Medical Data: It’s Only Sensitive If It Hurts When You Touch It Daniel Masys, M.D. Director of Biomedical Informatics UCSD School of Medicine Professor.

Medical Data:Medical Data:It’s Only SensitiveIt’s Only Sensitive

If It Hurts When You Touch If It Hurts When You Touch It It

Daniel Masys, M.D.Daniel Masys, M.D.Director of Biomedical InformaticsDirector of Biomedical Informatics

UCSD School of MedicineUCSD School of Medicine

Professor of MedicineProfessor of Medicine

[email protected]@ucsd.edu

PORTIA Sensitive Data Workshop

TopicsTopics

• A brief history of confidentiality and A brief history of confidentiality and information security in healthcare: information security in healthcare: Hippocrates to HIPAAHippocrates to HIPAA

• Security vulnerabilities in healthcare Security vulnerabilities in healthcare settingssettings

• Why is this so hard to do?Why is this so hard to do?• Models for medical information Models for medical information

accessaccess

““What I may see or hear What I may see or hear in the course of treatment in the course of treatment

or even outside of the treatment or even outside of the treatment in regard to the life of men, in regard to the life of men,

which on no account one must spread which on no account one must spread abroad, I will keep to myself abroad, I will keep to myself

holding such things holding such things shameful to be spoken about.”shameful to be spoken about.”

- Hippocrates- Hippocrates

Professional EthicsProfessional Ethics

• AMA Principles of Medical Ethics (sect. AMA Principles of Medical Ethics (sect. 4, 1920 edition): 4, 1920 edition): “A physician shall “A physician shall respect the rights of patients…, and respect the rights of patients…, and shall safeguard patient confidences shall safeguard patient confidences within the constraints of the law”within the constraints of the law”

• Many state medical boards Many state medical boards incorporated professional society incorporated professional society ethics codes into medical practice actsethics codes into medical practice acts

Legal ContextLegal Context

• Right to control one’s bodily Right to control one’s bodily integrityintegrity

• Right to control one’s interpersonal Right to control one’s interpersonal relationshipsrelationships

• Utility or instrumental value is trust Utility or instrumental value is trust between patient and physician.between patient and physician.

HIPAA RulesHIPAA Rules(Health Insurance Portability and Accountability Act of (Health Insurance Portability and Accountability Act of

1996)1996)• 1996 Health Privacy Legislation with 1999 1996 Health Privacy Legislation with 1999

Congressional action deadlineCongressional action deadline• Congress failed to enact legislationCongress failed to enact legislation• Secretary of HHS required to issue regulations for Secretary of HHS required to issue regulations for

medical data privacy and securitymedical data privacy and security• ““Covered entities” compliance with Privacy Rule Covered entities” compliance with Privacy Rule

effective April, 2003, small health plans by April effective April, 2003, small health plans by April 20042004

• Compliance with HIPAA Security Rule for Compliance with HIPAA Security Rule for electronic systems containing Protected Health electronic systems containing Protected Health Information (PHI) required April, 2005Information (PHI) required April, 2005

HIPAA, not HIPPA :-)HIPAA, not HIPPA :-)

““Misspelling is not a violation of the Rule”Misspelling is not a violation of the Rule” Director, US Office of Civil RightsDirector, US Office of Civil Rights Speaking at UCSD, 2/5/03Speaking at UCSD, 2/5/03

HIPAA DefinitionsHIPAA Definitions• Health informationHealth information means any means any

information, whether oral or recorded in information, whether oral or recorded in any form or medium, that:any form or medium, that:1) Is 1) Is created or receivedcreated or received by a health care by a health care provider…, and;provider…, and;2) 2) Relates to past, present, or future Relates to past, present, or future physical or mental health or condition of physical or mental health or condition of an individualan individual…or provision of health …or provision of health care..or payment for provision of health care..or payment for provision of health care.care.

