Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.

Published byAnne Hudson Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013."— Presentation transcript:

1 Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013

2 Abt Associates | pg 2 Why Security is so Important Increase # of places that collect (and have lost!!) our private information Increase amount of personal identity or medical identity theft Increase in penalties for losing our information (e.g., HIPAA, FERPA) 1.Penalties for losing data, even if not misused 2.Penalties for failing to destroy once no longer needed = Culture of accountability and responsibility Abt Associates ISIS Data Security Refresher

3 Abt Associates | pg 3 Responsibility of Evaluators  Understand regulations  Protect confidentiality as promised  Report security incidents  Maintain the trust of evaluation participants Abt Associates ISIS Data Security Refresher

4 Abt Associates | pg 4 Common Security Regulations Regulation Type of dataLink Health Insurance Portability and Accountability Act (HIPAA) Individual health information (e.g., medical records) http://www.hhs.gov/ocr/privacy/hipa a/understanding/special/research/in dex.html Family Educational Rights and Privacy Act ( FERPA) Public school records http://www2.ed.gov/policy/gen/guid /fpco/index.html Privacy Act of 1974 Data collected by or on behalf of federal agencies https://www.federalregister.gov/articl es/2013/09/11/2013-22072/privacy- act-of-1974-systems-of-records Human subjects regulations Data from human subjects research http://www.hhs.gov/ohrp/humansub jects/guidance/45cfr46.html State/local laws e.g., social security #s

5 Abt Associates | pg 5 HIPAA and Breach Penalties Breach per HIPAA=unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information… Penalties Notify individuals affected Fines paid to government up to $1.5 million If > 500 individuals affected: Mandatory media notification and…

6 Abt Associates | pg 6 HIPAA Breach Penalties, cont. Website posting on the “HIPAA Wall of Shame” http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule /breachtool.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule /breachtool.html “HIPAA Wall of Shame” has 682 breaches reported since Sept 2009 Name of Covered EntityState Business Associate Involved Individuals AffectedType of Breach Location of Breached Information Milford Regional Medical CenterMA19,750Improper Disposal Paper Center for NeurosciencesAZ1,101Theft Laptop TRICAREVASAIC 4,901,432 Loss Backup Tapes Educators Mutual Insurance Association of Utah UTHealth Behavior Innovations5,700Theft CDs

7 Abt Associates | pg 7 FERPA (Family Educational Rights and Privacy Act)  Protects student education records  Requires destruction of personally identifiable information (PII) once no longer needed for study  Requires written agreements to obtain and protect data (“data use agreement”)  Penalty: denied access to student data for 5+ years

8 Abt Associates | pg 8 Data Security Plan Survival Guide

9 Abt Associates | pg 9 Classify Sensitivity of Data C. Sensitive Info Financial information (income, credit reports) Alcohol abuse Substance abuse Public assistance (e.g., SNAP, TANF, unemployment benefits) Health/mental health symptoms, conditions, disabilities Criminal behavior Sexual risk behaviors, reproductive history, family planning practices Opinions about program, employer that could jeopardize employment/benefits A. Common direct identifiers First + last name Social security numbers Contact info (email, cell #, address) Health plan #, Medicaid #, Medicare # B. Unique Participant ID A or (A + C) = Use security procedures C or (B + C) = de-identified sensitive info

10 Abt Associates | pg 10 Protect Data throughout Data Lifecycle Store Analyze/ Report Transport Archive/ Destroy Archive/ Destroy Collect

11 Abt Associates | pg 11 Data Security Plan Overview: Recipe to Protect Data Throughout Data Lifecycle Worksheet/Section 1 Data Security Contact Information Worksheet/Section 2 Evaluation Information Worksheet/Section 3 Description of Study Data & Study Security Procedures Worksheet/Section 4 Staff Training on Data Security & Monitoring Worksheet/Section 5 Deliverables Worksheet/Section 6 Physical Record Lifecycle Worksheet/Section 7 Electronic Record Lifecycle

12 Abt Associates | pg 12 Questions?

13 Abt Associates | pg 13 Outcomes at Abt After Using Data Security Plans  Increased staff understanding of and adherence to data security procedures for handling data  Compliance with regulations  Reduction of minor and major security incidents  Protection of data of evaluation participants  Positive feedback from clients

14 Abt Associates | pg 14 Contact Information  Sean Owen –Sean_Owen@abtassoc.comSean_Owen@abtassoc.com –301-347-5734  Teresa Doksum –Teresa_Doksum@abtassoc.comTeresa_Doksum@abtassoc.com –617-349-2896

Download ppt "Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013."

Similar presentations

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Office of Health, Safety and Security

Office of Health, Safety and Security
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA TRAINING to satisfy the 2009-2010 training requirement for School District # 435 Staff.

HIPAA TRAINING to satisfy the training requirement for School District # 435 Staff.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.

Similar presentations

Ads by Google