Emily J. Hurst, MSLS Technology Coordinator National Network of Libraries of Medicine South

 Health Online Susannah Fox and Maeve Duggan. Pew Research Internet Project.  One in three American adults have gone online to figure out a medical condition.

 Health Insurance Portability and Accountability Act of 1996 (HIPAA)   Protects  Individually identifiable health information (IIHI)  Information related to physical or mental condition of the individual  The provision of health care to the individual  Payment for health care  Information that identifies the individual  HIPAA Compliant entities: Health Plans Most Health Care Providers Health Care Clearinghouses Business Associates of these entities

 A tremendous amount of health-related information is found on the Internet. Many discussion forums are available for individuals to share information on specific diseases and health conditions. Websites dispense a wide variety of information. There is no guarantee that information you disclose in any of these forums is confidential. Always review the privacy policy of any website you visit.  Privacy Rights Clearinghouse. Medical Records Privacy.

 Not all Personal Health Records (PHRs) are mandated to be HIPAA compliant.  When selecting a PHR, individuals should evaluate privacy policies to decide if they are comfortable with the protections and rights offered, such as how their information will be safeguarded, for what purposes their information will be used and disclosed, and the extent to which the individual will control access to information in the PHR.  Personal Health Records and the HIPAA Privacy Rule:

 Is your organization tracking user behavior on computers?  ALA  ill/interpretations/privacy ill/interpretations/privacy  MLA   Does your library have an up to date privacy policy?  ty/toolkitsprivacy/Developing-or-Revising-a- Library-Privacy-Policy ty/toolkitsprivacy/Developing-or-Revising-a- Library-Privacy-Policy

 Consider updating disclaimers to include online privacy statement.  Disclaimers, MLA CAPHIS:

 The National Library of Medicine (NLM) does not collect any personally identifiable information (PII) about you when you visit their websites unless you choose to provide that information to them.  NLM Privacy Policy.

 Turn on wireless router’s encryption setting - WPA2 (Wi-Fi Protected Access II) – WEP (Wired Equivalent Privacy) is less secure  Change default password  Change default network name – Services Set Identifier (SSID)  Turn on wireless router’s firewall  At Home:  Turn off guest access – Turn network name broadcasting off

 Hypertext Transfer Protocol Secure (HTTPS) provides secure communication over a computer network.  Protects against:  Forging  Eavesdroppers  Man-in-the-Middle attacks  HTTPS is not an anonymity tool  What libraries can do:  Enable HTTPS on your website  Educate/Encourage patrons to use HTTPS for secure online communications  HTTPS Everywhere FAQ:

 DuckDuckGo   Startpage   Blekko   Deletes personally identifiable information (PII) within 48 hours

 Create strong passwords  At least 8 characters long  Combination of upper case, lower case, special characters and numbers  Avoid using:  Names of family members or pets  Real words with numbers or special characters replacing some or part of the word  Sequences  Personal information  How Strong Is Your Password?  security/password-checker.aspx security/password-checker.aspx

 LastPass 3.0   Free browser extension or $12.00/year  Dashlane 2.0   Free or $29.99/year  KeePass   Free

 Remove unnecessary data from your devices  Social Security Number  Credit Card Numbers  Bank Accounts  Set passcode or fingerprint lock  Enable idle timeout lock  Download apps only from trusted sources  Encrypt data  Enroll with a trusted service such as Find My iPhone  Keep operating system (OS) up to date

 Antivirus  System restore software (Deep Freeze)  Privacy/Protective monitor screens  Private area for reviewing online health information  User training  Online Security  Reliable Online Health Resources

 The Medical Library Association Guide to Providing Consumer and Patient Health Information. Edited by Michele Spatz.  Personal Health Records and the HIPAA Privacy Rule: _ pdf#page%3D1 _ pdf#page%3D1  When HIPAA applies to mobile applications: applications/ applications/  Find and Evaluate Health Information on the Web:  The Consumer Health Reference Interview and Ethical Issues:  Health Information in Libraries (ALA):

 Protecting Your Wireless Network:  The Ultimate Guide for Creating Strong Passwords:  Guidelines for Securing Mobile Computing Devices: s.html s.html  The Best Antivirus for 2014:

Emily J. Hurst, MSLS Technology Coordinator National Network of Libraries of Medicine South Central Region (800) (Toll Free) This project has been funded in whole or in part with Federal funds from the National Library of Medicine, National Institutes of Health, under Contract No. HHSN C with the Houston Academy of Medicine-Texas Medical Center Library.

  Complete by August 1, 2014

 Wednesday, August 20, 2014  Topic: Metadata: The Key to Linking Data  Speaker: Guest Speakers: Dick Miller, Thea S. Allen & Joanne Banko from Lane Medical Library, Stanford University