HIPAA definitionsHIPAA definitions• ““Covered entity” - organization responsible Covered entity” - organization responsible

for HIPAA compliance. for HIPAA compliance. • Protected Health Information (PHI) - Protected Health Information (PHI) -

information generated in the course of information generated in the course of providing healthcare that can be uniquely providing healthcare that can be uniquely linked to themlinked to them

• Information “use” = use within organizationInformation “use” = use within organization• Information “disclosure” = release outside of Information “disclosure” = release outside of

organizationorganization

• Gives individuals the right to:Gives individuals the right to:– A written notice of information practices A written notice of information practices

from health plans and providers from health plans and providers – Inspect and copy their Protected Health InfoInspect and copy their Protected Health Info– Obtain a record of disclosuresObtain a record of disclosures– Request amendments to their medical Request amendments to their medical

recordsrecords– Have reasonable requests for confidential Have reasonable requests for confidential

communications accommodatedcommunications accommodated– Request restrictions on uses and disclosuresRequest restrictions on uses and disclosures– Complain about violations to the covered Complain about violations to the covered

entity and to HHSentity and to HHS

Overview of effects of Overview of effects of HIPAA Privacy Rule HIPAA Privacy Rule

• Requires covered entities to:Requires covered entities to:– Make a good faith effort to get signed acknowledgement of Make a good faith effort to get signed acknowledgement of

information practices related to Protected Health Information information practices related to Protected Health Information (PHI) used in treatment, payment and operations (TPO)(PHI) used in treatment, payment and operations (TPO)

– Obtain authorization for special additional uses of PHIObtain authorization for special additional uses of PHI– Designate a privacy officialDesignate a privacy official– Develop policies and procedures (including receiving Develop policies and procedures (including receiving

complaints)complaints)– Provide privacy training to their workforceProvide privacy training to their workforce– Develop a system of sanctions for employees who violate the Develop a system of sanctions for employees who violate the

entity’s policiesentity’s policies– Meet documentation requirementsMeet documentation requirements– Implement appropriate administrative, technical, & physical Implement appropriate administrative, technical, & physical

safeguards to protect privacysafeguards to protect privacy

Overview of effects of Overview of effects of HIPAA Privacy Rule HIPAA Privacy Rule

The ‘spirit’of HIPAAThe ‘spirit’of HIPAA

• Protected Health Information (PHI = person Protected Health Information (PHI = person identifiable) must be managed with the identifiable) must be managed with the same attention to consent for use, access same attention to consent for use, access control, and documentation of actions control, and documentation of actions performed as are currently applied to performed as are currently applied to physical objects such as tissue.physical objects such as tissue.

• Access to PHI is based on the general Access to PHI is based on the general principle of “need to know” and “minimum principle of “need to know” and “minimum necessary” rather than professional rolenecessary” rather than professional role

HIPAA Round 2:HIPAA Round 2:the Security Rulethe Security Rule

OverviewOverview

• Affects HIPAA Covered Entities that Affects HIPAA Covered Entities that maintain Protected Health maintain Protected Health Information (PHI) in electronic formInformation (PHI) in electronic form

• Directs CE’s to ‘develop, Directs CE’s to ‘develop, implement, maintain, and implement, maintain, and document’ security measures, and document’ security measures, and keep them current.keep them current.

Security Rule: Basic Security Rule: Basic ConceptsConcepts

• Scalable: burden relative to size and Scalable: burden relative to size and complexity of healthcare organizationcomplexity of healthcare organization

• Not linked to specific technologies, Not linked to specific technologies, and anticipates future changes in and anticipates future changes in technologytechnology

• Unlike Privacy Rule, affects only Unlike Privacy Rule, affects only electronic informationelectronic information

• Applies security principles well Applies security principles well established in other industriesestablished in other industries

HIPAA Security RuleHIPAA Security RuleFunctional areasFunctional areas

• Information AvailabilityInformation Availability• Protection against unauthorized:Protection against unauthorized:

– AccessAccess– AlterationAlteration– DeletionDeletion– TransmissionTransmission

• Monitoring (audit trails)Monitoring (audit trails)

Covered entities are required to:Covered entities are required to:

• Assess potential risks and vulnerabilities Assess potential risks and vulnerabilities • Protect against threats to information Protect against threats to information

security or integrity, and against security or integrity, and against unauthorized use or disclosure unauthorized use or disclosure

• Implement and maintain security Implement and maintain security measures that are appropriate to their measures that are appropriate to their needs, capabilities and circumstances needs, capabilities and circumstances

• Ensure compliance with these Ensure compliance with these safeguards by all staff safeguards by all staff

Security Vulnerabilities in Security Vulnerabilities in Healthcare SettingsHealthcare Settings

• Unintentional disclosuresUnintentional disclosures• Well-intentioned but inappropriate Well-intentioned but inappropriate

employee behavioremployee behavior• Disgruntled employeesDisgruntled employees• Self-insured employersSelf-insured employers• ? Competitors? Competitors• VIP patientsVIP patients• HackersHackers• Data miningData mining

Ethnicity

Visit date

Diagnosis

Procedure

Medication

Total charge

ZIP

Birth date

Sex

Name

Address

Date registered

Party affiliation

Date last voted

“Anonymous”

Medicare Data

Voter List

Data mining as Data mining as confidentiality threatconfidentiality threat

Latanya Sweeney, MIT, 1997

Birth date alone 12% Birth date & gender 29% Birth date & 5-digit ZIP 69% Birth date & full postal code 97%

Birth date includes month, day and year. Total 54,805 voters.

