Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nancy Cole, BS, CTR 1,2 Iris Zachary, MS, CTR, Doctoral Candidate 1,2,3 J. Jackson-Thompson, PhD, MSPH 1,2,3 1 Missouri Cancer Registry and Research Center.

Published byMackenzie Pringle Modified over 9 years ago

Similar presentations

Presentation on theme: "Nancy Cole, BS, CTR 1,2 Iris Zachary, MS, CTR, Doctoral Candidate 1,2,3 J. Jackson-Thompson, PhD, MSPH 1,2,3 1 Missouri Cancer Registry and Research Center."— Presentation transcript:

1

2 Nancy Cole, BS, CTR 1,2 Iris Zachary, MS, CTR, Doctoral Candidate 1,2,3 J. Jackson-Thompson, PhD, MSPH 1,2,3 1 Missouri Cancer Registry and Research Center 2 Department of Health Management & Informatics 3 University of Missouri Informatics Institute University of Missouri, Columbia, MO MCR is supported in part by a cooperative agreement between the CDC and the Missouri Department of Health and Senior Services (DHSS) (#U58/DP000820-03) and a Surveillance Contract between DHSS and the University of Missouri.

3  MCR-ARC:  2005 - Katrina  2008 – Audit  MoSTRA – 2010 Annual Meeting  Informal comments - Hospital registrars & other cancer reporters  Conclusion: Best practices not in place in many facilities

4 Examples: DC response contained MD’s credit card application What did the credit card company receive? Records w/ PHI Not double wrapped Torn envelopes

5

6  Registrars should not rely on others to ensure the security of their data/records  Creating awareness of potential issues should allow registrars to improve their registry’s security, and  Educate others in their own institution The goal –  prevent unauthorized access to data; and  eliminate processes that may result in a data breach

7 MCR Newsletter – Security Section

8  Survey: e-mailed to 59 electronically reporting hospitals  # cases varies from c. 100 - 1000s  Several non-CoC  Response rate - 40%  Possible bias:  Hospitals with poor data security practices - less likely to respond?  # of beds – not asked  Anonymous – size, CoC

9  Security measures - changing due to fewer paper documents  Respondents with entirely electronic records – 37%  All paper – 1 respondent  Combination – all others

10  The majority of facilities have many basic data security practices in place  Secure fax machines/computers  Locked file cabinets in secure locations  Patient access restrictions to areas w/patient data  60% said custodial services provided after work hours

11  Facility size not good indicator of data security or practices  A small facility may be small but have excellent security  A large facility may not have all security measures in place

12  A few registrars do not know where to find institution’s data security policies & procedures  The majority have attended/ participated in data security awareness/education program at hospital (class or online)

13  Two-thirds said registry job descriptions/evaluations included information about data security expectations  99% said consequences for failure to abide by data security P&P have been communicated

14  All but one hospital required the use of “strong” passwords  Registrars who work remotely felt there were adequate security measures in place

15  All registrars indicated paper materials were disposed of securely  Joplin (more later)  However, 60% said follow-up letters are not sent in tear-proof envelopes  All said their electronic data was appropriately protected  Joplin again (later)

16  c. ¼ of the registrars did not know if a risk analysis had been conducted or if their registry had been reviewed during a risk analysis

17  Initial survey responses created additional questions  Disaster plans (including off-site backup)?  Computer OS (to see if encryption available)?  Use of encrypted e-mail?

18  Newsletter supplement to include security checklist (best practices)  Glossary of data security terminology  Live Meeting presentation  Info in each quarterly newsletter

19  Lessons from Katrina & Rita http://www.ncra- usa.org/files/public/Fall2006_V33.3.pdf  Disaster Recovery – Lessons from Tulane’s Response to Katrina http://www.fortherecordmag.com/archives/ftr_02020 9p10.shtml  Rebuilding Healthcare in Post-Katrina New Orleans http://www.usmedicine.com/articles/rebuilding- healthcare-in-post-katrina-new-orleans-.html http://www.usmedicine.com/articles/rebuilding- healthcare-in-post-katrina-new-orleans-.html

20  The patient has a right to feel confident that all identifiable information about him/her possessed by the cancer registry will be kept confidential unless he/she waives the privilege, or release of the information is compelled by statute, regulations or other legal means.

21  EHR migration started in May 2011  incomplete  All previous records are paper  still abstracting 2010 cases  Offsite data backup/storage (multiple servers – in another city, in other destroyed buildings on hospital campus, etc.)  Not sure where cancer registry data stored/backed up.

22  Melamedia LLC – track HIPAA & Breach Enforcement for Free http://www.melamedia.com/enforcement.php  Healthcare IT news – published in partnership with HIMSS http://www.healthcareitnews.com  Government Computer News (GCN) - http://gcn.com  Federal Computer Week - http://FCW.com  Government Health IT - http://www.govhealthit.com/ http://www.govhealthit.com/

23 Questions? ColeN@health.missouri.edu

Download ppt "Nancy Cole, BS, CTR 1,2 Iris Zachary, MS, CTR, Doctoral Candidate 1,2,3 J. Jackson-Thompson, PhD, MSPH 1,2,3 1 Missouri Cancer Registry and Research Center."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
FERPA: UPDATE ON THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Presented by Brenda V. S. Selman University Registrar-MU University of Missouri-Columbia.

FERPA: UPDATE ON THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Presented by Brenda V. S. Selman University Registrar-MU University of Missouri-Columbia.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Meet Grace! Grace is our newest team member! She is here to make it easier to keep track of all your HR related documents digitally. Grace will always.

Meet Grace! Grace is our newest team member! She is here to make it easier to keep track of all your HR related documents digitally. Grace will always.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
Keila E. Pena-Hernandez NAACCR 2010 Annual Conference Quebec, Canada 06/24/ 2010.

Keila E. Pena-Hernandez NAACCR 2010 Annual Conference Quebec, Canada 06/24/ 2010.
David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
System Security & Patient Confidentiality General Lesson 1.

System Security & Patient Confidentiality General Lesson 1.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Randy Benson RHQN Executive Director May, 2012. Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
Purpose: To: 1) examine participation of target groups (older women, inner city and rural women; African-American women); and 2) assess impact of the “high.

Purpose: To: 1) examine participation of target groups (older women, inner city and rural women; African-American women); and 2) assess impact of the “high.
Help Is On The Way: Computer-based Training (CBT) for Non-registry Hospitals Brenda L. Lee, CTR Missouri Cancer Registry University of Missouri-Columbia.

Help Is On The Way: Computer-based Training (CBT) for Non-registry Hospitals Brenda L. Lee, CTR Missouri Cancer Registry University of Missouri-Columbia.

Similar presentations

Ads by Google