NCM 110: NURSING INFORMATICS
CORPORAL, MARIEL S. I BSN 2A – 2nd Semester
TOPIC: CHAPTER 10: TRUSTWORTHY SYSTEMS FOR SAFE AND PRIVATE HEALTHCARE
Trustworthy Systems
FOR SAFE AND PRIVATE HEALTHCARE
HITECH- Health Information Technology for
Economic and Clinical Health
 as part of the American Recovery and
Reinvestment Act (USC, 2009)
 Assigned the Office of National Coordinator
(ONC) responsibility for developing a
nationwide infrastructure that would
facilitate the use and exchange of electronic
health information, including policy,
standards, implementation specifications,
and certification criteria resulted in most
significant amendments to the Health
Insurance Portability and Accountability Act
(HIPAA) Security and Privacy Rules since
the rules became law
HITECH Act Priorities
 Technologies that protect the privacy of
health information and promote security in a
qualified electronic health record (EHR)
 A nationwide HIT infrastructure that allows
for the electronic use and accurate
exchange of health information.
 Technologies that as a part of a qualified
EHR allow for an accounting of disclosures
made by a covered entity
 Technologies that allow individually
identifiable health information to be
rendered unusable, unreadable, or
indecipherable to unauthorized individuals
“Information is the lifeblood of modern medicine.
Health information technology is destined to be its
circulatory system. Without that system, neither
individual physicians nor healthcare institutions can
perform at their best or deliver the highest-quality
care”
TRUST
 Caregivers will keep the health information
confidential and will disclose and use it only
to extent as necessary
 Caregivers and technology will “do no harm”
Benificience
 Technology and Information are readily
available
 Information in the patient’s EHR are
accurate and complete
NURSES........
 “promote, advocate for, and strive to protect
the health, safety, and rights of the patient”
 “holds in confidence personal information”
and
 “ensures that use of technology…[is]
compatible with the safety, dignity, and
rights of people”
HEALTH INFORMATION TECHNOLOGY
OPPORTUNITIES
 However, HIT also offers significant benefits
like faster lab results, remote monitoring,
and personalized treatment plans.
CHALLENGES
 Electronic information exchange introduces
new risks (accidental breaches, malicious
attacks).
TRUSTWORTHY HEALTH INFORMATION
TECHNOLOGY
 Legal and ethical frameworks, along with
consumer expectations, define
requirements for trustworthy HIT.
 Requirements:
 Availability of data and applications.
 Protection of privacy and confidentiality.
 Data integrity and security.
 User-friendly and responsive systems.
 Safe operation of health-critical functions.
PRIVACY
 Deals with individual rights around the
collection, use, and sharing o their personal
health information. Principles like openness,
transparency, fairness, and choice are
crucial for privacy.
SECURITY
 Focuses more on protecting the
confidentiality, integrity, and availability of
health data and systems through
mechanisms like access controls, auditing,
encryption etc.
EIGHT PRIVACY PRINCIPLES
 Core privacy principles for health IT were
first defined in 1973 and later updated to
address modern e-health risks like
widespread data sharing through health
information exchanges.
 individual access
 Correction
 Openness and transparency
 Individual choice
 Collection and use
 Data quality and integrity
 Safeguards
 Accountability
SECURITY MECHANISM AND ASSURANCE
METHODS
ADVANTAGE
 confidentiality and authenticity of
information, the integrity of data, and the
availability of information and services, as
well as to provide an accurate record of
activities and accesses to information
DISADVANTAGE
 critical to protecting personal privacy, they
are also essential in protecting patient
safety and care quality—and in engendering
trust in electronic systems and information
Examples Illustrating the Importance of
Security in HIT
 Corruption of Laboratory Results
 Overwriting EHR Data
 Fraudulent Electronic Messages
 Safety Risks in Clinical Decision-Support
Systems
 NCM 110: NURSING INFORMATICS
CORPORAL, MARIEL S. I BSN 2A – 2nd Semester
TOPIC: CHAPTER 10: TRUSTWORTHY SYSTEMS FOR SAFE AND PRIVATE HEALTHCARE
TRUSTWORTHINESS
 This critical attribute encompasses both
security and privacy.
 Trustworthy systems inspire confidence and
reliability formhealthcare professionals.
 Building trustworthiness requires upfront
design and ongoing maintenance.
 Retrofitting existing systems for
trustworthiness can be difficult and costly
When Things Go Wrong
 CareGroup Network Infrastructure Failure