Uniqueness in Cambridge Uniqueness in Cambridge votersvoters

Information Security Information Security ElementsElements

• AvailabilityAvailability - when and where needed- when and where needed• AuthenticationAuthentication -a person or system is who they purport -a person or system is who they purport

to be (preceded by Identification)to be (preceded by Identification)• Access ControlAccess Control - only authorized persons, for - only authorized persons, for

authorized usesauthorized uses• ConfidentialityConfidentiality - no unauthorized information disclosure - no unauthorized information disclosure• IntegrityIntegrity - Information content not alterable except - Information content not alterable except

under authorized circumstancesunder authorized circumstances• Attribution/non-repudiationAttribution/non-repudiation - actions taken are reliably - actions taken are reliably

traceabletraceable

Why is this so hard in Why is this so hard in healthcare contexts?healthcare contexts?

1.1. The nature of biomedical dataThe nature of biomedical data

The nature of biomedical The nature of biomedical datadata

• Variable levels of sensitivity; “sensitive” is Variable levels of sensitivity; “sensitive” is in the eye of multiple beholders, and highly in the eye of multiple beholders, and highly context-dependentcontext-dependent

• No bright line between person-identifiable No bright line between person-identifiable and “anonymous” dataand “anonymous” data– So inherently rich in attributes that re-So inherently rich in attributes that re-

identification potential never reaches zeroidentification potential never reaches zero

• Genome as Future Diary: An individual’s Genome as Future Diary: An individual’s medical data may have implications for medical data may have implications for other family members who have much other family members who have much different values and preferences, and for different values and preferences, and for future generationsfuture generations

Why is this so hard?Why is this so hard?


2.2. Complex interpersonal and Complex interpersonal and organizational roles with respect to organizational roles with respect to datadata

Complex roles: entities with Complex roles: entities with justifiable (and variable) rights to justifiable (and variable) rights to

medical datamedical data• First order role definitions: First order role definitions:

– Provider, Patient, Payer, “Society”Provider, Patient, Payer, “Society”

• Second order: Second order: – Providers: primary vs. consultant provider, Providers: primary vs. consultant provider,

ancillary support staffancillary support staff– Patient: self, family, legally authorized repsPatient: self, family, legally authorized reps– Payer: billing staff and subcontractors, Payer: billing staff and subcontractors,

clearinghouses, insurersclearinghouses, insurers– Society: public health agencies, state Society: public health agencies, state

medical boards, law enforcement agenciesmedical boards, law enforcement agencies

Complex roles: entities with Complex roles: entities with justifiable (and variable) rights to justifiable (and variable) rights to

medical datamedical data• Third order: Third order:

– Providers: internal and external QA Providers: internal and external QA entities (peer review, JCAHO), sponsors entities (peer review, JCAHO), sponsors of clinical researchof clinical research

– Patient: community support groups, Patient: community support groups, personal friendspersonal friends

– Payers: fraud detection (Medical Payers: fraud detection (Medical Information Bureau), business Information Bureau), business consultantsconsultants

– Society: national security, bioterrorism Society: national security, bioterrorism detectiondetection

Healthcare Healthcare InformationInformation Access Roles Access Roles

ProviderPatient

Payer Society

Primary care

Specialists

AncillariesImmediate

FamilyExtended

Family

Community Support

FriendsLegally Authorized

Reps

Admin.

