronically access the patient information expect through printed report carried by the patient or by his family. The same situation or close exists in the second big hospital in Riyadh, National Guard- Health affairs. Figure (2) shows the patient ID for National Guard hospital at Riyadh branch. Since National Guard has many hospitals scattered around big cities in KSA, the patient identification consist of the first three letters of hospital name and the remaining is numeric number represent the sequential number given by the medical information system as shown in figure (3). Figure (4) shows the patient ID for King Saud University and the patient identification consist of 10 digits that represent the sequence number and a bar code that contain all the patient information such as nationality, gender, incurrence class, and a file number. The main features of the required portal management system should contains the following features : Front End and Back End for end-user and administration management, Configuration Settings for website control, Access Rights for providing hierarchy authorities, Content for content management, Templates for providing an editable visual format of the content, Extensions for future growth and changing requirements of functionality, Multilingual front end, Simple workflow system, and Administration interface that is separated from the portal homepage. Figure (6) shows a schema for the proposed solution, the schema can seen as integration among different medical information system with portal that comply with web medical content management system. The proposed portal will store and update the UPI through a secure database system for further search and to keep track of UPI usage.

7 [6] Catherine Quantin, Franc ois-andr e Allaert, Paul Avillach, Maniane Fassa, Benoˆıt Riandey, Gilles Trouessin, and Olivier Cohen, Building Application-Related Patient Identifiers: What Solution for a European Country?, International Journal of Telemedicine and Applications Volume 2008, Article ID , 5 pages, doi: /2008/ [7] D.C. Leonard, Alex P. Pons, and Shihab Asfour, Realization of a Universal Patient Identifier for Electronic Medical Records Through Biometric Technology, IEEE transaction on information technology in biomedicine, vol. 13, no 4, July [8] RAND Corporation, Identity Crisis: An Examination of the Costs and Benefits of a Unique Patient Identifier for the U.S. Health care System, RAND Health, Fig. 6. Schema for the proposed Solution. VII. CONCLUSIONS AND FUTURE WORK Faced with many challenges of existing architectures, a growing number of organizations have taken on a private cloud approach, using server virtualization to simulate ondemand services. This hybrid approach or cloud-like solutions can help alleviate some of this performance, security, and other challenges but at a significant cost, time, and resource expenditure. The other important aspect of this cloud computing alternative is reviewing the cultural impact of moving data and clinical applications to the cloud. Like businesses in other industries, there is a natural predisposition for physician practices and healthcare organizations wanting to own and have physical control over their data. Securing applications in the cloud is limited due to the difficulty in guaranteeing effective data security and integrity controls. In a traditional environment, the ability to layer stronger authentication, access control, and auditing capabilities exists because of defined network layers. By contrast, these defined network layers don t exist in a public cloud environment. Data restoration presents another limitation as restoring data from a backup (determining what needs to be restored, from where and deposited to) can be challenging. REFERENCES [1] Paul Carpenter and Christopher Chute, The Universal Patient Identifier- A Discussion and Proposal, Proc Annu Symp Comput Appl Med Care. 1993: [2] B. R. Hieb, A proposal for a national health care identifier, Proc Annu Symp Comput Appl Med Care. 1994: PMCID: PMC [3]. Kohane, H. Dong, and P. Szolovits, Health information identification and de-identification toolkit., Proc AMIA Symp. 1998: PMCID: PMC [4] Betsy L. Humphreys, Electronic Health Record Meets Digital Library: A New Environment for Achieving an Old Goal., J Am Med Inform Assoc Sep Oct; 7(5): PMCID: PMC [5] Emilio Mordini, MD, DPhil, Biometric Identification Technology Ethics (BITE), FINAL SCIENTIFIC REPORT, Centre for Science, Society and Citizenship Piazza Capo di Ferro Rome IT, February 2007.

