HIPAA Security Training 2005

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

HIPAA Security.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
HIPAA Health Insurance Portability and Accountability Act 1.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
New Data Regulation Law 201 CMR TJX Video.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
HIPAA Privacy & Security Kay Carolin Barbara Ann Karmanos Cancer Center March 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Children’s Hospital Requirements for Remote Access.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Working with HIT Systems
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
HIPAA Health Insurance Portability and Accountability Act of 1996.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
1 HIPAA Information Security Awareness Training “Good Computing Practices” for Confidential Electronic Information For All NXC Employees October 2011.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
East Carolina University
HIPAA Privacy & Security
Move this to online module slides 11-56
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
County HIPAA Review All Rights Reserved 2002.
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA & PHI TRAINING & AWARENESS
Presentation transcript:

HIPAA Security Training 2005                                                                                                Security Training 2005

Introduction To improve the effectiveness of the health care system in protecting patient health information the federal government signed into law the Health Insurance Portability and Accountability Act in 1996. HIPAA, as it is commonly known provides health care entities with guidelines on how it must secure and safeguard electronic Protected Health Information (ePHI). This course: Explains the differences between HIPAA Security and Privacy Rules. Outlines new security regulations. Identifies new security-related policies and procedures. Reviews your role in protecting patient information. Use this template to create Intranet web pages for your workgroup or project. You can modify the sample content to add your own information, and you can even change the structure of the web site by adding and removing slides. The navigation controls are on the slide master. To change them, on the View menu, point to Master, then choose Slide Master. To add or remove hyperlinks on text or objects, or to change existing hyperlinks, select the text or object, then choose Hyperlink from the Insert menu. When you’re finished customizing, delete these notes to save space in your final HTML files. For more information, ask the Answer Wizard about: The Slide Master Hyperlinks

HIPAA Security HIPAA Security becomes effective on April 21, 2005. HIPAA Security and Privacy go hand-in-hand. While the Privacy Rule, effective on April 14, 2003 covers all forms of protected health information (PHI), the Security Rule only applies to PHI in electronic forms.

What is HIPAA Security? With a focus on the protection and monitoring of Electronic Protected Health Information (ePHI), HIPAA security regulations require an entity to: Ensure the confidentiality, integrity, and availability of all electronic PHI (ePHI). Protect against any reasonably anticipated threats and uses or disclosures not allowed by the Privacy Rule. Mitigate threats by using safeguards reasonably and appropriately implemented that conform to the Security Rule standards.

What is PHI? Protected Health Information (PHI) consists of patient identifiable information delivered via paper, verbal communications or electronic means. Examples include: Patient name Address Date of birth SS# Medical record # Email address Identifiable health information may be shared among caregivers for the purposes of: Treatment, Payment or Healthcare Operations (TPO). Healthcare Operations include: QA/QI, Utilization Review, Disease, Management, Credentialing, Auditing, etc. Any other use of PHI or disclosure information, i.e., research, marketing, etc. requires the written authorization and consent of the patient.

Privacy/Security Comparison Similarities and Differences between HIPAA Privacy and Security PRIVACY Patient focused PHI – electronic, paper, or verbal Privacy officer Privacy awareness training Business associate contracts Policies and procedures that meet privacy standards SECURITY Covered entity focused PHI – only electronic Security officer Security awareness training Business associate contracts Policies and procedures that meet security standards

HIPAA Security Safeguards HIPAA Security safeguards fall into the following 3 main categories: Technical Access Control Audit Control Integrity Person or Entity Authentication Procedures in place that protect and monitor information access and prevent unauthorized use of data transmitted over the network. Physical Facility Access Workstation Use Workstation Security Device & Media Controls Protection of computer systems, building sites, and equipment from hazards and/or intrusions. Administrative Security Mgmt., Security Officer Workforce Security, Access Mgmt. Training, Incident Procedures Policies and procedures utilized to manage the selection and execution of security measures.

