Presentation is loading. Please wait.

Presentation is loading. Please wait.

School of Medicine Orientation Information Security Training

Published by영범 길 Modified over 5 years ago

Similar presentations

Presentation on theme: "School of Medicine Orientation Information Security Training"— Presentation transcript:

1 School of Medicine Orientation Information Security Training
August 2019

2 What We Will Cover Today
Security Basics How to Report a Security Concern or Breach

3 Sources of Healthcare Confidentiality Obligations
HIPAA: Privacy, Security, and Breach Notification Rules Massachusetts law: General confidentiality, combined with obligation to report in certain circumstances Department of Public Health (DPH) licensing law also requires confidentiality Professional Codes of Ethics Healthcare Research is regulated by Institutional Review Board regulations (federal), and contractual obligations – federal funding and data use agreements

4 Main Source of Healthcare Confidentiality Obligation

5 What’s The Big Deal? At Feinstein Institute for Medical Research, an unencrypted laptop was stolen from a car, containing data of about 50 research studies and approximately 13,000 individuals Big money payment: settled alleged HIPAA violations for $3.9 million Ongoing government scrutiny: three year corrective action plan Loss of confidence and reputation: required to notify research subjects and media outlets

6 Safeguards: BU Restricted Use Data
Paper PHI Verbal PHI Photos, video, audio Electronic PHI Patient info in any form must be protected

7 Secure Your Devices Every device (e.g., desktop, laptop, phone) used to access, process, or store patient or research data must have: Operating system that is supported and updated Anti-malware (McAfee free) Disk encryption Auto screen lock (15 min max) (search for securing devices)

8 Phishing s Almost every phishing attack is successful. At least a few users Click on a link or document that triggers a malware download, or Provide login credentials (i.e., name and password) BU will never ask for login credentials by Check before you Click Odd spelling, unexpected request Hover over links look at sender address Suspicious ? forward to

9 BU Data Protection Standards, Classification Policy
Restricted Use: loss or misuse may require notification to individuals or state/federal government, includes: HIPAA, individually identifiable health information used in research SSN, driver license #, debit/credit card #, checking account # (billing records) Confidential: loss or misuse may adversely affect individuals or BU business, such as HIPAA Limited Data Set or FERPA (info about you - students) Internal: potentially sensitive, requires protection from disclosure Public: does not require protection from disclosure

10 Storing and Sharing Research Data
Restricted Use BU Restricted Use network drive (Y Drive) BU Microsoft SharePoint, OneDrive, Teams, etc. BU REDCap and MyCap app for research Confidential MCHPCC Shared Computing Cluster (SCC4) for HIPAA Limited Data Set Google Drive and other Google apps cannot be used for HIPAA or HIPAA Limited Data Set, only student (FERPA) or school related communications BU options (Outlook and Gmail cannot be used – no encryption) Use Data Motion to send a secure or Encrypt the document or spreadsheet before attaching it. If you choose to encrypt the document and send it via non-secure , take care to avoid identifying individuals in the subject line or body of the .

11 What is a Breach? Any unauthorized access, use, or disclosure of patient information (includes unintentional) Theft or loss of devices Unauthorized viewing/accessing, including snooping Handing or sending PHI to the wrong person Hacking / Cyberattack

12 Reporting Loss of Confidential Patient Information
Notify your department and send an to the BU Incident Response Team Information Security will to determine who to involve and report to No provider or researcher is authorized to report, only BU Information Security in coordination with the appropriate BU Offices can report We’ll assess the situation, determine whether any notifications need to be made, and help you analyze how similar events can be prevented.

13 Resources General Computer Help: bumchelp@bu.edu
Securing Devices: or bu.edu/tech (search for securing devices) BU HIPAA Policy: BUMC Information Security Officer David Corbett:

Download ppt "School of Medicine Orientation Information Security Training"

Similar presentations

A Guide to Compliant Data Management

A Guide to Compliant Data Management
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.

Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.

HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.

New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
SECURITY: 2014. Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Similar presentations

Ads by Google