Towards Integrating National Electronic Care Records in Saudi Arabia

Towards Integrating National Electronic Care Records in Saudi Arabia Towards Integrating National Electronic Care Records in Saudi Arabia Mohammed Alnuem, Samir EL-Masri, Ahmed Youssef, Ahmed Emam Department of Information Systems, King Saud University, Riyadh, KSA Abstract

More information

Identity Management. An overview of the CareEvolution RHIO Technology Platform s Identity Management (record linking) service

Identity Management. An overview of the CareEvolution RHIO Technology Platform s Identity Management (record linking) service Identity Management An overview of the CareEvolution RHIO Technology Platform s Identity Management (record linking) service CareEvolution, Inc. All Rights Reserved. All logos, brand and product names

More information

For More Information

For More Information THE ARTS CHILD POLICY CIVIL JUSTICE EDUCATION ENERGY AND ENVIRONMENT This PDF document was made available from www.rand.org as a public service of the RAND Corporation. Jump down to document6 HEALTH AND

More information

ANALYSIS OF UNIQUE PATIENT IDENTIFIER OPTIONS

ANALYSIS OF UNIQUE PATIENT IDENTIFIER OPTIONS ANALYSIS OF UNIQUE PATIENT IDENTIFIER OPTIONS FINAL REPORT November 24, 1997 Prepared for THE DEPARTMENT OF HEALTH AND HUMAN SERVICES by Soloman I. Appavu Table of Contents Part One: Executive Summary..........................................

More information

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Health Information Technology/Informatics (Policy Number)

Health Information Technology/Informatics (Policy Number) The American Society For Clinical Pathology Policy Statement Health Information Technology/Informatics (Policy Number) Policy Statement: ASCP supports the implementation of standardized health information

More information

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based

More information

Data Quality and Interoperability of Identity Data in the Veterans Health Administration

Data Quality and Interoperability of Identity Data in the Veterans Health Administration Data Quality and Interoperability of Identity Data in the Veterans Health Administration ABSTRACT The mission of the Veterans Health Administration (VHA) is to Honor America s Veterans by providing exceptional

More information

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of

More information

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and

More information

A Study on Secure Electronic Medical DB System in Hospital Environment

A Study on Secure Electronic Medical DB System in Hospital Environment A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133

More information

PaperClip Incorporated 3/7/06; Rev 9/18/09. PaperClip Compliant Email Service Whitepaper

PaperClip Incorporated 3/7/06; Rev 9/18/09. PaperClip Compliant Email Service Whitepaper Incorporated 3/7/06; Rev 9/18/09 PaperClip Compliant Email Service Whitepaper Overview The FTC Safeguard Rules require Financial, Insurance and Medical providers to protect their customer s private information

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Chapter 15 The Electronic Medical Record

Chapter 15 The Electronic Medical Record Chapter 15 The Electronic Medical Record 8 th edition 1 Lesson 15.1 Introduction to the Electronic Medical Record Define, spell, and pronounce the terms listed in the vocabulary. Discuss the presidential

More information

Harmonized Use Case for Electronic Health Records (Laboratory Result Reporting) March 19, 2006

Harmonized Use Case for Electronic Health Records (Laboratory Result Reporting) March 19, 2006 Harmonized Use Case for Electronic Health Records (Laboratory Result Reporting) March 19, 2006 Office of the National Coordinator for Health Information Technology (ONC) Table of Contents American Health

More information

The Role of Password Management in Achieving Compliance

The Role of Password Management in Achieving Compliance White Paper The Role of Password Management in Achieving Compliance PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com

More information

HIPAA Audit Risk Assessment - Risk Factors

HIPAA Audit Risk Assessment - Risk Factors I II Compliance Compliance I Compliance II SECTION ONE COVERED ENTITY RESPONSIBILITIES AREA ONE Notice of Privacy Practices 1 Is your full notice of privacy practices given to every new patient in your

More information

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals HIPAA for HIT and EHRs Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals Donald Bechtel, CHP Siemens Health Services Patient Privacy Officer Fair Information Practices

More information

Heuristic Walkthrough Usability Evaluation of Electronic Health Record with a Proposed Security Architecture

Heuristic Walkthrough Usability Evaluation of Electronic Health Record with a Proposed Security Architecture Heuristic Walkthrough Usability Evaluation of Electronic Health Record with a Proposed Prajakta Pawar, Sushopti Gawade Abstract: There currently appears to be concerted efforts at national (HSE) Regional

More information

Medical Information Systems

Medical Information Systems Medical Information Systems Introduction The introduction of information systems in hospitals and other medical facilities is not only driven by the wish to improve management of patient-related data for

More information

Access Control patient centric selective sharing Emergency Access Information Exchange

Access Control patient centric selective sharing Emergency Access Information Exchange Electronic Health Record Software Required Security Features and Recommendations for Technical Specifications of Single Source Contracts and RFI for the Behavioral Health Information Technology Grant Scope:

