Auto-wipe | Manage My Practice

Clearing Up the Confusion Between Security, Privacy, HIPAA and HITECH: An Interview With Steve Spearman

Posted by Mary Pat Whaley on February 17, 2013

Mary Pat: Your business is called “Health Security Solutions.” People often confuse privacy with security. Can you clear up the confusion for us?

Steve: The Privacy rules refer to the broad requirements to protect the confidentiality of Protected Health Information (PHI) in all its forms. So for example, a physician talking loudly on the phone in the lobby of a restaurant about a patient by name is a violation of the privacy rules. PHI on paper records is covered under the privacy rules.

The security rules are specifically concerned about protecting the confidentiality (i.e. privacy), integrity and availability of electronic PHI, or PHI that exists in a digital form. So once you are dealing with electronic health records and information systems, violations tend to fall under the security rules. (more…)

Tags: ARRA, Audit, auto-wipe, CISSP, Health Security Solutions, making medical practice compliant, NIST, paper versus EMR, patient health information, private health information, Protected health information, SaaS, sanction policy, security, security officer, security risk analysis, SSAE 16 certified data centers, Steve Spearman, the difference between privacy and security, using cloud-based EMRs, what is BYOD?, what is HIPAA?, what is HITECH?, what is PHI?

Posted in: Compliance, Day-to-Day Operations, Electronic Medical Records, Headlines, Medicare This Week