Staff

Claims Processors

Subcontractors

Clearinghouses

Insurers

Public Health

State Licensure

Boards

Law Enforcement

Internal QA

External accreditation

orgs

Clinical Trials

Sponsors

Fraud Detection

Medical Information

Bureau

Business Consultants

National Security

Bioterrorism Detection



2.2. Complex interpersonal and Complex interpersonal and organizational roles with respect to organizational roles with respect to datadata

3.3. Patients who wish to exercise Patients who wish to exercise control over access to their data control over access to their data seldom understand the implications seldom understand the implications of their decisionsof their decisions


1.1. The nature of biomedical dataThe nature of biomedical data2.2. Complex interpersonal and Complex interpersonal and

organizational roles with respect to organizational roles with respect to datadata

3.3. Patients who wish to exercise Patients who wish to exercise control over access to their data control over access to their data seldom understand the implications seldom understand the implications of their decisionsof their decisions

4.4. Personal preferences regarding data Personal preferences regarding data access change, sometimes suddenlyaccess change, sometimes suddenly


1.1. The nature of biomedical dataThe nature of biomedical data2.2. Complex interpersonal and organizational Complex interpersonal and organizational

roles with respect to dataroles with respect to data3.3. Patients who wish to exercise control over Patients who wish to exercise control over

access to their data seldom understand access to their data seldom understand the implications of their decisionsthe implications of their decisions


5.5. ““Privacy Fundamentalism” – irrational Privacy Fundamentalism” – irrational political forces (“Nothing about me without political forces (“Nothing about me without me”) block efficient systems approaches me”) block efficient systems approaches


1.1. The nature of biomedical dataThe nature of biomedical data2.2. Complex interpersonal and organizational Complex interpersonal and organizational

roles with respect to dataroles with respect to data3.3. Patients who wish to exercise control over Patients who wish to exercise control over

access to their data seldom understand access to their data seldom understand the implications of their decisionsthe implications of their decisions


5.5. ““Privacy Fundamentalism” – irrational Privacy Fundamentalism” – irrational political forces (“Nothing about me without political forces (“Nothing about me without me”) block efficient systems approaches me”) block efficient systems approaches

6.6. Differing perceptions of risk and benefitDiffering perceptions of risk and benefit

$995This wonderful videocamera can be yours ifyou’ll just send us yourVisa or MasterCard

World Wide Web

Dixie Baker, Ph.D.Dixie Baker, Ph.D.Chief ScientistChief ScientistCenter for Information Security TechnologyCenter for Information Security TechnologyScience Applications International Corp.Science Applications International Corp.

Daniel R. Masys, M.D.Daniel R. Masys, M.D.Director of Biomedical InformaticsDirector of Biomedical InformaticsUniversity of California, San DiegoUniversity of California, San Diego

Patient-Centered Patient-Centered Access toAccess to

Secure Systems OnlineSecure Systems Online

Patient-Centered Patient-Centered Access toAccess to

Secure Systems OnlineSecure Systems OnlineA National Library of MedicineA National Library of MedicineTelemedicine Research ContractTelemedicine Research Contract

Hb 13.2

Hct38.0

WBC 4.2

Patient-Centered Access to Patient-Centered Access to Secure Systems Online (PCASSO) Secure Systems Online (PCASSO)

Design GoalsDesign Goals

• To enable secure use of the Internet to access To enable secure use of the Internet to access sensitive patient information sensitive patient information

• To enable providers AND patients to view To enable providers AND patients to view medical data onlinemedical data online

• To develop a published, verifiable To develop a published, verifiable high-high-assurance assurance architecturearchitecture– Not proprietaryNot proprietary– No “black box” or trade secret securityNo “black box” or trade secret security

PCASSO functionsPCASSO functions• Protect healthcare information at multiple Protect healthcare information at multiple

levels of sensitivitylevels of sensitivity• Authorize user actions based on familiar Authorize user actions based on familiar

healthcare roles healthcare roles • End-to-end user accountabilityEnd-to-end user accountability• Empower consumers to access their own Empower consumers to access their own

medical recordsmedical records• Patient viewable audit trailsPatient viewable audit trails• Automated e-mail notification of records Automated e-mail notification of records

changeschanges• Security protection extended to user PCSecurity protection extended to user PC

PCASSO usersPCASSO users

• 218 physicians enrolled (started 218 physicians enrolled (started January, 1999)January, 1999)

• 53 patients enrolled as of 9/30/99 53 patients enrolled as of 9/30/99 (started June, 1999)(started June, 1999)

• Enrollment criteria:Enrollment criteria:– Age 18 or olderAge 18 or older– Receive health care from UCSDReceive health care from UCSD– One or more visits in past 6 monthsOne or more visits in past 6 months– Primary care physician co-signs consentPrimary care physician co-signs consent

