June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.

Slides:



Advertisements
Similar presentations
Protecting Patient Privacy:
Advertisements

CONFIDENTIALITY / PRIVACY. Federal Laws Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Anne Arundel County Fire Department
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
NAU HIPAA Awareness Training
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
Springfield Technical Community College Security Awareness Training.
WASHINGTON STATE DEPARTMENT OF REVENUE PROTECTING CONFIDENTIAL TAX INFORMATION.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
Presented by: Roberta Ward CDHS Privacy Officer Phone: (916)
1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
From HIPAA to HITECH OMH Briefing.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
Breach vs. Security Incident A security incident is an actual or suspected occurrence of: Damage, destruction, unauthorized access or disclosure of.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Why Respect Privacy and Confidentiality? Access to Confidential Information (OP ) Protection and Security of Protected Health Information (OP.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Update on Privacy Issues at USU October 10, 2013.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
2015 Privacy & Security Refresher. Presenters  Dana Williams  Privacy Officer  (501)  Stephen Yarberry  Chief Information Security Officer.
Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.
Patient Privacy and Security of
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
Protecting PHI & PII 12/30/2017 6:45 AM
East Carolina University
HIPPA/HITECH Act Requirements Under the Business Associate Agreement Between CNI and Military Health Services.
Privacy Notice - Requirements
Disability Services Agencies Briefing On HIPAA
Employee Privacy and Privacy of Employee Information
National HIPAA Audioconferences
Move this to online module slides 11-56
HQ Expectations of DOE Site IRBs
The Health Insurance Portability and Accountability Act
School of Medicine Orientation Information Security Training
Presentation transcript:

June 04, 2013 Robin Thomas, NC III, Presenter

PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or State laws. Federal Law is the HIPAA Privacy Rule and State Law is the Information Practices Act of Privacy breaches may be paper or electronic, and may occur when information is transmitted to an unintended or unauthorized recipient. Examples of paper breaches include: Misdirected paper faxes with PHI/PCI outside of the Department Loss or theft of paper documents containing PHI/PCI Mailings with PHI/PCI to incorrect providers or service recipient Examples of electronic breaches include all of the following if they contain PHI/PCI: Stolen unencrypted laptops, hard drives, or PCs Stolen unencrypted thumb drives Stolen unencrypted compact discs (CDs) Misdirected electronic fax to a person outside of authorized State government

INCIDENT REPORTING State policy requires Departments to follow specified notification and reporting processes when information security incidents occur…and this process starts with you! As soon as you are aware that an incident has occurred, report it to your supervisor immediately. In addition, as applicable to the incident, you must report: description of the information disclosed or accessed by an unauthorized person the primary business processes involved

Breach Reporting If a breach of security is suspected, you must immediately report it to the CDPH Information Security Office If you suspect CDPH confidential or sensitive information was viewed by an unauthorized individual, you must also notify the CDPH Privacy Office Make sure to keep your Supervisor informed.

First Contact: Stephen Stuart, Privacy Officer/Sen. Staff Counsel Privacy Office, Office of Legal Services (916) Ivory Mitchell, Privacy Analyst Privacy Office, Office of Legal Services (916)

STEP ONE to Stephen and Ivory: A clear and concise description of the incident No abbreviations or acronyms. The PO or the ISO are not familiar with Newborn Screening’s or other entities abbreviations or acronyms. Forms 1-4 listed on the next page

STEP ONE Complete and submit forms to the Privacy Office 1.CDPH Breach Incident Reporting Form cdph 2375 submit one form per incident 2. HIPAA Breach Notification Checklist complete one for each party involved 3. State Breach Notification Checklist complete one for each party involved 4. Security Incident Determination Checklist submit one form per incident The privacy office will review and determine Whether a breach occurred and next steps.

STEP TWO The Privacy Office will draft letters for mailing. Review the letters for necessary corrections and send approval back to the privacy office. The Privacy Office will update letters. Print letters, obtain Program chief signature, copy for file and mail to affected parties. Update and print Notification Log for file.

STEP THREE Complete and submit forms to the Privacy Office 5.Completed Breach Corrective Action Plan 6.Send copy of Notification Log 30 days after letters mailed. 7.Update Notification Log if any communication received.

Office of Information Security Contacts: Brian Issertell Department of Public Health Information Security Office (916) Greg Meixner (916)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.