Technical Safeguards Using PHI Information Access is given on a “need-to-know” basis. Access to a system does not imply it is appropriate to search any patient information at will simply to satisfy a curiosity. Use/access the absolute minimum patient information. For information not currently available to you, ask your manager or supervisor for approval.

Computer Security Computer and information technology are a significant component to our business structure at BWH. Never leave any PHI data displayed on your monitor when you’re away from your desk. Lock your computer. Click on the yellow lock symbol at the bottom right of the task bar to enable the PHS Password Protected Screensaver. Do not download files to local directories or copy files to external devices, such as floppy disks, CDs, and flash drives without authorization. CDs, floppy disks, etc. must be physically destroyed when no longer needed. For example, break a CD or floppy disk in half.

Computer Viruses/Malicious Software Viruses can range from seemingly harmless “jokes,” all the way to widespread destructive infections that can shut down an entire network. Do not open email attachments from unknown senders. If an email looks suspicious – don’t open it! Delete it! If you think you downloaded a virus, contact the Help Desk. Avoid free downloads and software such as WeatherBug and Search bars. These are examples of spyware that interfere with PHS applications as well as bog down the system.

Protecting Portable ePHI Portable electronic media covers devices, such as laptops, diskettes, CD’s, zip drives, flash drives, PDA’s, etc All movement of electronic media containing ePHI into and out of BWH must be tracked and logged. BWH employees who move electronic media or information systems containing ePHI are responsible for the subsequent use of such items and must take all appropriate and reasonable actions to protect them against damage, theft, and unauthorized access. Prior to downloading/moving ePHI, refer to HIPAA Security Policy, Accountability of Electronic Media.

Controlling PHI Access Collecting PHI requires a controlled, secure environment to store information. As Employees Do not attempt to view information you have not been authorized to access. Memorize your password, never write it down. If you suspect your password has been compromised, change it immediately or call the Help Desk and request a new one. Audits are run regularly to ensure appropriateness. As Managers Authorize employees to receive minimum access to perform their jobs. If you’re a ‘key giver,’ identify the user’s role before giving them access. Conduct periodic application monitoring to identify and track who accessed PHI and determine its appropriateness. Remove an employee’s ability to access PHI within 24 hours after their termination date.

Email Use Emails containing PHI should be limited to instances of absolute necessity. Determine the following: Has the patient authorized you to communicate with them or a member of their family via email? Has all extraneous information been removed from the content of the message? Has the PHS disclaimer been linked to your outgoing messages? Have you password protected your files? For more information, refer to Clinical Email Guidelines in the BWH Administrative Policy Manual.

Physical Safeguards BWH Security staff regularly monitors those entering the building. Staff and employees must wear ID badges at all times. Report suspicious behavior. Restricted areas must remain restricted. Read and understand the BWH Privacy and Security policies, your departmental policies, and regulations regarding visitors.

Contingency Planning – BWH IS Contingency planning is important for maintaining the integrity of PHI. Partners Information Systems has policies and procedures in place in the event of a network or system failure. These procedures include: Methods to back up data in case of a system failure. Plans to protect data in case of an emergency or disaster. Methods to access data if due to an emergency, you cannot access it in the usual way.

Contingency Planning - BWH To learn more about contingency planning, refer to the online BWH Crisis Resource Manual (CRM). To access the BWH CRM, go to: Start Menu> Partners Applications > Clinical References > BWH Crisis Resource Manual (CRM). - OR - BWH Pike Notes > Hospital-wide Policies And Manuals > Emergency Management Manual > BWH Crisis Resource Manual (CRM).

Administrative Safeguards As part of HIPAA security, BWH has implemented a broad program that includes policies, procedures, standards and guidelines to guide, protect and support you. BWH strongly encourages you to report any issues or concerns you have about HIPAA security. If you observe any inappropriate activity, it is your responsibility to report it. Speak with your manager or supervisor. Email the BWH HIPAA Security Office mailbox. Call the BWH Compliance Hotline (617) 732-8907 to make an anonymous report.

You have completed the BWH HIPAA Security Training Course Congratulations You have completed the BWH HIPAA Security Training Course