Privacy and Security Basics for CDSME Data Collection Sue Lachenmayr, MPH, CHES Updated April 10, 2014.

Slides:



Advertisements
Similar presentations
Mandatory training for all Users who have access to Privacy Act Data
Advertisements

Privacy and Security Basics for CDSME Data Collection Sue Lachenmayr, MPH, CHES.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Overview of the Privacy Act
Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Office of Health, Safety and Security
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Informed Consent.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
WASHINGTON STATE DEPARTMENT OF REVENUE PROTECTING CONFIDENTIAL TAX INFORMATION.
1 DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY WARFIGHTER SUPPORT.
RVCC FACULTY FERPA WORKSHOP OCTOBER 2011 DAN PALUBNIAK REGISTRAR
Critical Data Management Indiana University HR Summit April 24, 2014.
Complying with Privacy to Enable Innovation & Research
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 10 Privacy Policy © Routledge Richard.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
CDSME Data Collection Requirements and Procedures January 9, 2014 update You Can! Live Well, Virginia!
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Created May 2, Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?
The Data Protection Act
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Health Budgets & Financial Policy Privacy and HIPAA Security 15 December & December, & 1600 Bridge Number:
CPS Acceptable Use Policy Day 2 – Technology Session.
1 PUBLIC HEALTH DIVISION Health Promotion and Chronic Disease Prevention Privacy and Security Basics for Self-Management Participant Data Collection Laura.
Health & Social Care Apprenticeships & Diploma
Confidentiality and Public Information Act LISD Special Education Department Training SY
1 DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY WARFIGHTER SUPPORT.
PRIVACY AND INFORMATION SECURITY ESSENTIALS Information Security Policy Essentials Melissa Short, IT Specialist Office of Cyber Security- Policy.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
INFORMATION TECHNOLOGY SERVICES Privacy 101 Information Security and Privacy Office.
Privacy and Information Management ICT Guidelines.
HIPAA (health insurance portability and accountability act)
Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.
FERPA: What you Need to Know The Family Educational Rights and Privacy Act & SEI.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
ISO/IEC 27001:2013 Annex A.8 Asset management
Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.
Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Privacy What Every Staff Member Needs to Know.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Protecting PHI & PII 12/30/2017 6:45 AM
Privacy and Security Basics for Falls Evidence Based Programs Data Collection . October 2016.
Privacy Education Session CMHA-WECB/CCHC Volunteers/Students
Privacy and Security Basics for CDSME Data Collection
Records Retention NYS Magistrates’ Association
Privacy & Confidentiality
Privacy of Client Data.
ACL’s New Data Requirements (Administration on Community Living)
Disability Services Agencies Briefing On HIPAA
HIPAA Overview.
The Health Insurance Portability and Accountability Act
Good Spirit School Division
Lesson 3: Medical Records
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
TRACE INITIATIVE: Confidentiality, Data Security, and Procedures for Protocol Violation or Adverse Event.
Presentation transcript:

Privacy and Security Basics for CDSME Data Collection Sue Lachenmayr, MPH, CHES Updated April 10, 2014

2 A nonprofit service and advocacy organization © 2012 National Council on Aging Training for CDMSE Data Collection Overview  Purpose of the Privacy Act  Primary Features of the Act  Who Needs Privacy Training?  Master Trainers and Lay Leaders  Program Coordinators and Data Collection/Data Entry Personnel  Types of Information Protected by the Act  Disclosure  Safeguarding, Transporting and Disposing of PII  Roles and Responsibilities  Test Questions  Certificate

3 A nonprofit service and advocacy organization © 2012 National Council on Aging Privacy Act of 1974 Public Law (5 U.S.C.A. 552a)  Purpose: to protect records that can be retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol.  The act was created in response to concerns about how the use of computerized databases might impact individuals' privacy rights.  requires government agencies to show individuals any records kept on them  requires agencies to follow "fair information practices," when gathering and handling personal data.  places restrictions on how agencies can share an individual's data with other people and agencies.  lets individuals sue the government for violating of these provisions /

4 A nonprofit service and advocacy organization © 2012 National Council on Aging Who Needs to be Trained? If your work involves the management of sensitive information, PII (Personally Identifiable Information), or protected health information, you need to ensure you are taking precautions to protect it from unauthorized access/disclosure, theft, loss and improper disposal.

5 A nonprofit service and advocacy organization © 2012 National Council on Aging Who Needs to Be Trained?  Employees,  Managers,  Supervisors,  Coordinators,  Master trainers (MTs), and  Lay leaders (LLs), including volunteers who are involved in the collection, handling, and/or data entry of Personally Identifiable Information (PII) on individuals participating in CDSME.

6 A nonprofit service and advocacy organization © 2012 National Council on Aging What Type of Training is Needed?  Training for program coordinators and program implementers  The rights of individuals participating in CDSME  The appropriate protection of PII shared by CDSME participants at the workshop level  The appropriate storage and transfer of participant forms  Training for individuals completing data entry and data transfer  The appropriate protection of PII shared by CDSME participants at the workshop level  The appropriate storage, transfer and destruction of data forms  Security requirements for electronic data transfer, storing and degaussing (destruction)

7 A nonprofit service and advocacy organization © 2012 National Council on Aging Types of Information Covered by the Privacy Act Sensitive: if the loss of confidentiality, integrity, or availability could be expected to have a serious, severe or catastrophic adverse effect on organizational operations, organizational assets or individuals. Sensitive: Protected Health Information: Individually identifiable health information that relates to a person’s past/present/future physical/mental health, health care received, or payment. Protected Health Information:

8 A nonprofit service and advocacy organization © 2012 National Council on Aging Information Protected by the Privacy Act

9 A nonprofit service and advocacy organization © 2012 National Council on Aging Information Protected by the Privacy Act PERSONALLY IDENTIFIABLE INFORMATION (PII) "the term Personally Identifiable Information means any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, date and place of birth, mother’s maiden name, biometric records, etc., including any other personal information which is linked or linkable to an individual.“

10 A nonprofit service and advocacy organization © 2012 National Council on Aging Disclosure  No agency or person shall disclose: – any record – by any means of communication – to any person or another agency – without a written request or prior written consent of the individual to whom the record pertains  “any means of communication” includes oral (phone, in- person), written and electronic ( s, faxes, texts, tweets, pins, etc.)

