Arkansas State Law Which Governs Sensitive Information…… Part 3B

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Office of Health, Safety and Security
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
NAU HIPAA Awareness Training
HIPAA Regulations What do you need to know?.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
Protecting Sensitive Information PA Turnpike Commission.
From HIPAA to HITECH OMH Briefing.
Milada R. Goturi Tonya M. Oliver Thompson Coburn LLP 1.
HIPAA PRIVACY AND SECURITY AWARENESS.
An Educational Computer Based Training Program CBTCBT.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Florida Information Protection Act of 2014 (FIPA).
PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
PROTECTING CLIENT DATA HIPAA, HITECH AND PIPA PART 1B.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc
AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.
We’ve Had A Breach – Now What? Garfunkel Wild, P.C. 411 Hackensack Avenue 6 th Floor Hackensack, New Jersey Broadway Albany,
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Aged and Disabled Waiver (ADW) Health Insurance Portability and Accountability Act (HIPAA) Training 2015 October 2015.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.
UC Riverside Health Training and Development
Protecting PHI & PII 12/30/2017 6:45 AM
HIPAA PRIVACY & SECURITY TRAINING
Enforcement, Business Associates and Breach Notification. Oh my!
Florida Information Protection Act of 2014 (FIPA)
Responding to a Data Breach 360° of IT Compliance
Florida Information Protection Act of 2014 (FIPA)
Red Flags Rule An Introduction County College of Morris
Clemson University Red Flags Rule Training
HIPAA & PHI TRAINING & AWARENESS
Colorado “Protections For Consumer Data Privacy” Law
The Health Insurance Portability and Accountability Act
School of Medicine Orientation Information Security Training
Presentation transcript:

Arkansas State Law Which Governs Sensitive Information…… Part 3B Arkansas Personal Information Protection Act (PIPA)

What is Sensitive Information? Sensitive information exists in several forms: Printed Spoken Electronic 2014 DHS IT Security & Privacy Training

Even if HIPAA doesn’t apply – you still have to comply with PIPA Even if HIPAA doesn’t apply – you still have to comply with PIPA!!! Just as HIPAA protects PHI, PIPA protects Personal Identifying Information (PII). 2014 DHS IT Security & Privacy Training

Sensitive Information Is PII What is PII? A client’s first initial or first name and last name in combination with one or more of the following when either the name or the information is not encrypted: Name + Medical information Name + Social Security Number (SSN) Name + Driver’s license number or AR Identification card number Name + an account number, credit card number, or debit card number in combination with any required security code, access code or password that would permit access to an individual’s financial account 2014 DHS IT Security & Privacy Training Mental Health and the Law/Janis Chalmers

PIPA Breach Notice Requirements PIPA requires breach notification letters where a reasonable probability of harm exists. As with HITECH, the PIPA letter should contain information which does the following: Describes what happened, including the date of the breach, and the discovery date of the breach, if known. Describes the types of unsecured personal information that were involved in the breach. 2014 DHS IT Security & Privacy Training Mental Health and the Law/Janis Chalmers

Breach Notification Requirements Continued… Any steps the individual should take to protect himself/herself from potential harm resulting from the breach. A brief description of what DHS is doing to investigate the breach, to mitigate harm to the individuals, and to protect against further breaches. Contact procedures for individuals to ask questions or learn additional information, which includes a toll-free telephone number, an e-mail address, website, or postal address. 2014 DHS IT Security & Privacy Training

PIPA Use Scenario An employee loses files which include diet plans and SSN’s. What would you do? Must you notify anyone? Is a breach notification letter to the client required? 2014 DHS IT Security & Privacy Training

Steps Step One: Report this immediately to your supervisor and your designated Privacy Officer. Step Two: The Privacy Officer must determine which laws apply and determine which standard of harm applies. If PIPA applies - whether there is a reasonable probability of harm. If HIPAA applies – whether there is a probability of reputational or financial harm. Step Three: A letter must be written if it is determined as required by the applicable law that there is a probability of harm. In some instances, a phone call or contacting the media will be necessary. 2014 DHS IT Security & Privacy Training

Wrapping Up….. The next few slides contain some helpful links. 2014 DHS IT Security & Privacy Training

Helpful Links HIPAA Privacy Rule protections and requirements: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html If you want to know more about PIPA find it here: http://www.dis.arkansas.gov/security/Documents/Act1526.pdf Want more information? http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/index. html If you need to file a privacy complaint with DHS please refer to DHS Form 4005 or if you need to file one with OCR find the link here: http://www.hhs.gov/ocr/office/about/rgn-hqaddresses.html 2014 DHS IT Security & Privacy Training

Reminders: Employees must report a security or privacy incident. Remember the Incident Reporting site: https://dhs.arkansas.gov/reporting If you fail to report a incident you are in direct violation of DHS Policy 5007. Find Security & Privacy Policies here: http://dhsshare/DHS%20Policies/Forms/Security%20and%20Privacy%20Policies.aspx 2014 DHS IT Security & Privacy Training

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.