Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)

Slides:



Advertisements
Similar presentations
Protect Our Students Protect Ourselves
Advertisements

HIPAA Security.
CONFIDENTIALITY / PRIVACY. Federal Laws Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA Health Insurance Portability and Accountability Act.
 Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
HFS DATA SECURITY TRAINING
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Protecting Sensitive Information PA Turnpike Commission.
CPS Acceptable Use Policy Day 2 – Technology Session.
HIPAA Privacy & Security Kay Carolin Barbara Ann Karmanos Cancer Center March 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Wake Forest University How To Care For Your New ThinkPad AND Computer Usage Policies.
University Health Care Computer Systems Fellows, Residents, & Interns.
Children’s Hospital Requirements for Remote Access.
Why Respect Privacy and Confidentiality? Access to Confidential Information (OP ) Protection and Security of Protected Health Information (OP.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Privacy Act United States Army (Managerial Training)
Computer Security Sample security policy Dr Alexei Vernitski.
Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Privacy What Every Staff Member Needs to Know.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Protect Our Students Protect Ourselves
HIPAA Privacy and Security
Protecting PHI & PII 12/30/2017 6:45 AM
Privacy and Security Basics for Falls Evidence Based Programs Data Collection . October 2016.
Privacy and Security Basics for CDSME Data Collection
HIPAA Privacy & Security
Protection of CONSUMER information
Privacy & Confidentiality
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Overview.
The Health Insurance Portability and Accountability Act
Good Spirit School Division
Move this to online module slides 11-56
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Protecting Student Data
The Health Insurance Portability and Accountability Act
Presentation transcript:

Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)

Goals and Objectives At the conclusion of this training session you will be able to: Define Personally Identifiable Information (PII) Recognize the responsibility of access to PII Discover best practices to deter PII violations Illustrate how to identify PII loss Demonstrate procedures to report a PII loss Employ proper communication procedures while working with PII 2

A message from the Chief Information Officer The purpose of this message is to highlight responsibilities of anyone having authorized access to the Social Security Administration’s (SSA) Personally Identifiable Information. This memorandum provides basic security guidance for SSA employees, contractors, DDS employees, and government or business partners who handle SSA information. TO: All SSA Employees, Contractors and DDS Employees SUBJECT: Properly Safeguarding Personally Identifiable Information - ACTION 3

This reminder regards your responsibilities to properly safeguard personally identifiable information from loss, theft or inadvertent disclosure and to immediately notify your management of any loss of personally identifiable information. Personally identifiable information includes, but is not limited to, a person’s name, date of birth, Social Security Number, bank account information, address, health records and Social Security benefit payment data. Employees who fail to adequately safeguard personally identifiable information by failing to secure it from theft, loss or inadvertent disclosure may be subject to disciplinary action. 4 A message from the Chief Information Officer TO: All SSA Employees, Contractors and DDS Employees SUBJECT: Properly Safeguarding Personally Identifiable Information - ACTION

Progress Check 1 What are some examples of Personally Identifiable Information? A)Date of birth, Social Security Number, home address B)Health records and bank account information C)Full name, initials, nickname D)All of the above 5

Improper Safeguards Non-Secure areas in your environment include: An office where the public visits Public spaces An unlocked room An unattended desk Computers without password protection Storage devices (flash drives, CD, etc) that others have access to (non-password protected) 6

Improper Safeguards The following slides provide examples of situations where Personally Identifiable Information is improperly safeguarded. 7

Leaving an unprotected computer containing Personally Identifiable Information in a non-secure space Public spaceUnlocked room Unlocked car 8

Leaving a claims folder unattended On one’s deskIn a non-secure areaPublic location 9

Storing electronic files containing PII A Computer with no password protection A flash drive A compact disc 10

Working from home with files containing PII An unlocked roomAn unattended desknon-locking file cabinet 11

Progress Check 2 What are the consequences for exposing PII through the improper safeguards we have just presented? A)Violators may be exposed to liability B)SSA may change your organization’s status to ‘not ready to serve’ C)There is potential for interception of information by criminals D)All of the above 12