More information

Medical Informatics An Overview Saudi Board For Community Medicine

Medical Informatics An Overview Saudi Board For Community Medicine Medical Informatics An Overview Saudi Board For Community Medicine Ahmed AlBarrak PhD Medical Informatics Associate Professor of Health Informatics, Family & Community Med, Chairman, Medical Informatics,

More information

Achieving meaningful use of healthcare information technology

Achieving meaningful use of healthcare information technology IBM Software Information Management Achieving meaningful use of healthcare information technology A patient registry is key to adoption of EHR 2 Achieving meaningful use of healthcare information technology

More information

HEALTH IT! LAW & INDUSTRY

HEALTH IT! LAW & INDUSTRY A BNA, INC. HEALTH IT! LAW & INDUSTRY Meaningful Use REPORT VOL. 2, NO. 15 APRIL 12, 2010 BNA Insights: Toward Achieving Meaningful Use: HHS Establishes Certification Criteria for Electronic Health Record

More information

Version: January 2008 ASTM E-31: EHR and Informatics Standards Education For Health Professional Disciplines. Background

Version: January 2008 ASTM E-31: EHR and Informatics Standards Education For Health Professional Disciplines. Background Version: January 2008 ASTM E-31: EHR and Informatics Standards Education For Health Professional Disciplines Background Work on standards for the EHR in the context of all such standards for the Health

More information

Identity: The Key to the Future of Healthcare

Identity: The Key to the Future of Healthcare Identity: The Key to the Future of Healthcare Chief Medical Officer Anakam Identity Services July 14, 2011 Why is Health Information Technology Critical? Avoids medical errors. Up to 98,000 avoidable hospital

More information

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority

More information

ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS

ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS ImpostorMaps is a methodology developed by Auraya and available from Auraya resellers worldwide to configure,

More information

HIPAA and Network Security Curriculum

HIPAA and Network Security Curriculum HIPAA and Network Security Curriculum This curriculum consists of an overview/syllabus and 11 lesson plans Week 1 Developed by NORTH SEATTLE COMMUNITY COLLEGE for the IT for Healthcare Short Certificate

More information

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security

More information

Healthcare Delivery. Transforming. through Mobility Solutions. A Solution White Paper - version 1.0

Healthcare Delivery. Transforming. through Mobility Solutions. A Solution White Paper - version 1.0 Transforming Healthcare Delivery through Mobility Solutions A Solution White Paper - version 1.0 HTC Global Services HTC Towers, No. 41, GST Road, Guindy, Chennai - 600 032, India. Ph: +91 44 4345 3500

More information

2.2 The Security of Electronic Medical Records (EMR) DOH, the Executive Yuan August 19, 2009

2.2 The Security of Electronic Medical Records (EMR) DOH, the Executive Yuan August 19, 2009 Topic 2: Privacy Protection and Ensuring Security of Network Applications or Services 2.2 The Security of Electronic Medical Records (EMR) DOH, the Executive Yuan August 19, 2009 1 Agenda 1. The Vision

More information

Framework for Biometric Enabled Unified Core Banking

Framework for Biometric Enabled Unified Core Banking Proc. of Int. Conf. on Advances in Computer Science and Application Framework for Biometric Enabled Unified Core Banking Manohar M, R Dinesh and Prabhanjan S Research Candidate, Research Supervisor, Faculty

More information

CA Technologies Healthcare security solutions:

CA Technologies Healthcare security solutions: CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA

More information

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority

More information

Alaa Hussein Al-Hamami, Jalal Yousef AL-Juneidi Department of Computer Sciences and Informatics Amman Arab University Amman, Jordan

Alaa Hussein Al-Hamami, Jalal Yousef AL-Juneidi Department of Computer Sciences and Informatics Amman Arab University Amman, Jordan World of Computer Science and Information Technology Journal (WCSIT) ISSN: 2221-0741 Vol. 5, No. 2, 23-27, 2015 Secure Mobile Cloud Computing Based-On Fingerprint Alaa Hussein Al-Hamami, Jalal Yousef AL-Juneidi

More information

HEALTH INFORMATION TECHNOLOGY*

HEALTH INFORMATION TECHNOLOGY* GLOSSARY of COMMON TERMS and ACRONYMS In HEALTH INFORMATION TECHNOLOGY* (April 2011) AHIC American Health Information Community The AHIC was a federal advisory panel created by HHS to make recommendations

More information

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009 WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009 Current Laws: It is unlawful to intentionally use or attempt

More information

HIPAA COMPLIANCE AND

HIPAA COMPLIANCE AND INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Emerging Trends in Health Information Technology: Personal Health Record(PHR) uphr. Nazir Ahmed Vaid ehealth Services (Pvt) Ltd.

