Safeguards
Medical data are increasingly computerized, which means, inevitably, medical data are increasingly subject to the risks associated with computer security, namely:
•Confidentiality: data revealed to people not authorized to see them •Integrity: unauthorized changes to data, intentional or otherwise
•Availability: access to data denied by persons or events
An overview of the security issues at BCBST
•BCBST has consented to pay the U.s. Bureau of Health and
Human Services (HHS) $1,500,000 to settle potential infringement of the Health Insurance Portability and Accountability Act of 1996
(HIPAA)
•57 decoded workstation hard drives were stolen from a rented office in Tennessee
•The drives held the secured health data (PHI) of in excess of 1 million people, including part names, standardized savings numbers, conclusion codes, dates of conception, and wellbeing arrangement distinguishing proof numbers
•Notwithstanding the $1,500,000 settlement, the assention obliges BCBST to survey, reexamine, and keep up its Privacy and
Security strategies and methods
•HHS Office for Civil Rights implements the HIPAA Privacy and
Security Rules
•The HIPAA Security Rule ensures health data in electronic structure by obliging elements secured by HIPAA to utilize physical, specialized, and authoritative shields
•The HITECH Breach Notification Rule requires secured elements to report an impermissible utilization or revelation of ensured health data
HIPAA security requirements that could have prevented the incident Federal law to facilitate continuity of care and adds protections for health information:
1. HIPAA Privacy Rule
• Governs use and disclosure of protected health information
• Applies to all PHI including oral, written, and electronic
2. HIPAA Security Rule
• Governs security standards for protecting health information
• Only applies to electronic PHI
Positive and negative corrective actions taken by BCBST
•Blue Cross and Blue Shield of