Presentation is loading. Please wait.

Presentation is loading. Please wait.

No No, Yes Yes: Simple Privacy & Information Security Tips Krista Barnes, J.D. Senior Legal Officer and Director, Privacy & Information Security, Institutional.

Published byAubrey Evans Modified over 5 years ago

Similar presentations

Presentation on theme: "No No, Yes Yes: Simple Privacy & Information Security Tips Krista Barnes, J.D. Senior Legal Officer and Director, Privacy & Information Security, Institutional."— Presentation transcript:

1 No No, Yes Yes: Simple Privacy & Information Security Tips Krista Barnes, J.D. Senior Legal Officer and Director, Privacy & Information Security, Institutional Compliance Office Presentation to GSBS - Fall 2018

2 Protected health information (PHI) = health info + identifying info
Simple Privacy & Information Security Tips No No Using your personal to send or receive confidential information ing PHI to unauthorized people/ s Storing MDACC confidential information in DropBox or other cloud locations Posting about patients on social media Looking up friends and coworkers’ medical records Yes Yes Using your work/school to send confidential information ing PHI only to authorized colleagues; Using Box for MD Anderson for cloud storage Getting a patient’s HIPAA Authorization before posting about them (or just not doing it) Accessing medical records for work-related reasons only This is what I read these days. Protected health information (PHI) = health info + identifying info

3 The 18 HIPAA Identifiers Names (including initials);
All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code as long as there are more than 20,000 people in the area for those initial three digits; All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, treatment dates; and all ages over 89 (can be combined into a “90 and over” category); Phone numbers; Fax numbers; addresses; Social security numbers; Medical record numbers Health plan beneficiary numbers; Account numbers; Certificate/license numbers; Vehicle identifiers and serial numbers, including license plate numbers; Device identifiers and serial numbers; Web Universal Resource Locators (URLs); Internet Protocol (IP) address numbers; Biometric identifiers, including finger and voice prints; Identifiable photos; and Any other unique identifying number, characteristic, or code (unless totally unrelated to any other identifying info and cannot be re-identified except by person who holds the key) The OCR stars in

4 Simple Privacy & Information Security Tips
Yes Yes No No No No Storing information on a random USB thumb drive you found in your bag Writing and submitting case reports that aren’t de-identified Leaving your computer and stacks of paper from work in your car Texting your coworkers about patients on your personal phone Storing information in approved institutional locations Getting written HIPAA authorization before using a patient’s information to write a case report (or call me) Taking your bag or computer with you when you go into restaurants or stores ing your coworkers/other students using work/school Yes Yes

5 POP QUIZ You’re eating in one of the cafes on campus and you see your mom’s favorite celebrity eating at one of the tables. You very covertly take a picture with your camera phone and post it to Facebook, so your mom can see it. After all, it’s not like you were in the celebrity’s medical record; the celebrity was right there in a public area. Is this OK? No no. May be a breach (if the celebrity is indeed a patient). You must protect PHI, regardless of where you get it. Do not do this.

6 POP QUIZ #2 You’re helping an MD Anderson PI and a collaborator from UT Health Science Center on a research study. The data relates to live human subjects, and is stored in a spreadsheet that you saved to the MD Anderson server. It contains medical record numbers, study ID numbers, treatment dates, diagnoses, and drugs administered. The collaborator wants you to send him the data on a CD. Should you? No no. CDs aren’t encrypted. This isn’t a good way to share data. The MD Anderson PI is on vacation and wants you to put it on Dropbox (online cloud sharing/storage) so she can view it remotely while on vacation. Should you? No no. Dropbox isn’t approved for storing MD Anderson PHI. If your protocol allows, use Box for MD Anderson.

7 Who You Gonna Call? What to do if a privacy incident occurs:
Report incidents quickly to: Institutional Compliance Office at or Privacy Hotline at Document everything Report to the PI & the IRB as unanticipated problem (if research) Report lost or stolen computers, phones, iPads, jump drives to: UTPD: 4-INFO: Asset manager, if applicable

8 No No Yes Yes Questions Krista Barnes, Senior Legal Officer, Privacy & Information Security Compliance

Download ppt "No No, Yes Yes: Simple Privacy & Information Security Tips Krista Barnes, J.D. Senior Legal Officer and Director, Privacy & Information Security, Institutional."

Similar presentations

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.

The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Requirements for Patient Oriented Research

HIPAA Requirements for Patient Oriented Research
Informed Consent.

Informed Consent.
 Health Care Information Portability and Accountability Act  Passed in 1996  2 objectives 1) Ensure people could maintain health insurance between.

 Health Care Information Portability and Accountability Act  Passed in 1996  2 objectives 1) Ensure people could maintain health insurance between.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA 101: The Whos, Whats & Whys of Protecting Patient Privacy

HIPAA 101: The Whos, Whats & Whys of Protecting Patient Privacy
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center

Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center
What does this form mean? HIPAA Authorization means prior written permission for use and disclosure of protected health information (PHI) from the information’s.

What does this form mean? HIPAA Authorization means prior written permission for use and disclosure of protected health information (PHI) from the information’s.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.

University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
Registry 201 Excel Registry Training. Registry 201 Excel Registry Training Outline ► Important Information about PHI ► Getting to know you ► Excel Registry.

Registry 201 Excel Registry Training. Registry 201 Excel Registry Training Outline ► Important Information about PHI ► Getting to know you ► Excel Registry.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
Registry 201 Excel Registry Training. Registry 201 Excel Registry Training Outline ► Important Information about PHI ► Getting to know you ► Excel Training.

Registry 201 Excel Registry Training. Registry 201 Excel Registry Training Outline ► Important Information about PHI ► Getting to know you ► Excel Training.

Similar presentations

Ads by Google