Emerging Trends in Health Information Technology: Personal Health Record(PHR) uphr. Nazir Ahmed Vaid ehealth Services (Pvt) Ltd. Emerging Trends in Health Information Technology: Personal Health Record(PHR) uphr Nazir Ahmed Vaid ehealth Services (Pvt) Ltd. April 26 2012 PROJECT GOALS Design universal health data accessibility on

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Securing e-government Web Portal Access Using Enhanced Two Factor Authentication

Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Ahmed Arara 1, El-Bahlul Emhemed Fgee 2, and Hamdi Ahmed Jaber 3 Abstract This paper suggests an advanced two-factor authentication

More information

Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing

Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 11 No: 05 41 Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing Abstract-- It has been widely observed

More information

Securing Data on Portable Media. www.roxio.com

Securing Data on Portable Media. www.roxio.com Securing Data on Portable Media www.roxio.com Contents 2 Contents 3 Introduction 4 1 The Importance of Data Security 5 2 Roxio Secure 5 Security Means Strong Encryption 6 Policy Control of Encryption 7

More information

System of Systems to Provide Quality of Service Monitoring, Management and Response in Cloud Computing Environments

System of Systems to Provide Quality of Service Monitoring, Management and Response in Cloud Computing Environments System of Systems to Provide Quality of Service Monitoring, Management and Response in Cloud Computing Environments July 16-19, 2012 Paul C. Hershey 1 Shrisha Rao 2 Charles B. Silio, Jr. 3 Akshay Narayan

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

De-duplication The Complexity in the Unique ID context

De-duplication The Complexity in the Unique ID context De-duplication The Complexity in the Unique ID context 1. Introduction Citizens in India depend on the Government for various services at various stages of the human lifecycle. These services include issuance

More information

Compliance Cost Associated with the Storage of Unstructured Information

Compliance Cost Associated with the Storage of Unstructured Information Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report

More information

20. Exercise: CERT participation in incident handling related to Article 4 obligations

20. Exercise: CERT participation in incident handling related to Article 4 obligations CERT Exercises Handbook 241 241 20. Exercise: CERT participation in incident handling related to Article 4 obligations Main Objective Targeted Audience Total Duration This exercise provides students with

More information

EMC PERSPECTIVE. The Private Cloud for Healthcare Enables Coordinated Patient Care

EMC PERSPECTIVE. The Private Cloud for Healthcare Enables Coordinated Patient Care EMC PERSPECTIVE The Private Cloud for Healthcare Enables Coordinated Patient Care Table of Contents A paradigm shift for Healthcare IT...................................................... 3 Cloud computing

More information

Canada Health Infoway

Canada Health Infoway Canada Health Infoway EHR s in the Canadian Context June 7, 2005 Mike Sheridan, COO Canada Health Infoway Healthcare Renewal In Canada National Healthcare Priorities A 10-year Plan to Strengthen Healthcare

More information

Susan J Hyatt President and CEO HYATTDIO, Inc. Lorraine Fernandes, RHIA Global Healthcare Ambassador IBM Information Management

Susan J Hyatt President and CEO HYATTDIO, Inc. Lorraine Fernandes, RHIA Global Healthcare Ambassador IBM Information Management Accurate and Trusted Data- The Foundation for EHR Programs Susan J Hyatt President and CEO HYATTDIO, Inc. Lorraine Fernandes, RHIA Global Healthcare Ambassador IBM Information Management Healthcare priorities

More information

TEPR Voluntary Universal Identifier Pipe Dream or Panacea?

TEPR Voluntary Universal Identifier Pipe Dream or Panacea? TEPR Voluntary Universal Identifier Pipe Dream or Panacea? Wednesday May 21, 2008 Deborah C. Peel, MD Definition of Privacy Health information privacy is an individual's right to control the acquisition,

More information

Li Xiong, Emory University

Li Xiong, Emory University Healthcare Industry Skills Innovation Award Proposal Hippocratic Database Technology Li Xiong, Emory University I propose to design and develop a course focused on the values and principles of the Hippocratic

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Biometric Authentication Platform for a Safe, Secure, and Convenient Society 472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.

