“How Private Is It?”.  Resources  Learning Opportunities  Reporting  Policies and Procedures.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

November 19, Employment and Recruitment 2. Non-Discrimination Notice 3. Sexual Harassment 4. Criminal Background Check 5. Child Abuse and Neglect.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

Funding Sources Social Services Block Grant/General Revenue SSBG/GR or Title XX a mix of federal and state funds appropriated by the legislature administered.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

Department of Highway Safety and Motor Vehicles Driver Privacy Protection Act.

VOTER REGISTRATION AND IDENTIFICATION

Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.

Consent to Release or Obtain Confidential Information Presented by: Stacy Morgan, Mental Health & Disabilities Manager.

HIPAA Privacy Rule Training

HIPAA How It Is Affecting Information Systems Within Companies Around Us.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/

Reporting Requirements and Procedures. Trafficking in Persons Reporting Requirements FAR Combating Trafficking in Persons* –Contractors shall.

Award Notification and Acceptance (ANA)  The ANA module deployed through the Grants Management System (GMS) will electronically issue an award instead.

1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.

2010 Region II Conference Corporate Compliance Panel June 3, 2010

Who Must Comply? When is a patient authorization NOT required?  As needed for the protection of federal and state elective constitutional officers and.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

IST346: Information Ethics. Ethics  Ethics are the principles of conduct that govern a group of people.  Ethics are not morals.  Morals are the proclamation.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

EMPLOYMENT LAW CONSIDERATIONS JULY 13, 2004 Professor Susan Carle.

Acceptable Use Policies What you need to know as an elementary school teacher.

WHAT TO EXPECT IN AN INTERNAL AUDIT OR INVESTIGATION

Civil Rights Rhode Island Department of Education Child Nutrition Programs September 17, 2014.

Inspecting A Hedge Fund 2010 NASAA IA Training. Preparing for the Inspection  Getting over your fears  Treat as any other advisor  Preparation  Obtain.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

The Martha’s Vineyard Public Schools Civil Rights Policy {Adoption Date}

COMPLIANCE PROGRAM. Agenda  Initial Scenarios  Review of General Compliance Information  Review UCP’s Compliance Program  Questions and Discussion.

Long Term Leave Management Program County of Los Angeles Department of Human Resources October 28, 2010.

Use Policies Deputy Attorney General Robert Morgester

Human Resources Federal Regulations and Review Findings.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

DSDS Quality Assurance Unit State of Alaska, Dept. of Health and Social Services Division of Senior and Disabilities Services (DSDS) Quality Assurance.

UNIVERSITY OF ALABAMA V HIPAA Privacy and Security Training For Employees Compliance is Everyone’s Job 1 INTERNAL USE ONLY Abbreviated Training.

HIPAA OBJECTIVES  Define HIPAA  Define PHI  Use of PHI  Your rights  Your responsibilities.

Compliance and Ethics Training Overview

New FAR Ethics Requirements Richard W. Oehler Perkins Coie LLP 1201 Third Avenue Suite 4800 Seattle, WA (206)

CORPORATE COMPLIANCE PROGRAM The Office of Corporate Integrity

Child and Adult Care Food Program (CACFP) & Summer Food Service Program (SFSP) Overview.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Civil Rights Training. Goals of Civil Rights  Equal treatment for all applicants and participants  Elimination of illegal barriers that prevent people.

CIVIL RIGHTS FOR SCHOOL NUTRITION PROGRAMS Presented to School Nutrition Managers and Employees North Carolina Department of Public Instruction Safe and.

FAMIS CONFERENCE Mari M. Presley, Assistant General Counsel Florida Department of Education June 12, 2012.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.

School District Records Lindsay Hale David Wheelus Assistant Attorneys General Open Records Division Views expressed are those of the presenter, do not.

Research & Economic Development Office of Grants and Contracts Administration Data Security Presented by Debbie Bolick September 24, 2015.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

Flowers Hospital General Compliance Training-Students 2013.

Chapter 4: Laws, Regulations, and Compliance

Providing access to your data: Handling sensitive data Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.

Fleet Safety Basics. Goals of the Fleet Safety Program Save lives Prevent injuries Reduce liability for you and SMU Insure that all employees are aware.

Summer Food Service Program Pre-Qualification Packet New Sponsors This institution is an equal opportunity provider and employer.

HIPAA Privacy Rule Training

DOL Employee Benefit Plan Audits & How to Prepare

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA Privacy and Security Training Compliance is Everyone’s Job

Privacy principles Individual written policies

Providing Access to Your Data: Handling sensitive data

Privacy of Client Data.

Understanding I-9 Compliance

HIPAA Privacy and Security Training Compliance is Everyone’s Job

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

Personnel Investigations

HIPAA Privacy and Security Training Compliance is Everyone’s Job

Confidentiality of Information Acknowledgment and Agreement 2018

Student Data Privacy: National Trends and Wyoming’s Role

Presentation transcript:

“How Private Is It?”

 Resources  Learning Opportunities  Reporting  Policies and Procedures

 A client approaches a counter and asks for services. The clerk asks the client for basic information:  The process has begun

 Hotline Call

 The Investigation Begins  The Department of Human Services Financial Assistance Division The Financial Assistance Division administers many different financial assistance programs, most of which are financed by the federal and state government. The programs are targeted for families and individuals with incomes at or below the poverty level. Programs include: temporary, emergency or general assistance to needy families or indigents; grants for the disabled; food stamps; and Medicaid or refugee re-settlement.

 The Process of Discovery  Conducted investigation interviews  Retrieved suspects computer hard drives (DSS Commissioner Permission Required)  Requested SPIDeR Audit Trails (DSS – DIS, Information Security Unit – John Palese, Senior System Engineer)  Reviewed audit trails

 The Discovery SPIDeR – Systems Partnering in a Demographic Repository

 The Violation Worker uses SPIDeR to obtain information on citizens Worker instructed by supervisor to obtain information on citizens by supervisor Supervisor takes information and calls APECS (child support) pretending to be a citizen Violation & Crime Discovery of other employee violations

 The Outcome  Reported violation to police  Supervisor terminated  Employee resigns before termination  Contract worker terminated  Two employees suspended  Two employees received written counsel  A letter sent to the Commissioner of DSS

Privacy Policy The Virginia Department of Social Services computer system, and component parts, contain privileged customer and government information. Access to information is restricted to the Department of Social Services authorized users. Unauthorized access, use, misuse, or modification of the data or the system, or unauthorized printing or release of data, is a violation of Department policy. It is also a violation of Title 18, United States Code Section Violators may be subject to criminal and civil penalties, including but not limited to a fine of up to $5000 and/or 5 years in prison, as set forth in Title 26, United States Code Sections 7213 and 7431.

 Other Laws  The Privacy Act of 1974  Virginia Code –3803  Computer Invasion of Privacy Under the Virginia Computer Crimes Act  Information Technology Security Standard  Virginia Department of Social Services – Information Security Policy

 Agencies Agreements  The Social Security Administration and the Commonwealth of Virginia  The Department of Motor Vehicles and the Virginia Department of Social Services  The Virginia Employment Commission and the Virginia Department of Social Services

 Lack of public trust  Open to civil suits  Loss of database accesses  Loss of the ability to provide services to our citizens  Identity theft

 Implement a stronger security training program  Implement random sampling of users  No tolerance policy – strong disciplinary action for violators  Educate the users  Require all staff to attend Ethics Training  Compliance with agreements  Audits