Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.

Slides:

Advertisements

Similar presentations

JCAHO –A HIPAA Business Associate National HIPAA Summit

Advertisements

Federal Law and Student Privacy and Federal Law and Health Care Privacy New Business Manager Training NMASBO.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept

HIPAA TRAINING to satisfy the training requirement for School District # 435 Staff.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

HIPAA and Beyond: Privacy and Confidentiality Legislative and Ethical Issues within Health Sciences Special Collections Judith A. Wiener, MA, MLIS, Assistant.

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA The Quiz... Instructions: Take the quiz on your own paper. Check your answers. Make corrections by writing the question as a true statement; i.e.,

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

The Center: A Non-HIPAA Covered EntityHopkins: HIPAA-covered Entity Health information is access-protected per institutional policy and is dependent.

Are you ready for HIPPO??? Welcome to HIPAA

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.

Data Classification & Privacy Inventory Workshop

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

IT Security Challenges In Higher Education Steve Schuster Cornell University.

HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.

Electronic Records Management: What Management Needs to Know May 2009.

DATA GOVERNANCE Presentation to CSG September 27, 2007 Mary Weisse Manager, MIT Data & Reporting Services

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.

Compliance Strategies for Records Management

Confidentiality for Transportation Personnel.  Family Educational Rights and Privacy Act (FERPA)  Kentucky Family Educational Rights and Privacy Act.

Student Confidentiality: The FERPA/HIPAA Facts AISD Policy Student Records AISD Procedure AP. 11.

HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.

 CONFIDENTIALITY ASD Special Education Watch what you say Where you say it To whom you say it.

THE FAMILY EDUCATION RIGHTS & PRIVACY ACT (FERPA) Presented by: Robin B. Snyder, Esquire.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Stanford Computer Security and You . Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets.

Confidentiality for Transportation Personnel  Family Educational Rights and Privacy Act (FERPA)  Kentucky Family Educational Rights and Privacy Act.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.

Confidentiality for Foodservice.  Family Educational Rights and Privacy Act (FERPA)  Kentucky Family Educational Rights and Privacy Act  Protection.

Research Access to Records Containing Protected Health Information A Review of 2014 Survey Results Emily R. Novak Gustainis, Head, Collections Services.

J. Rick Mihalevich Dean of Information Technology Linn State Technical College June 18, 2009.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.

HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.

Incident Documentation Campus Security Officer Training.

Western Asset Protection

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

Confidentiality Annual Training. Board Policy JG Please follow the link below to access the board policy dealing with student discipline and confidentiality.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.

Human Subjects Update E. Wethington, Chair, UCHS.

CONFIDENTIALITY. Three Confidentiality Laws 1.FERPA-Family Education Rights and Privacy Act (State Policy 4350: Procedures for the Collection, Maintenance.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.

Strategies in the Game of

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

Electronic Health Records (EHR)

Red Flags Rule An Introduction County College of Morris

HIPAA Summit West II San Francisco, California March 13-15, 2002

HIPAA Policy & Procedure Strategies

Making Your IRBs and Clinical Investigators HIPAA-Ready

FERPA and HIPAA for School Nurses and School Based Health Center Staff

Evaluation and assessment

School of Medicine Orientation Information Security Training

Presentation transcript:

Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard Medical School New England Archivists Friday, 21 March 2014 Balancing Privacy and Access While Processing Collections with Multiple Privacy and Confidentiality Concerns

Protecting Confidential Information Personally-Identifying Information  can lead to identity theft (ethical concern). Medical Patient Information  protected by the Health Insurance Portability and Accountability Act (HIPAA) in HIPAA-covered entities as protected health information (PHI). Student Information  protected by the Family Educational Rights and Privacy Act (FERPA) in government-funded educational institutions. Personnel Records  protected by various federal and state laws. Institutional and Corporate Records  often contains confidential operations information that can compromise the organization (ethical concern). Government Records  protected by President Executive Order 13526: Classified National Security Information Memorandum

Providing Access to Relevant Resources Genealogists  medical records; personnel records; student records. Biographers  medical records; personnel records; student records. Medical or Social Historians  medical records. Corporate historians  institutional and corporate records; etc.

Following Access Policies (or developing your own!) 

What Do You Need to Know? Consult access policy and policy-development documentation Legal Counsel  federal and state laws Records Manager  institutional restrictions Acquisitions Archivist  donor agreements National Archives and Records Administration’s “Frequently Asked Questions on Identifying and Handling Classified Records in Private Papers”.

The Center for the History of Medicine’s Access Restrictions Policy Record TypeRestricted Period (from date of creation) Comments Harvard University records50 yearsSometimes extended to corporate records of partner hospitals. Harvard University Personnel records and all non-Harvard HR records 80 yearsNot including curricula vitae or cover-letters. Health information equivalent to PHI 80 yearsNot a HIPAA covered entity. Student Records80 yearsNot including directory information. Critical mass of personally- identifying information 80 yearsWe only restrict if there is a combination of information that can lead to identity theft (e.g. ssn, home address, and credit card number).

Decision-Making While Processing 

Ideas for Balancing Time and Resources Be aware of legal and institutional obligations. Sample papers for sensitive information. Missed papers can be covered by researcher release form. Be aware of record types. i.e. Personnel files, patient files, publications, correspondence, research data.

Ideas for Increasing Access Separating restricted papers from original folder. Finding aid example: Redacting restricted information. Flagging social security numbers.

Providing Access and Making the Research Process Easier Applying for access through an Access Board. Describing access restrictions in the finding aid. Collection-level and series-level access notes. Collection-level example from finding aid: Folder-level access notes. Example from Finding Aid:

Consistency and Documentation Example documentation from a Center processing plan: Example documentation from the metrics database:

Thank You! Harvard Medical School. Center for the History of Medicine. “CHoM News.” National Archives and Records Administration. “Frequently Asked Questions on Identifying and Handling Classified Records in Private Papers.” Last modified 8 March United States Department of Education. “Family Educational Rights and Privacy Act (FERPA).” Accessed 11 March United States Department of Health and Human Services. “Health Information Privacy.” Accessed 11 March United States White House. “Executive Order – Classified National Security Information.” 29 December University of California at Berkeley. Office for the Protection of Human Subjects. “HIPAA PHI: List of 18 Identifiers and Definitions of PHI.” Accessed 11 March