Nancy Cole, BS, CTR 1,2 Iris Zachary, MS, CTR, Doctoral Candidate 1,2,3 J. Jackson-Thompson, PhD, MSPH 1,2,3 1 Missouri Cancer Registry and Research Center.

Slides:



Advertisements
Similar presentations
Protect Our Students Protect Ourselves
Advertisements

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Information Technology Disaster Recovery Awareness Program.
FERPA: UPDATE ON THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Presented by Brenda V. S. Selman University Registrar-MU University of Missouri-Columbia.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Meet Grace! Grace is our newest team member! She is here to make it easier to keep track of all your HR related documents digitally. Grace will always.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
Keila E. Pena-Hernandez NAACCR 2010 Annual Conference Quebec, Canada 06/24/ 2010.
David Assee BBA, MCSE Florida International University
System Security & Patient Confidentiality General Lesson 1.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
Privacy, Security, Confidentiality, and Legal Issues
Purpose: To: 1) examine participation of target groups (older women, inner city and rural women; African-American women); and 2) assess impact of the “high.
Help Is On The Way: Computer-based Training (CBT) for Non-registry Hospitals Brenda L. Lee, CTR Missouri Cancer Registry University of Missouri-Columbia.
Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Complying with Privacy to Enable Innovation & Research
Recruitment and Retention of Tumor Registrars: the Missouri experience J. Jackson-Thompson, MSPH, PhD Sue Vest, BA, CTR Missouri Cancer Registry, University.
Family Educational Rights & Privacy Act (FERPA) An Overview for University Faculty and Staff.
Developing a Records & Information Retention & Disposition Program:
Steps to Compliance: Risk Assessment PRESENTED BY.
Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Creating a Career Track for Cancer Registrars. J. Jackson-Thompson, MSPH, PhD Missouri Cancer Registry, University of Missouri, Columbia
Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.
Alena Headd, MSIT, Software Support Analyst, Missouri Cancer Registry and Research Center (MCR-ARC) University of Missouri School of Medicine, Health Management.
SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Introduction to the Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs CSTE.
Improving data security and maintaining patient confidentiality in a time of evolving information technology (IT) and limited resources.
HIPAA PRIVACY AND SECURITY AWARENESS.
Security and Privacy Strategic Global Partners, LLC.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
David N. Wozei Systems Administrator, IT Auditor.
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Compliance Strategies for Records Management
IN THE MEANTIME…. INTERIM SOLUTIONS TO AUTOMATED DATA CAPTURE.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
What’s the Diff? Sue C. Vest, CTR Missouri Cancer Registry This project was supported in part by a cooperative agreement between the Centers for Disease.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Chapter 2 Securing Network Server and User Workstations.
Data Breach: How to Get Your Campus on the Front Page of the Chronicle?
Say Goodbye to Paper: Web-Based Reporting is Here! Iris Zachary, MS, CTR, Missouri Cancer Registry.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
My Trip Into the Land of Oz Angela Warner Martin, BS.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
The Health Insurance Portability and Accountability Act 
LVF Audits – an Overview
Data Security Policies
Understanding HIPAA Dr. Jennifer Lu.
Obligations of Educational Agencies: Parents’ Bill of Rights
Awatef Ahmed Ben Ramadan
County HIPAA Review All Rights Reserved 2002.
Privileged Communications
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Lesson 1: Introduction to HIPAA
Move this to online module slides 11-56
HQ Expectations of DOE Site IRBs
TRACE INITIATIVE: Confidentiality, Data Security, and Procedures for Protocol Violation or Adverse Event.
Presentation transcript:

Nancy Cole, BS, CTR 1,2 Iris Zachary, MS, CTR, Doctoral Candidate 1,2,3 J. Jackson-Thompson, PhD, MSPH 1,2,3 1 Missouri Cancer Registry and Research Center 2 Department of Health Management & Informatics 3 University of Missouri Informatics Institute University of Missouri, Columbia, MO MCR is supported in part by a cooperative agreement between the CDC and the Missouri Department of Health and Senior Services (DHSS) (#U58/DP ) and a Surveillance Contract between DHSS and the University of Missouri.

 MCR-ARC:  Katrina  2008 – Audit  MoSTRA – 2010 Annual Meeting  Informal comments - Hospital registrars & other cancer reporters  Conclusion: Best practices not in place in many facilities

Examples: DC response contained MD’s credit card application What did the credit card company receive? Records w/ PHI Not double wrapped Torn envelopes

 Registrars should not rely on others to ensure the security of their data/records  Creating awareness of potential issues should allow registrars to improve their registry’s security, and  Educate others in their own institution The goal –  prevent unauthorized access to data; and  eliminate processes that may result in a data breach

MCR Newsletter – Security Section

 Survey: ed to 59 electronically reporting hospitals  # cases varies from c s  Several non-CoC  Response rate - 40%  Possible bias:  Hospitals with poor data security practices - less likely to respond?  # of beds – not asked  Anonymous – size, CoC

 Security measures - changing due to fewer paper documents  Respondents with entirely electronic records – 37%  All paper – 1 respondent  Combination – all others

 The majority of facilities have many basic data security practices in place  Secure fax machines/computers  Locked file cabinets in secure locations  Patient access restrictions to areas w/patient data  60% said custodial services provided after work hours

 Facility size not good indicator of data security or practices  A small facility may be small but have excellent security  A large facility may not have all security measures in place

 A few registrars do not know where to find institution’s data security policies & procedures  The majority have attended/ participated in data security awareness/education program at hospital (class or online)

 Two-thirds said registry job descriptions/evaluations included information about data security expectations  99% said consequences for failure to abide by data security P&P have been communicated

 All but one hospital required the use of “strong” passwords  Registrars who work remotely felt there were adequate security measures in place

 All registrars indicated paper materials were disposed of securely  Joplin (more later)  However, 60% said follow-up letters are not sent in tear-proof envelopes  All said their electronic data was appropriately protected  Joplin again (later)

 c. ¼ of the registrars did not know if a risk analysis had been conducted or if their registry had been reviewed during a risk analysis

 Initial survey responses created additional questions  Disaster plans (including off-site backup)?  Computer OS (to see if encryption available)?  Use of encrypted ?

 Newsletter supplement to include security checklist (best practices)  Glossary of data security terminology  Live Meeting presentation  Info in each quarterly newsletter

 Lessons from Katrina & Rita usa.org/files/public/Fall2006_V33.3.pdf  Disaster Recovery – Lessons from Tulane’s Response to Katrina 9p10.shtml  Rebuilding Healthcare in Post-Katrina New Orleans healthcare-in-post-katrina-new-orleans-.html healthcare-in-post-katrina-new-orleans-.html

 The patient has a right to feel confident that all identifiable information about him/her possessed by the cancer registry will be kept confidential unless he/she waives the privilege, or release of the information is compelled by statute, regulations or other legal means.

 EHR migration started in May 2011  incomplete  All previous records are paper  still abstracting 2010 cases  Offsite data backup/storage (multiple servers – in another city, in other destroyed buildings on hospital campus, etc.)  Not sure where cancer registry data stored/backed up.

 Melamedia LLC – track HIPAA & Breach Enforcement for Free  Healthcare IT news – published in partnership with HIMSS  Government Computer News (GCN) -  Federal Computer Week -  Government Health IT -

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.