HCISPP

Course
Time
5 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Hello and welcome to the Hcs PP certification course with Sai Buri Health Data Management Part two. My name is Charlene Hutchins and I will be your instructor for the day
00:14
and this module will talk about health data characterization,
00:17
data interoperability in exchange and legal medical records
00:25
as healthcare organizations worked or becoming HIPPA compliant.
00:29
One of the obstacles many are encountering is how to treat in handle the many types of data used each day.
00:37
The primary threat to security of information assets is from internal employees. The threat can be substantial due to a lack of procedures around data handling. One way to reduce exposure is with data classifications.
00:52
Data classification program classifies pieces of data based on the sensitivity and establishes procedures to make sure each piece of information is treated properly.
01:03
Data classifications is a non technical, common sense approach to risk management.
01:10
Many organizations use a four or five level classifications system
01:15
public,
01:17
internal,
01:18
confidential
01:19
and restricted.
01:21
The government uses unclassified, confidential, secret and top secret
01:27
with each classification
01:30
procedures for the handling, storage, used transmission and destruction of the information should be determined
01:38
for each instance. Data should be labeled or marked based on the classification level so that unauthorized use or disclosure does not occur.
01:49
Also, the classification can be used to determine how long certain data is maintained and how particular data should be destroyed.
02:00
For example, confidential documentation should be disposed of by shredding and not being placed in recycle bins.
02:08
A taxonomy comprises vocabulary in terms for how to refer to information.
02:15
A single taxonomy eliminates confusion over terminology and meaning and requires disciplinary agreement about the vocabulary and the classifications.
02:25
The H P T. C. Or health care provider taxonomy codes is a set of standard codes for health care providers.
02:36
You can refer to the supplemental materials to find out further information about H PTC codes.
02:43
It's important that once you have a system for classification and the taxonomy that you also incorporate training to socialize this information with the workforce. Many privacy and security incidents could be avoided with simple training and awareness,
03:00
and the organization that I'm part of, we created what we call a culture of security. It's everyone's responsibility to protect the data within the organization. New employees received this training in person on the first day.
03:15
Additionally, they received training on how to protect the data and who to reach out to when they have questions or concerns about the use of the data.
03:23
A reminder data can only be used in an organization for the purposes that it was collected and protected. Health information or a pH. I can only be used for treatment, payment or operations of care for patients.
03:39
Analytics is the systematic use of data and related business insights to dry fact based date decision making for planning, management, measurement and learning.
03:53
Using analytics to gain better insights can help demonstrate value and achieve better outcomes, such as new treatments or technologies.
04:02
Information leading to insights can help consumers become more accountable for their own health.
04:11
With the public health crisis today, the more data that we have available about the errors of outbreak and how many people are being tested and how the virus is behaving and changing, the more we can make informed decisions on whether to shelter in place, wear face masks and practice social distancing.
04:30
There's a lot of data being collected to increase knowledge about the spread of the virus and tracking people who have tested positive or who have recovered
04:40
this data can be used by the government for the purposes of public health, and the government has hired and is working with other businesses who they may need to share the sensitive information with
04:51
those. Additional businesses may not share that information for any other purpose than the services they're being asked to perform.
05:00
This is where privacy is important and comes into play.
05:03
How many of you watching this video have concerns about the privacy of your information?
05:10
This is why it's imperative that those of us with this certification work to ensure the safety and privacy of information is maintained for ourselves and others.
05:25
Interoperability describes the extent to which systems and devices can exchange data as well as interpret that shared information.
05:33
Provider organizations and hospitals have many different computer systems used for everything from billing to patient tracking. All of these systems should communicate and inter operate with each other. But not all do their standards that enable the data exchange an interpretation of classifications codes
05:53
to be used by dispirit systems.
05:56
Three of them are H L seven
06:00
Dycom
06:01
and I H E.
06:02
You can find more information on these methodologies in the supplemental materials that support this course.
06:11
E t l processes extract. Translate in load pulled data from multiple databases or sources, and combine that data to send to a destination system.
06:21
You may have heard about sequel queries when discussing e t l processes or systems
06:27
well, sequel crees are sometimes used to query or pull or search for data and a relational database. And e T. L is the process used to extract, translate and load the data into the destination system.
06:45
There are three levels of health information technology interoperability foundational, which is data exchange where the receiving system doesn't have to interpret or translate the data
06:56
structural, which it defines the format in syntax of the data exchange. It ensures the data exchanges between systems can be interpreted at the data field level,
07:06
and semantic allows two or more systems or elements to exchange and use information. This level supports the Elektronik exchange of patients. Summary information to improve quality, safety and efficiency of healthcare delivery.
07:27
Today, fewer medical records are being stored in paper format and MAWR are being stored in computer databases that allow for greater efficiencies and processing clinical and financial services.
07:42
Elektronik Storage of medical records also has other unintended consequences that include the threat of patient privacy and the increased potential for misuse.
07:55
Legal standards vary from industry to industry and state to state that at times seem unrealistic and oftentimes conflicting, even though HIPPA mandated the development of regulations for the control of medical records
08:11
in the US, the legal medical record is a subset of the designated record set
08:16
and is the set of records that would be released for legal proceedings or in response to a request for patient medical release.
08:26
It may also include records maintain in an electronic record system.
08:31
The designated records set is a group of records that include PH. I. The protected health information for each individual that receives care and may include medical records and billing records, enrollments, payment claims and any other information used
08:52
to make decisions
08:52
about a patient care.
08:58
So today, what we've discussed is classifying data for the purposes of protecting it in the health data characterization,
09:07
data interoperability and exchange, which removes barriers for sharing the data
09:13
and the definition of legal medical records.
09:16
Please refer to the glossary of terms and the official flashcards for additional information and review of this material.
09:26
I'll see you in the next video

Up Next

HCISPP

The HCISSP certification course provides students with the knowledge and skills to successfully pass the certification test needed to become a healthcare information security and privacy practitioner. The course covers all seven domains included on the exam.

Instructed By

Instructor Profile Image
Schlaine Hutchins
Director, Information Security / Security Officer
Instructor