More information

Journal of Electronic Banking Systems

Journal of Electronic Banking Systems Journal of Electronic Banking Systems Vol. 2015 (2015), Article ID 614386, 44 minipages. DOI:10.5171/2015.614386 www.ibimapublishing.com Copyright 2015. Khaled Ahmed Nagaty. Distributed under Creative

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information

Paper vs. Electronic Records White Paper

Paper vs. Electronic Records White Paper WEDi - Strategic National Implementation Process (SNIP) Paper vs. Electronic Records White Paper SNIP Paper vs. Electronic White Paper Final Version April 2003 SNIP Security and Privacy Workgroup Workgroup

More information

Integration of Distributed Healthcare Records: Publishing Legacy Data as XML Documents Compliant with CEN/TC251 ENV13606

Integration of Distributed Healthcare Records: Publishing Legacy Data as XML Documents Compliant with CEN/TC251 ENV13606 Integration of Distributed Healthcare Records: Publishing Legacy Data as XML Documents Compliant with CEN/TC251 ENV13606 J.A. Maldonado, M. Robles, P. Crespo Bioengineering, Electronics and Telemedicine

More information

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Briefing W. Frisch 1 Outline Digital Identity Management Identity Theft Management

More information

TOP SECRETS OF CLOUD SECURITY

TOP SECRETS OF CLOUD SECURITY TOP SECRETS OF CLOUD SECURITY Protect Your Organization s Valuable Content Table of Contents Does the Cloud Pose Special Security Challenges?...2 Client Authentication...3 User Security Management...3

More information

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM Chandramohan Muniraman, Meledath Damodaran, Amanda Ryan University of Houston-Victoria Abstract As in any information management system security

More information

Ability to view, download, or print a "Continuity of Care Document" or "Health Summary".

Ability to view, download, or print a Continuity of Care Document or Health Summary. The Salina Pediatric Care patient portal offers secure viewing and communication as a service to patients who wish to view parts of their records and communicate with our staff. This can be a valuable

More information

Guide to Taking Control of Your Healthcare

Guide to Taking Control of Your Healthcare Guide to Taking Control of Your Healthcare Why Personal Health Records Empower a Healthier America Taking Control of Your Healthcare Guide to taking control of your healthcare Why Personal Health Records

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL ...The auditor general shall conduct post audits of financial transactions and accounts of the state and of

More information

Secure communications via IdentaDefense

Secure communications via IdentaDefense Secure communications via IdentaDefense How vulnerable is sensitive data? Communication is the least secure area of digital information. The many benefits of sending information electronically in a digital

More information

Orbiter Series Service Oriented Architecture Applications

Orbiter Series Service Oriented Architecture Applications Workshop on Science Agency Uses of Clouds and Grids Orbiter Series Service Oriented Architecture Applications Orbiter Project Overview Mark L. Green mlgreen@txcorp.com Tech-X Corporation, Buffalo Office

More information

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely

More information

The American Academy of Ophthalmology Adopts SNOMED CT as its Official Clinical Terminology

The American Academy of Ophthalmology Adopts SNOMED CT as its Official Clinical Terminology The American Academy of Ophthalmology Adopts SNOMED CT as its Official Clinical Terminology H. Dunbar Hoskins, Jr., M.D., P. Lloyd Hildebrand, M.D., Flora Lum, M.D. The road towards broad adoption of electronic

More information

Self-Service SOX Auditing With S3 Control

Self-Service SOX Auditing With S3 Control Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

Case Studies. Table of Contents

Case Studies. Table of Contents Table of Contents 1 Integration with an Oncology EMR and an External Billing System 3 2 Automated Patient Portal 4 3 Client Scheduling 5 4 Client Server based EMR 6 Version 0.0 Page 2 of 8 1 INTEGRATION

More information

Instructions. There are two documents that must be completed in order for your VSAS application to be considered complete.

Instructions. There are two documents that must be completed in order for your VSAS application to be considered complete. Instructions There are two documents that must be completed in order for your VSAS application to be considered complete. Read these instructions carefully. 1. Immunization Form: Please have this form

More information

HIMSS Interoperability Showcase 2011

HIMSS Interoperability Showcase 2011 Interoperability will bind together a wide network of real-time life critical data that not only transform but become healthcare. Health Information Interoperability Challenges Healthcare and healthcare

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Image Enabled EMR / EHR

Image Enabled EMR / EHR Image Enabled EMR / EHR A strategic approach to EMR integration and interoperability for diagnostic imaging and related reports The Challenge: In healthcare, imaging is routinely used as a tool for patient

