Download presentation
Presentation is loading. Please wait.
Published by영범 길 Modified over 5 years ago
1
School of Medicine Orientation Information Security Training
August 2019
2
What We Will Cover Today
Security Basics How to Report a Security Concern or Breach
3
Sources of Healthcare Confidentiality Obligations
HIPAA: Privacy, Security, and Breach Notification Rules Massachusetts law: General confidentiality, combined with obligation to report in certain circumstances Department of Public Health (DPH) licensing law also requires confidentiality Professional Codes of Ethics Healthcare Research is regulated by Institutional Review Board regulations (federal), and contractual obligations – federal funding and data use agreements
4
Main Source of Healthcare Confidentiality Obligation
5
What’s The Big Deal? At Feinstein Institute for Medical Research, an unencrypted laptop was stolen from a car, containing data of about 50 research studies and approximately 13,000 individuals Big money payment: settled alleged HIPAA violations for $3.9 million Ongoing government scrutiny: three year corrective action plan Loss of confidence and reputation: required to notify research subjects and media outlets
6
Safeguards: BU Restricted Use Data
Paper PHI Verbal PHI Photos, video, audio Electronic PHI Patient info in any form must be protected
7
Secure Your Devices Every device (e.g., desktop, laptop, phone) used to access, process, or store patient or research data must have: Operating system that is supported and updated Anti-malware (McAfee free) Disk encryption Auto screen lock (15 min max) (search for securing devices)
8
Phishing s Almost every phishing attack is successful. At least a few users Click on a link or document that triggers a malware download, or Provide login credentials (i.e., name and password) BU will never ask for login credentials by Check before you Click Odd spelling, unexpected request Hover over links look at sender address Suspicious ? forward to
9
BU Data Protection Standards, Classification Policy
Restricted Use: loss or misuse may require notification to individuals or state/federal government, includes: HIPAA, individually identifiable health information used in research SSN, driver license #, debit/credit card #, checking account # (billing records) Confidential: loss or misuse may adversely affect individuals or BU business, such as HIPAA Limited Data Set or FERPA (info about you - students) Internal: potentially sensitive, requires protection from disclosure Public: does not require protection from disclosure
10
Storing and Sharing Research Data
Restricted Use BU Restricted Use network drive (Y Drive) BU Microsoft SharePoint, OneDrive, Teams, etc. BU REDCap and MyCap app for research Confidential MCHPCC Shared Computing Cluster (SCC4) for HIPAA Limited Data Set Google Drive and other Google apps cannot be used for HIPAA or HIPAA Limited Data Set, only student (FERPA) or school related communications BU options (Outlook and Gmail cannot be used – no encryption) Use Data Motion to send a secure or Encrypt the document or spreadsheet before attaching it. If you choose to encrypt the document and send it via non-secure , take care to avoid identifying individuals in the subject line or body of the .
11
What is a Breach? Any unauthorized access, use, or disclosure of patient information (includes unintentional) Theft or loss of devices Unauthorized viewing/accessing, including snooping Handing or sending PHI to the wrong person Hacking / Cyberattack
12
Reporting Loss of Confidential Patient Information
Notify your department and send an to the BU Incident Response Team Information Security will to determine who to involve and report to No provider or researcher is authorized to report, only BU Information Security in coordination with the appropriate BU Offices can report We’ll assess the situation, determine whether any notifications need to be made, and help you analyze how similar events can be prevented.
13
Resources General Computer Help: bumchelp@bu.edu
Securing Devices: or bu.edu/tech (search for securing devices) BU HIPAA Policy: BUMC Information Security Officer David Corbett:
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.