Health Data Management Part 2
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hello. Welcome to
00:00
the HCISPP certification course with Cybrary,
00:00
Health Data Management, Part 2.
00:00
My name is Charlene Hutchins,
00:00
and I will be your instructor for today.
00:00
In this module, we'll talk
00:00
about health data characterization,
00:00
data interoperability and exchange,
00:00
and legal medical records.
00:00
As health care organizations work
00:00
toward becoming HIPAA compliant,
00:00
one of the obstacles many are encountering is how
00:00
to treat and handle the many types of data used each day.
00:00
The primary threat to security of
00:00
information assets is from internal employees.
00:00
The threat can be substantial due to
00:00
a lack of procedures around data handling.
00:00
One way to reduce exposure is with data classification.
00:00
Data classification program classifies
00:00
pieces of data based on
00:00
the sensitivity and establishes procedures to make
00:00
sure each piece of information is treated properly.
00:00
Data classification is a non-technical,
00:00
common-sense approach to risk management.
00:00
Many organizations use
00:00
a four or five-level classification system: public,
00:00
internal, confidential, and restricted.
00:00
The government uses unclassified,
00:00
confidential, secret, and top secret.
00:00
With each classification,
00:00
procedures for the handling, storage,
00:00
use, transmission, and
00:00
destruction of the information should be determined.
00:00
For each instance, data should be
00:00
labeled or marked based on
00:00
the classification level so that
00:00
unauthorized use or disclosure does not occur.
00:00
Also the classification can be used to determine
00:00
how long certain data is
00:00
maintained and how particular data should be destroyed.
00:00
For example, confidential documentation should be
00:00
disposed off by shredding and
00:00
not being placed in recycle bins.
00:00
A taxonomy comprises vocabulary
00:00
and terms for how to refer to information.
00:00
A single taxonomy eliminates
00:00
confusion over terminology and meaning and
00:00
requires disciplinary agreement about
00:00
the vocabulary and the classifications.
00:00
The HPTC, or Healthcare Provider Taxonomy Codes,
00:00
is a set of standard codes for health care providers.
00:00
You can refer to the supplemental materials to
00:00
find out further information about each HPTC codes.
00:00
It's important that once you have a system
00:00
for classification and taxonomy,
00:00
that you also incorporate training
00:00
to socialize this information with the workforce.
00:00
Many privacy and security incidents could be
00:00
avoided with simple training and awareness.
00:00
In the organization that I'm part of,
00:00
we created what we call a culture of security;
00:00
it's everyone's responsibility to
00:00
protect the data within the organization.
00:00
New employees receive this training
00:00
in-person on the first day.
00:00
Additionally, they receive training on
00:00
how to protect the data and who to
00:00
reach out to when they have questions or
00:00
concerns about the use of the data.
00:00
A reminder, data can only be used in an organization for
00:00
the purposes that it was
00:00
collected and Protected Health Information,
00:00
or PHI, can only be used for treatment,
00:00
payment, or operations of care for patients.
00:00
Analytics is the systematic use of data and
00:00
related business insights to drive
00:00
fact-based decision-making for planning,
00:00
management, measurement, and learning.
00:00
Using analytics to gain
00:00
better insights can help demonstrate
00:00
value and achieve better outcomes
00:00
such as new treatments or technologies.
00:00
Information leading to insights can help
00:00
consumers become more accountable for their own health.
00:00
With the public health crisis today,
00:00
the more data that we have available
00:00
about the areas of outbreak and
00:00
how many people are being tested
00:00
and how the virus is behaving and changing,
00:00
the more we can make informed decisions
00:00
on whether to shelter in place,
00:00
wear face masks, and practice social distancing.
00:00
There's a lot of data being
00:00
collected to increase knowledge about the spread
00:00
of the virus and tracking people who have
00:00
tested positive or who have recovered.
00:00
This data can be used by
00:00
the government for the purposes of public health.
00:00
The government has hired and is working with
00:00
other businesses who they may
00:00
need to share this sensitive information with.
00:00
Those additional businesses may
00:00
not share that information
00:00
for any other purpose than
00:00
the services they are being asked to perform.
00:00
This is where privacy is important and comes into play.
00:00
How many of you watching this video have
00:00
concerns about the privacy of your information?
00:00
This is why it's imperative that those
00:00
of us with this certification work to
00:00
ensure the safety and privacy of information
00:00
is maintained for ourselves and others.
00:00
Interoperability describes the extent
00:00
to which systems and devices can
00:00
exchange data as well as
00:00
interpret that shared information.
00:00
Provider organizations and hospitals have
00:00
many different computer systems used for
00:00
everything from billing to patient tracking.
00:00
All of these systems should communicate and
00:00
interoperate with each other, but not all do.
00:00
The are standards that enable
00:00
the data exchange and interpretation
00:00
of classification codes to be used by disparate systems.
00:00
Three of them are HL7,
00:00
DICOM, and IHE.
00:00
You can find more information on these methodologies
00:00
in the supplemental materials that support this course.
00:00
ETL processes extract, translate,
00:00
and load pool data from multiple databases or sources
00:00
and combine that data to send to a destination system.
00:00
You may have heard about SQL queries
00:00
when discussing ETL processes or systems.
00:00
Well, SQL queries are sometimes used to query or
00:00
pull or search for data in a relational database.
00:00
ETL is the process used to extract,
00:00
translate, and load the data into the destination system.
00:00
There are three levels of
00:00
health information technology interoperability
00:00
: foundational;
00:00
which is data exchange,
00:00
where the receiving system doesn't have
00:00
to interpret or translate the data.
00:00
Structural,
00:00
which defines the format and
00:00
syntax of the data exchange and
00:00
ensures that data exchanges between systems can
00:00
be interpreted at the data field level.
00:00
Semantic; allows two or more systems
00:00
or elements to exchange and use information.
00:00
This level supports the electronic exchange of
00:00
patients' summary information to improve quality,
00:00
safety, and efficiency of health care delivery.
00:00
Today, fewer medical records are being
00:00
stored in paper format and more are being
00:00
stored in computer databases that allow for
00:00
greater efficiencies in processing
00:00
clinical and financial services.
00:00
Electronic storage of medical records also has
00:00
other unintended consequences that include the threat of
00:00
patient privacy and the increased potential for misuse.
00:00
Legal standards vary from industry
00:00
to industry and state to state
00:00
that at times seem
00:00
unrealistic and oftentimes conflicting,
00:00
even though HIPAA mandated the development of
00:00
regulations for the control of medical records.
00:00
In the US, the legal medical record is
00:00
a subset of the designated record set and is
00:00
the set of records that will be
00:00
released for legal proceedings
00:00
or in response to a request for patient medical release.
00:00
It may also include records
00:00
maintained in an electronic records system.
00:00
The designated record set is
00:00
a group of records that include PHI,
00:00
the Protected Health Information,
00:00
for each individual that receives care and may
00:00
include medical records and billing records,
00:00
enrollments, payment claims, and
00:00
any other information used to make
00:00
decisions about a patient's care.
00:00
Today, what we've discussed is classifying data for
00:00
the purposes of protecting it in
00:00
the health data characterization,
00:00
data interoperability and exchange;
00:00
which removes barriers for sharing the data,
00:00
and the definition of legal medical records.
00:00
Please refer to the glossary of terms and
00:00
the official flashcards for
00:00
additional information and review of this material.
00:00
I'll see you in the next video.
Up Next
