School of Medicine Orientation Information Security Training

Slides:



Advertisements
Similar presentations
A Guide to Compliant Data Management
Advertisements

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Protecting Sensitive Information PA Turnpike Commission.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Compliance Strategies for Records Management
Arkansas State Law Which Governs Sensitive Information…… Part 3B
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Personal Accountability for Data Stewardship st Year Medical Students Noella RawlingsBrad Peda Director of ComplianceInformation Security Program.
Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Reviewed by: Gunther Kohn Chief Information Officer, UB School of Dental Medicine Date: October 20, 2015 Approved by: Sarah L. Augustynek Compliance Officer,
Information Security Awareness Training
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA Privacy and Security
Protecting PHI & PII 12/30/2017 6:45 AM
HIPAA PRIVACY & SECURITY TRAINING
Lewis Creek Systems, LLC
Lewis Creek Systems, LLC
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Use of BMC Patient Information Privacy & Security
Privacy & Confidentiality
Information Security 101 Richard Davis, Rob Laltrello.
HIPAA and RESEARCH DATA SECURITY
HIPAA & RESEARCH DATA SECURITY FOR BU RESEARCHERS
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
County HIPAA Review All Rights Reserved 2002.
HIPAA Overview.
Information Security Training
Mayo Clinic Privacy Office
HIPAA & PHI TRAINING & AWARENESS
General Data Protection Regulation Q & A Session
Move this to online module slides 11-56
Introduction to the PACS Security
The Health Insurance Portability and Accountability Act
Presentation transcript:

School of Medicine Orientation Information Security Training August 2019

What We Will Cover Today Security Basics How to Report a Security Concern or Breach

Sources of Healthcare Confidentiality Obligations HIPAA: Privacy, Security, and Breach Notification Rules Massachusetts law: General confidentiality, combined with obligation to report in certain circumstances Department of Public Health (DPH) licensing law also requires confidentiality Professional Codes of Ethics Healthcare Research is regulated by Institutional Review Board regulations (federal), and contractual obligations – federal funding and data use agreements

Main Source of Healthcare Confidentiality Obligation

What’s The Big Deal? At Feinstein Institute for Medical Research, an unencrypted laptop was stolen from a car, containing data of about 50 research studies and approximately 13,000 individuals Big money payment: settled alleged HIPAA violations for $3.9 million Ongoing government scrutiny: three year corrective action plan Loss of confidence and reputation: required to notify research subjects and media outlets

Safeguards: BU Restricted Use Data Paper PHI Verbal PHI Photos, video, audio Electronic PHI Patient info in any form must be protected

Secure Your Devices Every device (e.g., desktop, laptop, phone) used to access, process, or store patient or research data must have: Operating system that is supported and updated Anti-malware (McAfee free) Disk encryption Auto screen lock (15 min max) www.bu.edu/tech (search for securing devices)

Phishing emails Almost every phishing attack is successful. At least a few users Click on a link or document that triggers a malware download, or Provide login credentials (i.e., name and password) BU will never ask for login credentials by email Check before you Click Odd spelling, unexpected request Hover over links look at sender email address Suspicious email? forward to abuse@bu.edu

BU Data Protection Standards, Classification Policy Restricted Use: loss or misuse may require notification to individuals or state/federal government, includes: HIPAA, individually identifiable health information used in research SSN, driver license #, debit/credit card #, checking account # (billing records) Confidential: loss or misuse may adversely affect individuals or BU business, such as HIPAA Limited Data Set or FERPA (info about you - students) Internal: potentially sensitive, requires protection from disclosure Public: does not require protection from disclosure

Storing and Sharing Research Data Restricted Use BU Restricted Use network drive (Y Drive) BU Microsoft SharePoint, OneDrive, Teams, etc. BU REDCap and MyCap app for research Confidential MCHPCC Shared Computing Cluster (SCC4) for HIPAA Limited Data Set Google Drive and other Google apps cannot be used for HIPAA or HIPAA Limited Data Set, only student (FERPA) or school related communications BU Email options (Outlook and Gmail cannot be used – no encryption) Use Data Motion to send a secure email or Encrypt the document or spreadsheet before attaching it. If you choose to encrypt the document and send it via non-secure email, take care to avoid identifying individuals in the subject line or body of the email.

What is a Breach? Any unauthorized access, use, or disclosure of patient information (includes unintentional) Theft or loss of devices Unauthorized viewing/accessing, including snooping Handing or sending PHI to the wrong person Hacking / Cyberattack

Reporting Loss of Confidential Patient Information Notify your department and send an email to the BU Incident Response Team (irt@bu.edu) Information Security will to determine who to involve and report to No provider or researcher is authorized to report, only BU Information Security in coordination with the appropriate BU Offices can report We’ll assess the situation, determine whether any notifications need to be made, and help you analyze how similar events can be prevented.

Resources General Computer Help: bumchelp@bu.edu Securing Devices: http://www.bu.edu/tech/support/information-security/securing-your-devices/ or bu.edu/tech (search for securing devices) BU HIPAA Policy: www.bu.edu/hipaa BUMC Information Security Officer David Corbett: corbettd@bu.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.