DATTA MEGHE INSTITUTE OF HIGHER EDUCATION AND RESEARCH

(Deemed to be University)
FACULTY OF ENGINEERING AND TECHNOLOGY

Module 4

Subject: Management of Information in Healthcare

Class: B.Tech (TE)
Semester: VI

By
Dr. Sarang Pande
Professor
(AIDS/AIML/CSD/CSME/CSE)

1
 Course Contents
Module 4: Privacy and Security [2]

Laws and regulations related to health information privacy and security (e.g.,
HIPAA, HITECH), Health information privacy and security policies and
procedures, Risk management and compliance in HIM.

Applications:
1. HIPAA
2. HITECH
3. HIM

Resources : Some of the Case Studies Link

 HIPAA

• Health Insurance Portability & Accountability Act (HIPAA) passed in

1996 laid much of the groundwork for the privacy and security
measures being adopted within healthcare.
• It includes two key rules:Privacy Rule: Governs the use and
disclosure of PHI.
• Security Rule: Sets standards for safeguarding electronic PHI (ePHI).
• Ensures patients have rights over their health information, including
the ability to access and request corrections.
 HITECH

• HITECH (Health Information Technology for Economic and Clinical

Health Act)Enacted in 2009, HITECH is an extension of HIPAA.
• Promotes the adoption and meaningful use of electronic health records
(EHRs).
• Strengthens HIPAA by increasing penalties for non-compliance and
extending requirements to business associates.
• Introduces Breach Notification Rule, requiring entities to notify
individuals and authorities about breaches involving PHI.
 HIM

• HIM (Health Information Management)Refers to the practice of

acquiring, analyzing, and protecting medical information
essential for healthcare delivery.
• HIM professionals ensure the accuracy, accessibility, and
security of health data, complying with regulations like HIPAA
and HITECH.
• HIM encompasses data governance, coding, compliance, and
the management of EHRs.
 Privacy and Security - Policies
ASSURING PORTABILITY, AVAILABILITY, AND RENEWABILITY
OF HEALTH INSURANCE COVERAGE
Privacy Rule:
• Set standards for protecting PHI, including any identifiable health
information.
• Limits how PHI can be used or disclosed without patient consent.
• Grants patients’ rights over their health records, including the right to
access and request corrections.
Security Rule:
• Establishes safeguards to ensure the confidentiality, integrity, and
availability of electronic PHI (ePHI).
• Includes administrative, physical, and technical safeguards to protect
ePHI from threats or unauthorized access.
 Privacy and Security - Procedures
PREVENTING HEALTH CARE FRAUD AND ABUSE; ADMINISTRATIVE
SIMPLIFICATION; MEDICAL LIABILITY REFORM
Breach Notification Rule:
• Requires covered entities to notify affected individuals, the Department of
Health and Human Services (HHS), and, in some cases, the media, of a PHI
breach.
Enforcement Rule:
• Sets standards for investigating non-compliance and levying penalties.
• Penalties for violations can range from $100 to $50,000 per violation, with
annual maximums of $1.5 million.
Omnibus Rule:
• Extends HIPAA compliance requirements to business associates and
subcontractors.
• Clarifies and strengthens privacy and security protections.
 Important Links

Yale University:
Health Insurance Portability and Accountability Act

HIPAA Journal:
The HIPAA Journal - News and articles about HIPAA