Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Slides:



Advertisements
Similar presentations
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Advertisements

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Privacy Rule Training
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
NAU HIPAA Awareness Training
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Health information security & compliance
Health Insurance Portability and Accountability Act (HIPAA)
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
© Chery F. Kendrick & Kendrick Technical Services.
Data Classification & Privacy Inventory Workshop
HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?
Privacy & Personal Information -- Why do we care or do we?
What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Protecting Sensitive Information PA Turnpike Commission.
Securing Information in the Higher Education Office.
Electronic Records Management: What Management Needs to Know May 2009.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Student Confidentiality: The FERPA/HIPAA Facts AISD Policy Student Records AISD Procedure AP. 11.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Florida Information Protection Act of 2014 (FIPA).
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
HIPAA Health Insurance Portability and Accountability Act of 1996.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Chapter 4: Laws, Regulations, and Compliance
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.
Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.
HIPAA Privacy Rule Training
2015 Orientation to HIPAA Privacy Rule Compliance
Privacy & Confidentiality
Florida Information Protection Act of 2014 (FIPA)
Protecting “High Stakes” PHI
Student Confidentiality: The FERPA/HIPAA Facts
E&O Risk Management: Meeting the Challenge of Change
Florida Information Protection Act of 2014 (FIPA)
HIPAA Update J. T. Ash University of Hawaii System
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
ADVANCING TRUST IN THE CHARITABLE SECTOR CONFERENCE June 12, 2015
HIPAA & PHI TRAINING & AWARENESS
National HIPAA Audioconferences
Colorado “Protections For Consumer Data Privacy” Law
Evaluation and assessment
Student Confidentiality: The FERPA/HIPAA Facts
The Health Insurance Portability and Accountability Act
School of Medicine Orientation Information Security Training
Presentation transcript:

Safeguarding Sensitive Information

Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This Ever Happened to You? Contract to Safeguard Sensitive Information Wrap-up 2

Our Obligation: Laws and Regulations Massachusetts data breach law/regulations – Definition of personal information – Obligation for notification when exposed – Data destruction requirements – Requirement to have written information security program (WISP) Company policy – Privacy and disclosure of information – Information policies 3

Types of Sensitive Information 1. Sensitive regulated information requiring notification 2. Sensitive regulated information not requiring notification 3. Sensitive information 4

Sensitive Regulated Information Requiring Notification Personal Information Requiring Notification  Social Security #  Credit Card #  Financial Account #  Driver’s License # Notification required if there was a potential for unauthorized use! Inform Information Security Team 5

Sensitive Regulated Information Not Requiring Notification HIPAA (Health Insurance Portability and Accountability Act)  Information related to health status, provision of health care, or payment of health care FMLA  Information related to Family & Medical Leave Act FERPA  Student records Inform HR Information Security Team 6

Sensitive Information Date of birth Home address Salary information Performance/disciplinary information Other? Inform HR Information Security Team 7

Key Take-Aways Massachusetts law and company policy impact how certain sensitive data are handled EVERYONE is responsible for compliance  Know what sensitive data you have  Develop good computing practices  Follow HR Information Security Guidelines  Report a potential breach to HR Information Security Team 8

Key Take-Aways If you can’t protect it – don’t collect it  You can’t lose what you don’t have Know what you have  You can’t protect what you don’t know you have 9