Best Practices Every individual from users to managers of SSA’s automated systems are required to follow agency rules for using SSA systems. 13

Best Practices to Deter PII violations Be familiar with current information on security, privacy and confidentiality practices Obtain written authorization before using sensitive or critical applications. Use only systems and data for which they have authorization. Lock or logoff their workstation/terminal prior to leaving it unattended. Act in an ethical, informed and trustworthy manner. Protect sensitive electronic records Be alert to threats and vulnerabilities to their systems 14

Best Practices – Managers must: Monitor the use of mainframes, PCs, LANs, and networked facilities to ensure compliance with national and local policies Ensure that employee screening for sensitive positions within their components has occurred prior to any individual being authorized access to sensitive or critical applications. Implement, maintain and enforce systems security standards and procedures Immediately contact their security officer whenever a systems security violation is discovered or suspected 15

Best Practices – Management of Employee Standards while working with PII Explain to employees that they are responsible for protecting personal information at all times, both on and off duty. Permit employees to access PII only when they need to do their jobs and to disclose it only when appropriate Train employees to handle PII responsibly and remind them periodically of their responsibilities to protect all PII they use to complete their work 16

Best practices continued Train employees to avoid leaving paper documents and records containing PII on unprotected desktops Create an environment where confidential records are stored in locking file cabinets or locking desks. When taking records or laptops offsite, lock them in the car’s trunk. Do not leave them in the passenger compartment. Utilize a cross-cutting shredder to shred papers with personal information before throwing them out. 17

Best Practices – Management of Technology Do NOT send personal information via unless it is encrypted. This includes using any PII in the subject or body. Send reports and documents containing PII via regular mail or send them to a secure FAX location. Use password protection and encryption software to protect confidential files from unauthorized access. 18

Best Practices Continued Choose a password that others cannot guess and change it frequently. Protect with encryption those peripheral data storage devices such as CDs and flash drives with records containing PII. Encrypt files with PII before deleting them from your computer or peripheral storage device. This will ensure that unauthorized users cannot recover the files. Lock or log off the computer when leaving it unattended. 19

Progress Check 3 We have discovered best practices for managers and employees in deterring PII violations. What is NOT a best practice for communicating PII when it is necessary? A)Send documents with PII through regular mail and fax as an attached, encrypted file to an . B)Send reports or documents in the body of an C)Communicate PII through a phone call D)Upload documents or reports through the Ticket Portal 20

Identifying PII Loss Work areaCommunication 21

How to Identify PII Loss in Communications An unencrypted sent with a beneficiary's name, SSN, address, phone number or initials Receiving a request via with a beneficiary’s name, SSN, address, phone number or the initials of a beneficiary 22

How to Identify PII Loss in the Work Area A co-worker left out a document with personal information on an unattended desk. A co-worker moved from their computer that is displaying PII without turning off the monitor or removing the material from the screen. Leaving a document with PII unattended at a printer. 23

Progress Check 4 Choose the PII loss scenario from the list below: A)A co-worker sent an to the Ticket Program Manager (TPM) with an encrypted file B)An was received from a colleague with a DUNS number C)An IWP was left on a printer in the common area of an office D)A client had a conversation with an Intake Supervisor 24

Reporting a PII Loss 25

Reporting a PII Loss 1.Notify a supervisor/manager in your chain of command 2.Manager will complete the “SSA Personally Identifiable Information violation form” 3.Manager will the completed form to the Quality Assurance Coordinator at TPM 4.TPM will then report to SSA 26

Proper Communication with PII 27

Proper Communication with PII Ticket Portal Fax to TPM: Telephone call Encrypted U.S. mail 28

Progress Check 5 Proper communication with PII includes the Ticket Portal, sending a fax to TPM, talking on the phone, or sending a document through the U.S. mail, or sending ___________. A)A private B)An encrypted attachment C)A disguised D)A blind copy 29

Questions? 30 If you would like to contact Lisa Whitaker, Quality Assurance Coordinator for the Ticket Program Manager, she can be reached:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.