11 A nonprofit service and advocacy organization © 2012 National Council on Aging Safeguarding PII  PII must always be treated as “FOR OFFICIAL USE ONLY” and must be marked accordingly.  This applies not only to paper records (including , faxes, etc., which must contain the cautionary marking “FOR OFFICIAL USE ONLY – FOUO”).  All records containing PII should be stored in locked filing cabinets or other secure containers to prevent unauthorized access.  Electronic records must be password protected and be transferred via encrypted .

12 A nonprofit service and advocacy organization © 2012 National Council on Aging Transporting PII  Hand Carrying  Use a Cover sheet to shield contents  Using Mail  Use manila or white envelopes  Mark the envelope to the attention of the authorized recipient  Never indicate on the outer envelope that it contains PII  Using  Password protect personal data placed on shared drives, the Internet or the Intranet  Use encrypted  Do not send PII to a personal, home or unencrypted address  Announce in the opening line of the text (NOT the subject line) that FOUO information is contained

13 A nonprofit service and advocacy organization © 2012 National Council on Aging Disposing of PII  A disposal method is considered adequate if it renders the information unrecognizable or beyond reconstruction.  Disposal methods may include:  Burning  Melting  Chemically decomposing  Pulping  Pulverizing  Shredding  Mutilating  Degaussing (erasing from magnetic field or disc)  Deleting/Emptying Recycle Bin %20revised%20june% pdf

14 A nonprofit service and advocacy organization © 2012 National Council on Aging Your Role and Responsibility  Take privacy protection seriously  Respect the privacy of others  Ensure messages, faxes and s that contain personal information are properly marked and is encrypted  Make sure you have consent forms in place for PII  Don’t share PII with individuals who are not authorized  Have appropriate transfer, storage and disposal protocols in place for PII  Do not PII to personal, home or unencrypted accounts

15 A nonprofit service and advocacy organization © 2012 National Council on Aging Your Role and Responsibility  Read the Group Leader Script to advise all participants of their right to consent or refuse use of data about them  Effective November 18, 2013, the use of a written consent form is no longer required  Please ask both funded and non-funded sites to use the group leader script to allow for the collection and entry of participant data into the NCOA database

16 A nonprofit service and advocacy organization © 2012 National Council on Aging Your Role and Responsibility  All individuals involved in providing CDSME programs must sign Non-Disclosure Agreements  All individuals involved in data collection, data transfer and/or data entry must sign Non-Disclosure Agreements  Non-Disclosure Agreements should be maintained for 3- years after the end of the grant and stored by the state leader or the state’s designee for data collection/data entry  Non-Disclosure Agreements do not contain PII, so they can be faxed, ed or mailed without encryption or privacy restrictions

17 A nonprofit service and advocacy organization © 2012 National Council on Aging Master Trainers and Lay Leader Role  Use the CDSME Program Group Leader Script at a Class Zero pre-session or at the start of Session 1 and with any new participants who start at Session 2  The script explains why participant data is being collected and how it will be kept secure  Emphasize that completing the survey is voluntary  Individuals may skip any questions they do not want to answer  Individuals may choose to not complete the Survey, but they can still participate in the program  Store surveys in sealed envelope and mail to appropriate program coordinator

18 A nonprofit service and advocacy organization © 2012 National Council on Aging Program Coordinator/Data Entry Roles  Store completed CDSME forms in a secure, locked cabinet when not in use  Enter data into secure, password protected database, such as the CDSME database  Destroy participant data forms after data entry

19 A nonprofit service and advocacy organization © 2012 National Council on Aging Test Questions – Circle all correct answers 1.Information about an individual that is unique, or identifies or describes him or her (such as Social Security Number, medical history, date of birth, home address) is called: a.Interesting b.Record c.Data d.Personally Identifiable Information

20 A nonprofit service and advocacy organization © 2012 National Council on Aging Test Questions – Circle all correct answers 2. Disposal methods may include all except: a.Burning b.Shredding c.Tearing in half and putting in the garbage can d.Melting

21 A nonprofit service and advocacy organization © 2012 National Council on Aging Test Questions – Circle all correct answers 3. The CDSME Group Leader Script: a.Describes what participants will learn in the workshop b.Requests participants to share their birth date, address and sex c.Explains how participant privacy is protected and why data is being collected d.Emphasizes that participants are required to complete all survey forms

22 A nonprofit service and advocacy organization © 2012 National Council on Aging Privacy and Security Basics Training Certificate ________________________________________ (Name) Has Successfully Completed the Privacy and Security Basics Training for CDSME Program Implementation and Data Collection _____________ Date ________________________________________ (Name) Has Successfully Completed the Privacy and Security Basics Training for CDSME Program Implementation and Data Collection _____________ Date

23 A nonprofit service and advocacy organization © 2012 National Council on Aging Test Answer Code 1.d - Personally Identifiable Information 2.c - Tearing in half and putting in the garbage can 3.c - Explains how participant privacy is protected and why data is being collected

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.