SECURITY: 2014. Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

ONE® Mail Training Presentation North York General Hospital North York General Hospital.
PRIVACY: Looking forward … to point of care access, integrated patient info from multiple providers 10 min. course covers: intro to connecting GTA.
Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
PowerChart Basics Session 1 June Goal: To acquaint the user with the basics of PowerChart patient information security. Objective: 1.State the importance.
Complying with Privacy to Enable Innovation & Research
Information Security Awareness:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Steps to Compliance: Electronic Devices Overview PRESENTED BY.
10 Essential Security Measures PA Turnpike Commission.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
New Data Regulation Law 201 CMR TJX Video.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
CPS Acceptable Use Policy Day 2 – Technology Session.
HIPAA Privacy & Security Kay Carolin Barbara Ann Karmanos Cancer Center March 2009.
ESCCO Data Security Training David Dixon September 2014.
1.1 System Performance Security Module 1 Version 5.
Best Practices for Protecting Data. Section Overview Mobile Computing Devices Technical Procedures Data Access and Permissions Verbal Communication Paper.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Privacy and Information Management ICT Guidelines.
University Health Care Computer Systems Fellows, Residents, & Interns.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
1 NTTC/NTC ERO Training 2011 Tax Year 2007 ERO TRAINING ELECTRONIC RETURN ORIGINATOR (ERO) (Transmitter in Tax-Wise)
STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Working with HIT Systems
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Watech.wa.gov Records Management In a nutshell. watech.wa.gov What’s a record? A record is anything you create in the course of doing your work – Everything.
HIPAA Security Final Rule Overview
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
Information Management and the Departing Employee.
Computer Security Sample security policy Dr Alexei Vernitski.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Protecting PHI & PII 12/30/2017 6:45 AM
DATA SECURITY FOR MEDICAL RESEARCH
ELECTRONIC RETURN ORIGINATOR (ERO) (Transmitter in Tax-Wise)
Introduction to ONE Mail
HIPAA Basic Training for Privacy and Information Security
Move this to online module slides 11-56
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Move this to online module slides 11-56
Move this to online module slides 11-56
Health Insurance Portability and Accountability Act
Drew Hunt Network Security Analyst Valley Medical Center
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Overview.
Understanding Data Protection
Move this to online module slides 11-56
Introduction to the PACS Security
School of Medicine Orientation Information Security Training
Presentation transcript:

SECURITY: 2014

Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats & obligations protections for personal health information (PHI)

Connecting GTA – Coming in 2014 early adoption of cGTA builds on eCare’s success to further strengthen point of care access to electronic patient information security: critical factor in whether patients consent to sharing personal health information (PHI) in cGTA

cGTA changes the security landscape health care organizations required to reinforce IT security planned link (Cerner to cGTA) requires infrastructure incl. active directory accounts for credentialed physicians merging Cerner account/active directory account to create “single sign-on” from Cerner to cGTA strong passwords, change management Note: physicians without active directory account will be notified; Information Services will support transition

We are in this together … patients & families trust we have strong security policies & consistent practices to protect their personal health information (PHI)

Threats to electronic PHI weak passwords inappropriate chart access using another’s login/password theft/loss of laptop, unencrypted USB key/removable storage media PHI sent by unencrypted texting personal identifiers

Information security practices physical, technical & administrative work together to protect PHI and information systems

Preventatives work strong passwords, access & change controls network security, secure remote access encrypted between NYGH sites training, personal accountability confidentiality agreements audit trails of access to technical systems photo ID serious consequences for inappropriate chart access, use or disclosure up to termination of employment, hospital privileges

Strong login passwords mandatory on desktops, laptops, mobile devices & removable storage media – do not share, write down or store on equipment STRONG: combination of letters, numbers, symbols, minimum of 8 characters & no dictionary words

Protect yourself – never share login, password together they serve as your electronic signature everything done using it will be attributed to you until proven otherwise always log off PowerChart

Mobile devices, removable storage media don’t store PHI on laptops/mobile devices unless encrypted (Information & Privacy Commissioner/Ont.) encryption protects electronic info if lost/stolen whole disk encryption: on all NYGH laptops NYGH computers enforce encryption if you download to a mobile device; password you choose will decrypt

Encrypting files Encrypt a copy, not the original file or else you will have to use a password to open it WORD Document Click “File” > “Protect Document” > “Encrypt with Password” PDF Click “File” > “Properties” > “Security”. Select “Password Security” from the “Security Methods” drop-down menu. Check off “Require a Password to Open the Document” Create a strong password and write it down before entering and saving. Send the file and password by separate s. In the sending the file, advise that the password will be sent separately.

Secure encrypted transmission between NYGH sites: General, Branson, Senior's Health Centre - if intercepted, it cannot be read without encryption: it's like sending a postcard Never send personal health or confidential info from or to a personal account e.g. hotmail, gmail or yahoo - transmission is not encrypted; can be intercepted & read

Working out of NYGH don't take PHI or confidential info out of hospital unless absolutely necessary instead, use secure remote access where possible

What you can do minimize storage of PHI /confidential info on mobile devices, laptops, storage media back up files to network before leaving ensure encryption enabled on laptop/mobile device use secure storage for laptops, mobile devices, removable media, paper records or keep with you at all times

If it doesn’t go as planned… just call me chief privacy officer

Security Summary combine physical, administrative & technical protections avoid “What’s the risk?” thinking Encryption protects patients and reputations … still a bargain Never share login & password

Information & Privacy Commissioner/Ontario (IPC) Provides oversight of compliance with the Personal Health Information Protection Act. In this role the Commissioner: adjudicates access appeals, investigates privacy complaints and may issue public reports may enter and inspect premises, records, information management practices and require evidence under oath, affirmation has Order making power; may levy fines of up to $250, IPC Contact:

Thank-you For more information please contact Rita Reynolds, Chief Privacy Officer at ext

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.