(2003)
 Microsoft Azure Cloud Outage (2013)
 Identity Theft and Personal Privacy
 Genomic Data Breach
 Malware Threats and Medical Devices
 HIPAA Breaches and Reporting (2009-2014
HIT TRUST FRAMEWORK
Layer 1: Risk Management
Layer 2: Information Assurance Policy
Layer 3: Physical Safeguards
Layer 4: Operational Safeguards
Layer 5: Architectural Safeguards
Layer 6: Security Technology Safeguards
Layer 7: Usability Features
Layer 1: Risk Management
 Identifies potential threats and weaknesses
that could compromise patient information.
This groundwork is crucial for all the other
layers.
 Risk management considers various factors
including patient safety, privacy, information
security, reputation, and financial stability.
Layer 2: Information Assurance Policy
 Creates policies based on risk assessments
to guide how staff handles information
securely. It covers operational aspects,
information technology use, and individual
behavior. These policies comply with
relevant laws (HIPAA) and professional
ethics.
POLICY COMPONENTS
 Defines rules for protecting patient privacy
and confidential information.
 Ensures transparency in how individuals'
health data is used and shared.
 Establishes protocols to safeguard people
(patients, staff, visitors) from physical harm
caused by data breaches or service
disruptions.
Layer 3: Physical Safeguards
 Physical safeguards are critical for ensuring
the availability, trustworthiness, and
usability of electronic health
information(EPHI) at the point of care.
 Implements physical measures to protect
information assets as outlined in the
policies. These safeguards
addresshardware, software, facilities, and
personnel involved in handling health data.
HIPPA Security Rule
 facility-access controls
 work station-use policies and procedures
 workstation-security measures
 device and media controls
Layer 4: Operational Safeguards
 This layer outlines processes and
procedures for handling health information
securely throughout its lifecycle. It ensures
adherence to the information assurance
policy established in Layer 2.
KEY SAFEGUARD
Layer 5: Architectural Safeguards
 refer to technical design principles and
system components that collectively
establish a secure and resilient foundation
for health IT systems.
 Architectural safeguards apply whether
systems are centralized onsite, distributed,
or utilize cloud components and
virtualization. this layer focuses on
designing the technical infrastructure with
security in mind from the ground up. By
incorporating these architectural principles,
the foundation for robust security
safeguards is established.
KEY PRINCIPLES
1. Scalability - ability to handle growing data
and users
2. Reliability - consistency and uptime
through redundancy
3. Safety - fail-safe behaviors if components
fail
4. Interoperability - systems ability to
exchange data
5. Availability - services and data accessible
when needed
6. Simplicity - straightforward designs for
security and recovery
7. Isolation - separating processes and apps
to limit infection spread
Layer 6: Security Technology Safeguards
 are software/hardware components that
perform specific security functions like
access control, encryption, intrusion
detection etc.
 this layer focuses on the technical tools and
mechanisms used to implement the security
policies and procedures outlined in previous
layers. These safeguards work together to
create a robust security infrastructure for
protecting ePHI.
KEY SAFEGUARD
1. Authentication - verifying identity of users
and systems
2. Access Control - allowing only authorized
access to resources
3. Audit logs - recording security-relevant
system activity
 NCM 110: NURSING INFORMATICS
CORPORAL, MARIEL S. I BSN 2A – 2nd Semester
TOPIC: CHAPTER 10: TRUSTWORTHY SYSTEMS FOR SAFE AND PRIVATE HEALTHCARE

4. Data integrity - detecting unauthorized data

modifications
5. Non-repudiation - proving authenticity of
data source
6. Encryption - encoding data during storage
and transmission
7. Anti-malware - preventing, detecting and
removing viruses/spyware
8. Transmission security - protecting data
exchanged over networks

Layer 7: Usability Features

 Usability features make security protections
and technologies easier and more
convenient for end users.
 Single sign-on allows a user to authenticate
once to access multiple authorized
applications and systems within an
organization.
 Federated identity enables authenticated
access across multiple organizations
without reauthenticating. Both single sign-on
and identity federation work by passing the
user's verified identity and attributes to other
systems through encrypted security
assertions.