DATA PROTECTION IN THE AGO Christina Beusch Deputy Attorney General WA State Attorney General’s Office.

Slides:



Advertisements
Similar presentations
Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner
Advertisements

Federal Law and Student Privacy and Federal Law and Health Care Privacy New Business Manager Training NMASBO.
2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Hipaa privacy and Security
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Implementation. Basic HIPAA Requirements Designating a Privacy Officer Notifying patients about their privacy rights and how their information can.
Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Privacy, Security, Confidentiality, and Legal Issues
Springfield Technical Community College Security Awareness Training.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
© Chery F. Kendrick & Kendrick Technical Services.
Steps to Compliance: Bring Your Own Device PRESENTED BY.
Legal Duties to LEP Health and Social Services Clients Jill Moore Institute of Government December 2004.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Session 3 – Information Security Policies
New Data Regulation Law 201 CMR TJX Video.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Handling Sensitive Data: Security, Privacy, and Other Considerations Rodney Petersen Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Electronic Records Management: What Management Needs to Know May 2009.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Wireless Password:  “The cloud” is real  Electronic data growth is rapid and pervasive  Employees use the cloud to conduct government work.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2011 Wolters Kluwer Health | Lippincott Williams & Wilkins Chapter 3: A Blueprint for Compliance with the Privacy Rule.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
Information Security Training for People who Supervise Computer Users.
Chapter Three Confidentiality In this chapter, you will learn about: Basic principles of confidentiality The attorney-client privilege and the difference.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Watech.wa.gov Records Management In a nutshell. watech.wa.gov What’s a record? A record is anything you create in the course of doing your work – Everything.
Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.
Privacy Act United States Army (Managerial Training)
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
Taylor County Schools FERPA (Confidentiality) Training August 17, 2010.
Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.
Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA/HITECH – The Final Omnibus Rule
Microsoft 365 Get help with regulatory compliance
Paul T. Smith Davis Wright Tremaine LLP
Chapter 3: IRS and FTC Data Security Rules
Red Flags Rule An Introduction County College of Morris
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Enforcement and Policy Challenges in Health Information Privacy
HIPAA Policy & Procedure Strategies
HIPAA & PHI TRAINING & AWARENESS
The Freedom of Information and Data Protection Legislation An Overview
Student Data Privacy: National Trends and Wyoming’s Role
Introduction to the PACS Security
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

DATA PROTECTION IN THE AGO Christina Beusch Deputy Attorney General WA State Attorney General’s Office

It’s Not Just Our Clients’ Problem! Paralegal: Where is that disk? Legal Assistant: Oops – Wrong address! AAG: I need a USB flash drive to download documents to take to court. Investigator: My car was parked right in front of my house and the file was on the backseat. Manager: It’s just easier if I travel with these reports on my Kindle Reader.

Source of Privacy Obligations HIPAA/HITECH – AGO is a “business associate” State health information privacy laws, e.g. ch RCW State and federal personal information privacy laws e.g. RCW , Gramm- Leach-Bliley Act Attorney-Client and Work Product Privileges

Know Your Data Category 1 – Public Information Category 2 – Sensitive Information – not specifically protected but for official use only Category 3 – Confidential Information – privileged, personal/ personnel, security Category 4 – Confidential Information Requiring Special Handling – strict legal requirements and sanctions apply, e.g. health information, SSNs, personal financial info

Create a Data Protection Program Assemble office experts to advise management and empower them to do the job Have strong senior executive support Adopt specific and legally compliant policies, procedures, and business rules to govern how staff are required to protect data and address breaches Document data protection obligations in client MOUs and vendor contracts

Implement a Data Protection Program Can’t have protection without education Train new employees and existing employees at regular intervals and document training Create a culture of compliance, e.g. use strategic plans, staff meetings, CLEs, signage Keep up with technology – identify new ways data can be compromised and find new tools to safeguard data so staff can do business

A “Toolkit” IT Security Policy Mobile Device Policy HIPAA/HITECH Policy Breach Notification Protocol Division/Unit Business Rules Client MOU for HIPAA /HITECH Compliance Contract language for HIPAA /HITECH Compliance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.