Page 20 - Delaware Medical Journal - November 2017
P. 20
How Delaware Health Information Network Protects Patient Data
� Stacey Haddock Schiller
Cybersecurity seems to be in the news daily. Concern about ������������������������������������������������������� everywhere, and with good reason: The recent data breach
at Equifax put more than one-third of all Americans’ personal data at risk. This incident reinforces the need for an unwavering commitment to industry best practices for protecting personal health information.
������������������������
once the biggest concern, personal health information (PHI) has become increasingly valuable.
In fact, to a hacker, your
personal health data may be ��������������������������������������������������������
At Delaware Health Information Network (DHIN), data is our business. With cyber threats and the organized targeting of health care data on the rise, the safety and security of that patient data is paramount.
Protecting this data requires a multi-pronged approach, consisting of physical, procedural, and legal safeguards, as well as a “toothy” enforcement policy.
FEDERAL AND STATE REGULATIONS
Key to DHIN’s data protection policies and procedures is the Health Insurance Portability & Accountability Act (HIPAA), the over-arching federal regulation that governs how health information should be treated and protected. Compliance with HIPAA and other related state and federal regulations is at the heart of DHIN’s approach to privacy and security.
Additionally, DHIN adheres to requirements put forth by the National Institutes of Standards and Technology, as well as other applicable federal and state laws and regulations.
These regulations govern DHIN’s legal and procedural protections of PHI.
HITRUST COMMON SECURITY FRAMEWORK (CSF)
Taking PHI security a step farther, DHIN was recently recognized as one of a select group of health information ��������������������������������������������������������������� protection of patient data. DHIN’s implemented systems — ����������������������������������������������������� iSpecimen, DHIN Community Health Record and Result Delivery Grid hosted by Medicity and Internal Hardware and Software ������������������������������������������������������������ for information security by HITRUST (Health Information Trust Alliance), widely regarded as the industry standard in health IT.
Together with HITRUST Authorized CSF Assessor BluePrint Healthcare IT, the DHIN team spent nearly a year performing an exhaustive analysis of existing security and privacy measures and strengthening policies and procedures to align with HITRUST requirements.
The HITRUST CSF has become the “gold standard” for measuring and certifying security management programs. Created by health care, technology, information security, privacy, and compliance leaders, the CSF combines requirements from both existing federal and third-party standards and regulations.
�����������������������������������������������������������
privacy controls, no reportable data security breaches, and timely completion of interim reviews.
DHIN’s Community Health Record includes more than 2.2
���������������������������������������������������������������
practitioners, payers, and consumers added assurance that DHIN meets the highest standards of security, privacy, and compliance.
PRIVACY AND SECURITY PROGRAM
In a recent interview, DHIN’s Network & Operations Manager Jody Wilson explained that a cybersecurity plan is only as good as
340
Del Med J | November 2017 | Vol. 89 | No. 11