Differing user Differing user perceptions of perceptions of multi-step login multi-step login

securitysecurityPPrroovviiddeerrss PPaattiieennttss

VVeerryyRReeaassoonnaabbllee

00 7777%%

RReeaassoonnaabbllee 2255%% 1166%%

UUnnrreeaassoonnaabbllee 4411%% 00

IInnttoolleerraabbllee 3333%% 00

Two-tailed P < 0.001 by Mann Whitney

Patient Comments on Patient Comments on PCASSOPCASSO

• ““Love this program and really is super easy to use”Love this program and really is super easy to use”• ““I was at the lab this morning and some results are I was at the lab this morning and some results are

posted already…very impressed”posted already…very impressed”• ““Thank you for this ‘peek’ into our own medical Thank you for this ‘peek’ into our own medical

records. So often patients seem to feel at the records. So often patients seem to feel at the mercy of the HMO’s and at least this may alieviate mercy of the HMO’s and at least this may alieviate <sic> some of that distrust.”<sic> some of that distrust.”

• ““As one who has always been involved in my As one who has always been involved in my health care decisions, I value that I have access to health care decisions, I value that I have access to this information. Great system, I find it very user this information. Great system, I find it very user friendly and feel very confident that my privacy is friendly and feel very confident that my privacy is maintained at all times…”maintained at all times…”

Provider Comments on Provider Comments on PCASSOPCASSO

• ““The Kremlin is easier to get into.”The Kremlin is easier to get into.”• ““I signed on once, and have suffered enough.”I signed on once, and have suffered enough.”• ““Unfortunately it’s so cumbersome to use that it Unfortunately it’s so cumbersome to use that it

is virtually useless.”is virtually useless.”• “…“…security is too tight…I will keep on using my security is too tight…I will keep on using my

cable modem and PC Anywhere to get into my cable modem and PC Anywhere to get into my office computer and then access labs that way.”office computer and then access labs that way.”

• ““It would be wonderful when patients call me in It would be wonderful when patients call me in the evenings & weekends to be able to punch up the evenings & weekends to be able to punch up their info on my home pc and have instant their info on my home pc and have instant access to their lab results, X-rays, medications, access to their lab results, X-rays, medications, etc.”etc.”

• ““...It’s incredibly handy to have this stuff ...It’s incredibly handy to have this stuff available on the Internet. Nice work.”available on the Internet. Nice work.”

Desiderata for electronic Desiderata for electronic consent consent

in healthcarein healthcare

1.1. Permits access to health data by Permits access to health data by checking that patient consent checking that patient consent exists for the information requests, exists for the information requests, using methods that check for using methods that check for explicit, inferred or implied consentexplicit, inferred or implied consent

2.2. Should allow access to patient Should allow access to patient information to those who have been information to those who have been explicitly permitted by a patientexplicitly permitted by a patient

E. Coiera et. al., J. Am Med Informatics Assoc, 2004E. Coiera et. al., J. Am Med Informatics Assoc, 2004


in healthcare, cont’din healthcare, cont’d

3.3. Should never allow access to patient Should never allow access to patient information by those explicitly information by those explicitly denied access by the patientdenied access by the patient

4.4. Should allow access to patient Should allow access to patient information to individuals information to individuals determined to have inferred or determined to have inferred or implied consent based on their implied consent based on their clinical roles, responsibilities, or clinical roles, responsibilities, or clinical circumstanceclinical circumstance




5.5. Does not endanger patient safety Does not endanger patient safety by denying access to information by denying access to information by clinically approved individuals by clinically approved individuals when consent is indeterminantwhen consent is indeterminant

6.6. Does not impede clinical work by Does not impede clinical work by clinically approved individuals, clinically approved individuals, when consent is indeterminantwhen consent is indeterminant




7.7. Has security safeguards to prevent Has security safeguards to prevent access by circumventing consent access by circumventing consent checking mechanismchecking mechanism

8.8. Minimizes the number of requests Minimizes the number of requests made to clinicians and patients to made to clinicians and patients to avoid disruption of clinical care or avoid disruption of clinical care or the private lives of individualsthe private lives of individuals




9.9. Does not require expensive or Does not require expensive or burdensome infrastructureburdensome infrastructure


Author Observation: criteria are in Author Observation: criteria are in conflict with one another, and no conflict with one another, and no single model performs well against single model performs well against all 9 criteriaall 9 criteria

Models for e-consentModels for e-consent

1.1. General consentGeneral consent = “opt in”. = “opt in”. Patient accepts all provider policies Patient accepts all provider policies (Notices of Information Practices). (Notices of Information Practices). Most common current model.Most common current model.

