Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.

Published byRegina Holmes Modified over 8 years ago

Similar presentations

Presentation on theme: "ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law."— Presentation transcript:

1 ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION

2 KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.  PHI - Protected Health Information refers to demographic information, medical history, test and laboratory results, insurance information and other data that is collected by a health care professional to identify an individual and determine what type of care that individual should receive.  ePHI – electronic Protected Health Information

3 KEY TERMS - CONTINUED  MFOS – Memorial Family of Services  Phishing – An email fraud method in which the perpetrator sends out legitimate looking email in an attempt to gather personal and financial information from recipients.  Spear Phishing – An email fraud method directed at specific individuals or companies. Accounts for over 90% of all phishing attacks.  Social Engineering – The psychological manipulation of people into performing actions or divulging confidential information.

4 HIPAA - HEALTH INFORMATION COVERED Any information, whether spoken, electronic, written that relates to the health of the individual, the health care provided to that individual or payment for health care provided is considered protected. Any information that is shared is limited to the minimum necessary, the least amount of information to accomplish the purpose of the request. This is often referred to as TPO: Treatment, Payment and Healthcare Operations. Although you can use PHI for TPO purposes, some information has special protection (psychiatric records, HIV testing/results, alcohol and drug abuse and psychotherapy notes).

5 HIPAA AND PRIVACY  Access patient records only as needed for your job duties  Do not access your own records—contact Health Information Management to request a copy of your records.  Share PHI only with Business Associates, other healthcare providers for continuum of care, or with other entities as required by law.  Store and transmit PHI only using applications or network locations designated for those purposes.  As an employee: Do not discuss patient information in public areas (hallways, café, latte’ stand, elevators, supermarket, etc.)

6 HIPAA – YOU ARE RESPONSIBLE FOR Appropriate disposal of materials containing identifiable health information. (Shred bins) Laptop and workstations computer screens not visible to patients and/or guests. (Logging off computers in the room) Restricted use of any mobile device in patient care areas. Appropriate use of hospital email. Maximum penalty for disclosing PHI for personal gain is 10 years in prison and $250,000.00 fine.

7 PHYSICAL SECURITY  Do not share or loan your employee badge to anyone  If you lose or misplace your badge, contact your manager or Employee Services immediately.  Do not allow members of public or staff to “Tailgate”. Tailgating is following you through restricted access doors without permission.  Do not leave PHI on printers or fax machines even in secured areas.  Make sure all paper PHI is secured or shredded.

8 AUTHENTICATION  Do not share your username and password to any software program or workstation with anyone  Do not write down your usernames or passwords  Use different passwords for work than you use for personal accounts.  Access only files and data that are your own, which are publicly available, or to which you have been given authorized access.

9 CHOOSE A GOOD PASSWORD  A good password should be  At least 8 characters  Use a combination of upper and lower case letters, numbers and symbols  Easily remembered  Should not contain words commonly found in a dictionary  Do not use easily guessed items like family member’s names, street names, number patterns like “1234” or dates of birth  Examples  Instead of “password”, use “W0rdP@ss”  Instead of “letmein”, use “LetMe1n!”

10 SOFTWARE AND WORKSTATION USE  Do not attempt to install any software on a workstation that hasn’t be approved by the Information Systems Dept.  Workstations should only be used for Memorial Family of Services business.  Do not click on links in an email that tells you to login to an account, access software or install software. Even if the email is from a trusted individual or company.  Workforce members must log-off or password lock their workstations when they will be leaving the workstation unattended. All users are liable and responsible for all activity performed with their credentials.

11 MOBILE DEVICES  Text messaging of PHI is prohibited unless through approved software provided by and supported by the MFOS Information Systems department.  Because mobile devices are easily lost, stolen, or otherwise compromised, it is not appropriate to store or transmit Protected Health Information using mobile devices  The use of personal cell phones for the collection and transmission of unsecured PHI (including photos) is prohibited. Violators will be subject to appropriate disciplinary action.

12 MOBILE DEVICES- CONTINUED  Configuring your mobile device to access MFOS email also enables a “remote wipe” feature, which allows IS to force the device to erase itself to protect any private information that may have been stored on the device. Notify IS immediately if your mobile device is lost, stolen, or otherwise compromised.  Do Not plug in USB or removable storage drives into workstations unless it has been authorized by Memorial’s Information Systems Dept.

13 SOCIAL MEDIA  The use of social media on MFOS equipment and time is prohibited unless specified in the users job description and role. Disclosure of PHI is prohibited and will result in appropriate disciplinary action as prescribed in other MFOS policies.  Instant messaging (IM)/Lync does not have adequate security controls for handling unencrypted PHI and should not be used to share or transmit PHI.  To process, store, or transmit PHI using cloud services is prohibited unless a current Business Associate Agreement with a service provider is established. (examples: Google Drive, Dropbox, Box, Evernote, etc)

14 SOCIAL ENGINEERING  Do not give out personal identifiable information about yourself or your patients that could be used to access an account.  Do not provide mother’s maiden name, social security number, or mobile phone number  Be mindful of someone watching over your shoulder as you type your password

15 LINKS TO ACCEPTABLE USE AND HIPAA POLICIES  You must click the links below and review Memorial’s Acceptable Use and HIPAA Policies to complete this education  Acceptable Use Acceptable Use  HIPAA Policies HIPAA Policies

Download ppt "ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law."

Similar presentations

HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Health Insurance Portability & Accountability Act.

HIPAA Health Insurance Portability & Accountability Act.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA P RIVACY & S ECURITY Education for Health Care Professionals.

HIPAA P RIVACY & S ECURITY Education for Health Care Professionals.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA

Similar presentations

Ads by Google