As medicine becomes more precise and individualized — and as technology makes collecting and dispensing data easier than ever — you may wonder about the safety of your personal health information.
The federal Health Insurance Portability and Accountability Act (HIPAA) requires protection of certain electronic data — such as any information that can identify you or that pertains to your physical or mental health, including treatments.
“But Rush goes beyond what’s HIPAA-mandated by protecting all of your health information against outside intrusion and inside breaches, including data that doesn’t contain your name or other identifiable information,” says Shafiq Rab, MD, MPH, senior vice president and chief information officer at Rush University Medical Center.
‘Moral and ethical duty’
Rush has the following safeguards in place to protect and defend your data:
- Thanks to encryption software, any would-be cyber-thief who tries to gain access to digital data would be unable to unscramble and use it.
- Privacy is a top priority of Rush employees. As part of their training, they learn to rigorously protect patient info by following several internal security guidelines.
- Rush is constantly checking the identity of authorized personnel to ensure that only people who need to know can see your patient health data.
- Rush hires outside security firms to test its computer system for weaknesses.
But what makes Rush stand out is a culturally embedded belief in the sanctity of patient health information. That belief is held by people across the organization — from doctors to nurses to patient registration specialists. “Patients come to Rush because they trust us with their health care,” Rab says. “It’s also our moral and ethical duty to take care of their health information.
Shafiq Rab, MD, MPH, is passionate about information technology because of its potential to improve people’s lives. He believes technological innovation is one of the best ways to enhance health care for individuals and society as a whole.