2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives E-mailing Patient Information.

Slides:



Advertisements
Similar presentations
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Training: Health Insurance Portability and Accountability Act.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA Regulations What do you need to know?.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA
Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
HIPAA Data Security PCF Data Security Update May 1 st, 2015.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA: It Doesn’t Only Impact Medical Records Basic HIPAA Stuff and Overall Information Protection 1.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Protecting Sensitive Information PA Turnpike Commission.
HIPAA and Portable Electronic Devices Michele Cerullo, Assistant Attorney Office of the General Counsel Jane Haughney, J.D., Privacy Consultant Professional.
HIPAA PRIVACY AND SECURITY AWARENESS.
Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.
PRIVACY AND HIPAA THE RIGHT THING TO DO. WHAT’S WRONG WITH THIS PICTURE? ? “ Did you hear that Jane from the 5 th floor is in the hospital?” “No!! Let’s.
Compliance Strategies for Records Management
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
HIPAA CASE STUDY- BREACHES OF PHI IN HEALTHCARE Amanda Foster Erin Frankenberger.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Western Asset Protection
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
HIPAA/HITECH TRAINING. Why are we here?  HIPAA  HITECH  PHI  Minimum Necessary “Need to Know”  Breaches and Fines.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA Privacy and Security
Health Insurance Portability and Accountability Act of 1996
Protecting PHI & PII 12/30/2017 6:45 AM
HIPAA THE PRIVACY RULE Reviewed December 2012.
Patient Privacy for the Life Sciences Industry: 2012 Update Drew Gantt and David Sclar Cooley LLP 1.
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Use of BMC Patient Information Privacy & Security
HIPAA.
By: Eamon Callahan and Wilston Johnston
HIPAA.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Move this to online module slides 11-56
School of Medicine Orientation Information Security Training
Presentation transcript:

2011 SECURITY REFRESHER Information Security

Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives ing Patient Information File Sharing Social Media

HIPAA Update HIPAA compliance penalties were increased in July, 2010 under the HITECH Act New Notification Requirements: 1)Civil monetary penalties significantly increased ($100-$50,000 per violation up to $1.5m/yr) 2)Unwarranted disclosure of PHI can result in criminal prosecution and imprisonment 3)A security breach resulting in compromised PHI must be disclosed to each individual within 60 days of discovery 4)If more than 500 patients are impacted, the event must be reported to the media and HHS within 60 days of discovery* 5)State Attorney Generals empowered to pursue HIPAA Violations *If <500 patients are impacted, covered entity may notify HHS of such breaches on an annual basis

Recent Fines for HIPPA Breaches $1m settlement with MGH in Feb 2011 (employee left a folder on a subway containing information on HIV/AIDS status of 192 patients) $4.5m fine against Cignet Health in Feb 2011, a Maryland insurance company, based on HIPAA violations and failure to cooperate with OCR’s investigation (insurer failed to provide 41 patients with their medical records within 30 day time- frame plus failure to respond to OCR request for documents) In Feb 2011, the New York municipal hospital system notified 1.7 million patients of the theft of electronic files containing PHI from the truck of a records- management service vendor  $350 million estimated cost for patient notification, setting up a call center and providing credit reporting estimate In April 2011, the Philadelphia Family Planning Council informed 70,000 clients of a HIPPA breach stemming from a stolen unencrypted flash drive

State Law Enforcement April 28, 2010, A former UCLA Healthcare System surgeon has been sentenced to four months in prison Illegally read private electronic medical records of  Immediate Supervisor  Co-Workers  Celebrities Read records 3 weeks after formally terminated

Privacy or Confidentiality From Internet Security presentation at WICS by Whit Diffie

Encryption Now is the time for all good men... sd84$2*q} 59(o32nvt- Decryption Encryption Now is the time for all good men...

Mobile Phones and Tablets Mobile Phones and Tablets that connect to WUSM systems Must be password/pin protected Must support device encryption Must support remote wipe If your mobile device is lost or stolen you should Notify Information Security and Privacy Offices Notify your Division IT Administrator – they will remote wipe the device then contact the carrier to kill service Never text patient identifiers via text messaging or paging Call xxx-xxxx Subject is ready in Room xx

Innocent Enough Picture

Let’s Try Picasa GPS Info

Google Earth got the Campsite

USB Drives You may store patient or confidential information only on USB drives that have encryption enabled or the files are encrypted. Enable Encryption means when the drive is attached to a machine that it asks you for a password before allowing you to access the information. Even if the device is encrypted notify the Information Security Office if it is lost or stolen.

When is it okay to patient information Within Medical School and Hospital systems e.g. psychiatry.wustl.edu to dom.wustl.edu or bjc.org If the file is encrypted e.g. password protected excel spreadsheet Signed patient consent to interact via

Phishing Example

File Sharing/Cloud Computing Only store patient information on approved Medical School Servers Google Docs/Microsoft 365  No BAA to allow storage of patient information  Do not put patient information in calendars e.g. Google Calendar Use WUSTL Dropbox for file transfers or University SharePoint sites for collaboration  Note: The other Dropbox service allows their administrators to review the unencrypted information.

Doximity Not recommended for sharing confidential or protected information No BAA to send, receive or store protected information Facebook site for Physicians

Blogging/Twitter Student blogs about patient interaction in emergency room Was careful to not give real names or any identifiable information Mentioned that child was of Asian descent and was adopted by a fireman from O’Fallon Inadvertently, provided enough information to identify the child and parents.

The End Questions/Comments

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.