Welcome back, future informaticists!
In this session, we'll be exploring an
important aspect of healthcare informatics:
the standards and guidelines.
These standards serve as a compass, guiding
us to ensure the privacy, security, and
interoperability of healthcare data.
So, let's dive right in!
Our first standard is the Health Insurance
Portability and Accountability Act, commonly
known as HIPAA.
According to the official HIPAA website,
"HIPAA is a federal law that was enacted in
1996 and is designed to protect the privacy
and security of patient’s health information."
HIPAA applies to all healthcare providers,
including doctors, hospitals, insurance
companies, respiratory therapists. It applies
to everyone, including healthcare
informaticists, like for example, nurses, who
work specifically with electronic health
records and other health information
So, imagine you're at a party, and someone
starts sharing their friend's health
information. It feels wrong, right?
Well, that's exactly what the HIPAA Privacy
Rule aims to prevent.
It safeguards the patient's health
information, which we call Protected Health
Information or PHI.
PHI includes all sorts of identifiable
information, from a patient's name and date of
birth to their medical condition and
So, is it necessary for you to know every word
No, not really, but you are accountable to
adequate understanding of the logic behind the
privacy and security rules.
Now, let's put this into practice.
Because here are some practical examples of
how we can uphold the Privacy Rule as
individuals. Number one: Share patient
information only with team members directly
involved with their care. For example, if
you're a nurse working with a patient who has
diabetes, you'd share relevant information
with the dietitian planning their meals, but
not with a physical therapist working with a
Second one: Do not access patient information
unless it is necessary for your job.
Number three: Do not use patient information
for personal gain: A nurse or physician should
not look up a celebrity’s medical records
just because they are curious.
Now, number four: If you accidentally come
across a record that doesn't concern you, you
need to report it. It's essential to maintain
transparency and trust within our workplace,
so go to human resources and let them know
there's been an accidental breach in
Number five: Discuss patient information only
in secure, private areas at work.
Never talk about a patient's condition or
treatment in public spaces like elevators or
Now, let's talk about the HIPAA Security Rule.
In today's digital age, a lot of our patient
information is stored electronically.
The Security Rule ensures this electronic
PHI, or ePHI, is well protected.
Here's how we can implement this rule in our
Never share your password.
Your login credentials are your
If someone accesses ePHI using your account,
it could lead to a breach.
Always log off when you leave, and if you
notice a coworker has left their computer
unattended, log them off too.
It's a simple step that can prevent
Avoid taking information home and always
destroy report sheets using a secure shredder.
Old file records should be kept in a locked
Respect patients' rights to their information.
Patients can request a copy of their
However, we cannot share this information
with anyone — even family or friends — without
the patient's permission.
Lastly, report any breach of confidentiality.
If you suspect a breach has occurred, report
it immediately to your supervisor or the
Informatics professionals have an even more
comprehensive role with protecting patient
First, access control: Implement strict access
controls to limit data access only to
This includes unique user accounts, strong
passwords, two-factor authentication, and
regular access reviews to revoke access when
Data Encryption: Encrypt sensitive data both
in transit and at rest.
Utilize encryption protocols such as SSL/TLS
for network communications and robust
encryption algorithms to secure stored data,
such as AES.
Secure Network Infrastructure: Implement
strong network security measures, including
firewalls, intrusion detection and prevention
systems, and virtual private networks to
protect data from unauthorized access and
Conduct regular security audits and risk
assessments to identify vulnerabilities and
address them promptly.
This helps ensure compliance with HIPAA
regulations and proactively prevent potential
Provide comprehensive training to employees
regarding HIPAA regulations, data handling
practices, and security protocols.
Educate them on the importance of protecting
patient information, how to identify and
report security incidents, and the proper use
of technology tools.
When transmitting patient data, use secure
communication channels such as encrypted
email, secure file transfer protocols, or
secure messaging platforms because you want to
prevent unauthorized interception or access.
Develop robust disaster recovery plans and
implement regular data backups.
This ensures that in the event of a security
incident or system failure, data can be
restored quickly and effectively, minimizing
downtime and potential data loss.
Safeguard physical access to data storage
areas, servers, and other hardware.
Implement physical security measures such as
restricted access controls, surveillance
systems, and environmental controls – like
temperature and humidity monitoring.
These will all help prevent unauthorized
physical access and protect against
Establish an incident response plan that
outlines the steps to be taken in the event of
a security breach or incident.
This includes incident identification,
containment, eradication, recovery procedures,
as well as proper documentation and reporting
If you work with third-party vendors or
service providers, ensure they also comply
with HIPAA regulations and have appropriate
security measures in place.
Regularly review their security practices and
agreements to ensure they meet the necessary
standards. Protecting HIPAA requires a
multi-layered approach involving both
technical and administrative controls.
It's important to stay informed about the
latest security practices and regulations so
you can effectively protect patient data and
Remember, as healthcare personnel, we're not
just handling data; we're handling people's
lives and privacy.
Respecting and protecting our patients'
information isn't just about following the
law, it's about upholding our ethical
So, let's always keep these guidelines in
mind as we go about our work and interact
with our patients.