Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.

Slides:



Advertisements
Similar presentations
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Advertisements

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Office of Health, Safety and Security
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA
HIPAA Privacy Rule Training
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA TRAINING to satisfy the training requirement for School District # 435 Staff.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Springfield Technical Community College Security Awareness Training.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
Data Classification & Privacy Inventory Workshop
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Protecting Sensitive Information PA Turnpike Commission.
Electronic Records Management: What Management Needs to Know May 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
Confidentiality for Transportation Personnel.  Family Educational Rights and Privacy Act (FERPA)  Kentucky Family Educational Rights and Privacy Act.
Florida Information Protection Act of 2014 (FIPA).
Confidentiality for Transportation Personnel  Family Educational Rights and Privacy Act (FERPA)  Kentucky Family Educational Rights and Privacy Act.
Protecting Your Organization Identity Theft and Data Breach.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
© Copyright 2010 Hemenway & Barnes LLP H&B
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Western Asset Protection
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Confidentiality Annual Training. Board Policy JG Please follow the link below to access the board policy dealing with student discipline and confidentiality.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Understanding Privacy An Overview of our Responsibilities.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Understanding Privacy An Overview of our Responsibilities.
FERPA Family Educational Rights and Privacy Act
HIPAA Privacy Rule Training
E&O Risk Management: Meeting the Challenge of Change
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Overview What is a privacy breach? 2. Examples of privacy breaches 3. Consequences of privacy breaches 4. Steps to handling a privacy breach.
Chapter 3: IRS and FTC Data Security Rules
Family Education Rights and Privacy Act
Disability Services Agencies Briefing On HIPAA
DATA BREACHES & PRIVACY Christine M
Colorado “Protections For Consumer Data Privacy” Law
The Health Insurance Portability and Accountability Act
Presentation transcript:

Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013

Abt Associates | pg 2 Why Security is so Important Increase # of places that collect (and have lost!!) our private information Increase amount of personal identity or medical identity theft Increase in penalties for losing our information (e.g., HIPAA, FERPA) 1.Penalties for losing data, even if not misused 2.Penalties for failing to destroy once no longer needed = Culture of accountability and responsibility Abt Associates ISIS Data Security Refresher

Abt Associates | pg 3 Responsibility of Evaluators  Understand regulations  Protect confidentiality as promised  Report security incidents  Maintain the trust of evaluation participants Abt Associates ISIS Data Security Refresher

Abt Associates | pg 4 Common Security Regulations Regulation Type of dataLink Health Insurance Portability and Accountability Act (HIPAA) Individual health information (e.g., medical records) a/understanding/special/research/in dex.html Family Educational Rights and Privacy Act ( FERPA) Public school records /fpco/index.html Privacy Act of 1974 Data collected by or on behalf of federal agencies es/2013/09/11/ /privacy- act-of-1974-systems-of-records Human subjects regulations Data from human subjects research jects/guidance/45cfr46.html State/local laws e.g., social security #s

Abt Associates | pg 5 HIPAA and Breach Penalties Breach per HIPAA=unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information… Penalties Notify individuals affected Fines paid to government up to $1.5 million If > 500 individuals affected: Mandatory media notification and…

Abt Associates | pg 6 HIPAA Breach Penalties, cont. Website posting on the “HIPAA Wall of Shame” /breachtool.html /breachtool.html “HIPAA Wall of Shame” has 682 breaches reported since Sept 2009 Name of Covered EntityState Business Associate Involved Individuals AffectedType of Breach Location of Breached Information Milford Regional Medical CenterMA19,750Improper Disposal Paper Center for NeurosciencesAZ1,101Theft Laptop TRICAREVASAIC 4,901,432 Loss Backup Tapes Educators Mutual Insurance Association of Utah UTHealth Behavior Innovations5,700Theft CDs

Abt Associates | pg 7 FERPA (Family Educational Rights and Privacy Act)  Protects student education records  Requires destruction of personally identifiable information (PII) once no longer needed for study  Requires written agreements to obtain and protect data (“data use agreement”)  Penalty: denied access to student data for 5+ years

Abt Associates | pg 8 Data Security Plan Survival Guide

Abt Associates | pg 9 Classify Sensitivity of Data C. Sensitive Info Financial information (income, credit reports) Alcohol abuse Substance abuse Public assistance (e.g., SNAP, TANF, unemployment benefits) Health/mental health symptoms, conditions, disabilities Criminal behavior Sexual risk behaviors, reproductive history, family planning practices Opinions about program, employer that could jeopardize employment/benefits A. Common direct identifiers First + last name Social security numbers Contact info ( , cell #, address) Health plan #, Medicaid #, Medicare # B. Unique Participant ID A or (A + C) = Use security procedures C or (B + C) = de-identified sensitive info

Abt Associates | pg 10 Protect Data throughout Data Lifecycle Store Analyze/ Report Transport Archive/ Destroy Archive/ Destroy Collect

Abt Associates | pg 11 Data Security Plan Overview: Recipe to Protect Data Throughout Data Lifecycle Worksheet/Section 1 Data Security Contact Information Worksheet/Section 2 Evaluation Information Worksheet/Section 3 Description of Study Data & Study Security Procedures Worksheet/Section 4 Staff Training on Data Security & Monitoring Worksheet/Section 5 Deliverables Worksheet/Section 6 Physical Record Lifecycle Worksheet/Section 7 Electronic Record Lifecycle

Abt Associates | pg 12 Questions?

Abt Associates | pg 13 Outcomes at Abt After Using Data Security Plans  Increased staff understanding of and adherence to data security procedures for handling data  Compliance with regulations  Reduction of minor and major security incidents  Protection of data of evaluation participants  Positive feedback from clients

Abt Associates | pg 14 Contact Information  Sean Owen –  Teresa Doksum –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.