2.2. General consent with specific General consent with specific denial.denial. Patient accepts provider Patient accepts provider policies but denies consent for a) policies but denies consent for a) particular information or b) particular information or b) particular parties’ access or c) particular parties’ access or c) disclosure for particular purposesdisclosure for particular purposes


Models for e-consentModels for e-consent

3.3. General denial with specific consentGeneral denial with specific consent = = Paitent denies all access except for Paitent denies all access except for consent for a) particular information or consent for a) particular information or b) particular parties’ access or c) b) particular parties’ access or c) disclosure for particular purposesdisclosure for particular purposes

4.4. General denialGeneral denial = “opt out”. Each new = “opt out”. Each new episode of care requires explicit episode of care requires explicit consent. (Likely scenarios for opt out: consent. (Likely scenarios for opt out: psychiatric care, drug rehab, sexually psychiatric care, drug rehab, sexually transmitted disease treatment).transmitted disease treatment).


Implementation: Implementation: e-Consent objectse-Consent objects

Rights management wrappers associated with clinical information that record the assertion:

Access to (information)by an (entity)for a (purpose)in a (context)is {consented to | denied }

Could attach to specific facts, episodes of care, or complete medical record

Putting Health Information Security Putting Health Information Security

into Perspectiveinto Perspective• The current fervor related to health The current fervor related to health

information security is sometimes information security is sometimes marked by “irrational exuberance”marked by “irrational exuberance”

• Data available to date suggests that Data available to date suggests that breaches of confidentiality in breaches of confidentiality in healthcare usually cause either no healthcare usually cause either no apparent harm or some personal apparent harm or some personal psychological harm, while psychological harm, while inaccessibility of healthcare data inaccessibility of healthcare data causes preventable medical errors, up causes preventable medical errors, up to and including deathto and including death

Kohn L, et al. Committee on Quality of Health Care in America.

To Err is Human: Building a Safer Health System.

Institute of Medicine, Dec 1999

Medical ErrorsMedical Errors

• Between 44,000-98,000 preventable Between 44,000-98,000 preventable deaths each year in hospitalsdeaths each year in hospitals

• Injury rates from 2.9% (general med-Injury rates from 2.9% (general med-surg) to 46% (ICU settings)surg) to 46% (ICU settings)

• 7th leading cause of death in US7th leading cause of death in US• Likely underestimates due to:Likely underestimates due to:

– Injury thresholds for reportingInjury thresholds for reporting– Errors had to be documented in clinical Errors had to be documented in clinical

recordrecord

Medical ErrorsMedical Errors• Majority of errors do not result from individual Majority of errors do not result from individual

recklessness, but from flaws in health system recklessness, but from flaws in health system organization (or lack of organization).organization (or lack of organization).

• Failures of information management are common: Failures of information management are common:

– illegible writing in medical recordsillegible writing in medical records– lack of integration of clinical information lack of integration of clinical information

systemssystems– inaccessibility of recordsinaccessibility of records– lack of automated allergy and drug lack of automated allergy and drug

interaction checkinginteraction checking

Information Security Information Security ElementsElements

• AvailabilityAvailability - when and where needed - when and where needed• AuthenticationAuthentication -a person or system is who they purport -a person or system is who they purport

to beto be• Access ControlAccess Control - only authorized persons, for - only authorized persons, for

authorized usesauthorized uses• ConfidentialityConfidentiality - no unauthorized information disclosure - no unauthorized information disclosure• IntegrityIntegrity - Information content not alterable except - Information content not alterable except

under authorized circumstancesunder authorized circumstances• Attribution/non-repudiationAttribution/non-repudiation - actions taken are reliably - actions taken are reliably

traceabletraceable

Putting Health Information Security Putting Health Information Security

into Perspectiveinto Perspective• If ‘keeping the bad guys out’ causes even a If ‘keeping the bad guys out’ causes even a

single additional death due to inaccessibility single additional death due to inaccessibility of information to authorized providers, we of information to authorized providers, we have failed to achieve a proper perspective have failed to achieve a proper perspective on health information securityon health information security

• From HIPAA back to Hippocrates:From HIPAA back to Hippocrates: Primum Primum non nocerenon nocere - - first do no harmfirst do no harm

Medical Data: It’s Only Sensitive If It Hurts When You Touch It Daniel Masys, M.D. Director of Biomedical Informatics UCSD School of Medicine Professor.

Documents

medical data privacy

information security

hipaa security rule

hippocrates slide

hipaa security vulnerabilities

privacy rule effective

rule director

small health plans