More information

Using Electronic Systems for Document Management in Economic Entities

Using Electronic Systems for Document Management in Economic Entities Informatica Economică, nr. 1 (41)/2007 27 Using Electronic Systems for Document Management in Economic Entities Anca MEHEDINŢU, Cerasela PÎRVU, Ion BULIGIU Faculty of Economic and Business Administration,

More information

The Electronic Medical Record (EMR)

The Electronic Medical Record (EMR) Journal of Applied Medical Sciences, vol. 2, no. 2, 2013, 79-85 ISSN: 2241-2328 (print version), 2241-2336 (online) Scienpress Ltd, 2013 The Electronic Medical Record (EMR) PeterChris Okpala 1 Abstract

More information

Overvie w of Data. Points to Ponder

Overvie w of Data. Points to Ponder 1 Overvie w of Data Anonymiz ation Points to Ponder What is data anonymization? What are the drivers for data anonymization? Here are some startling statistics on security incidents and private data breaches:

More information

Dynamic Query Updation for User Authentication in cloud Environment

Dynamic Query Updation for User Authentication in cloud Environment Dynamic Query Updation for User Authentication in cloud Environment Gaurav Shrivastava 1, Dr. S. Prabakaran 2 1 Research Scholar, Department of Computer Science, SRM University, Kattankulathur, Tamilnadu,

More information

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used? esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents

More information

The Need for Service Catalog Design in Cloud Services Development

The Need for Service Catalog Design in Cloud Services Development The Need for Service Catalog Design in Cloud Services Development The purpose of this document: Provide an overview of the cloud service catalog and show how the service catalog design is an fundamental

More information

INFORMATION TECHNOLOGIES FOR PATIENT CARE MANAGEMENT

INFORMATION TECHNOLOGIES FOR PATIENT CARE MANAGEMENT SUMMARY Features INTERIN Technology, a complex of software tools and techniques for building health care information systems, was developed in the Program Systems Institute, Russian Academy of Sciences.

More information

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Two-Factor Authentication over Mobile: Simplifying Security and Authentication SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table

More information

Healthcare IT R Systems Expertise

Healthcare IT R Systems Expertise Healthcare IT R Systems Expertise Overview- Healthcare IT Solutions & Services R Systems helps healthcare service providers deliver effective and timely care and comply with security compliances through

More information

Practice management system criteria checklist

Practice management system criteria checklist Practice management system criteria checklist The American Medical Association (AMA) and Medical Group Management Association (MGMA) have created the following checklist as a starting point for assessing

More information

Cloud Computing System for Integrated Electronic Health Records

Cloud Computing System for Integrated Electronic Health Records Cloud Computing System for Integrated Electronic Health Records Hebah Mirza and Samir El-Masri Department of Information Systems, College of Computer and Information Sciences / King Saud University, Riyadh,

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Blueprint 2020: Key Interface Requirements to Develop a Knowledge Sharing Infrastructure for the Public Service Workplace

Blueprint 2020: Key Interface Requirements to Develop a Knowledge Sharing Infrastructure for the Public Service Workplace December 06 2015 Blueprint 2020: Key Interface Requirements to Develop a Knowledge Sharing Infrastructure for the Public Service Workplace Main Text Word Count: 2,327 Matthew Fallon, Sanwara Bilkis, Connor

More information

Microcontroller Based Smart ATM Access & Security System Using Fingerprint Recognition & GSM Technology

Microcontroller Based Smart ATM Access & Security System Using Fingerprint Recognition & GSM Technology Microcontroller Based Smart ATM Access & Security System Using Fingerprint Recognition & GSM Technology Bharath K M, Rohit C V Student of B.E Electronics and Communication Coorg Institute of Technology,

More information

North Shore LIJ Health System, Inc. Facility Name

North Shore LIJ Health System, Inc. Facility Name North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: The Medical Record POLICY #: 200.10 Approval Date: 2/14/13 Effective Date: Prepared by: Elizabeth Lotito, HIM Project Manager ADMINISTRATIVE

More information

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 4, April 2014,

More information

Voice Documentation in HIPAA Compliance

Voice Documentation in HIPAA Compliance Voice Documentation in HIPAA Compliance An OAISYS White Paper Americas Headquarters OAISYS 7965 South Priest Drive, Suite 105 Tempe, AZ 85284 USA www.oaisys.com (480) 496-9040 CONTENTS 1 Introduction 2

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10 HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information