1. Emily J. Hurst, MSLS Technology Coordinator National Network of Libraries of Medicine South Central Region @hurstej @nnlmscr

2.  Health Online 2013. Susannah Fox and Maeve Duggan. Pew Research Internet Project. http://www.pewinternet.org/2013/01/15/health-online-2013/ http://www.pewinternet.org/2013/01/15/health-online-2013/  One in three American adults have gone online to figure out a medical condition.

3.  Health Insurance Portability and Accountability Act of 1996 (HIPAA)  http://www.hhs.gov/ocr/privacy/hipaa/understanding/ http://www.hhs.gov/ocr/privacy/hipaa/understanding/  Protects  Individually identifiable health information (IIHI)  Information related to physical or mental condition of the individual  The provision of health care to the individual  Payment for health care  Information that identifies the individual  HIPAA Compliant entities: Health Plans Most Health Care Providers Health Care Clearinghouses Business Associates of these entities

4.  A tremendous amount of health-related information is found on the Internet. Many discussion forums are available for individuals to share information on specific diseases and health conditions. Websites dispense a wide variety of information. There is no guarantee that information you disclose in any of these forums is confidential. Always review the privacy policy of any website you visit.  Privacy Rights Clearinghouse. Medical Records Privacy. https://www.privacyrights.org/medical-records-privacy https://www.privacyrights.org/medical-records-privacy

5.  Not all Personal Health Records (PHRs) are mandated to be HIPAA compliant.  When selecting a PHR, individuals should evaluate privacy policies to decide if they are comfortable with the protections and rights offered, such as how their information will be safeguarded, for what purposes their information will be used and disclosed, and the extent to which the individual will control access to information in the PHR.  Personal Health Records and the HIPAA Privacy Rule: http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/phrs.pdf http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/phrs.pdf

6.  Is your organization tracking user behavior on computers?  ALA  http://www.ala.org/advocacy/intfreedom/libraryb ill/interpretations/privacy http://www.ala.org/advocacy/intfreedom/libraryb ill/interpretations/privacy  MLA  https://www.mlanet.org/about/ethics.html https://www.mlanet.org/about/ethics.html  Does your library have an up to date privacy policy?  http://www.ala.org/advocacy/privacyconfidentiali ty/toolkitsprivacy/Developing-or-Revising-a- Library-Privacy-Policy http://www.ala.org/advocacy/privacyconfidentiali ty/toolkitsprivacy/Developing-or-Revising-a- Library-Privacy-Policy

7.  Consider updating disclaimers to include online privacy statement.  Disclaimers, MLA CAPHIS: http://caphis.mlanet.org/chis/disclaimers.htmlhttp://caphis.mlanet.org/chis/disclaimers.html

8.  The National Library of Medicine (NLM) does not collect any personally identifiable information (PII) about you when you visit their websites unless you choose to provide that information to them.  NLM Privacy Policy. http://www.nlm.nih.gov/privacy.htmlhttp://www.nlm.nih.gov/privacy.html

9.  Turn on wireless router’s encryption setting - WPA2 (Wi-Fi Protected Access II) – WEP (Wired Equivalent Privacy) is less secure  Change default password  Change default network name – Services Set Identifier (SSID)  Turn on wireless router’s firewall  At Home:  Turn off guest access – Turn network name broadcasting off

10.  Hypertext Transfer Protocol Secure (HTTPS) provides secure communication over a computer network.  Protects against:  Forging  Eavesdroppers  Man-in-the-Middle attacks  HTTPS is not an anonymity tool  What libraries can do:  Enable HTTPS on your website  Educate/Encourage patrons to use HTTPS for secure online communications  HTTPS Everywhere FAQ: https://www.eff.org/https-everywhere/faqhttps://www.eff.org/https-everywhere/faq

11.  DuckDuckGo  https://duckduckgo.com/ https://duckduckgo.com/  Startpage  https://www.startpage.com/ https://www.startpage.com/  Blekko  http://blekko.com/ http://blekko.com/  Deletes personally identifiable information (PII) within 48 hours

12.  Create strong passwords  At least 8 characters long  Combination of upper case, lower case, special characters and numbers  Avoid using:  Names of family members or pets  Real words with numbers or special characters replacing some or part of the word  Sequences  Personal information  How Strong Is Your Password?  https://www.microsoft.com/en-gb/security/pc- security/password-checker.aspx https://www.microsoft.com/en-gb/security/pc- security/password-checker.aspx

13.  LastPass 3.0  https://lastpass.com/ https://lastpass.com/  Free browser extension or $12.00/year  Dashlane 2.0  https://www.dashlane.com https://www.dashlane.com  Free or $29.99/year  KeePass  http://keepass.info/ http://keepass.info/  Free

14.  Remove unnecessary data from your devices  Social Security Number  Credit Card Numbers  Bank Accounts  Set passcode or fingerprint lock  Enable idle timeout lock  Download apps only from trusted sources  Encrypt data  Enroll with a trusted service such as Find My iPhone  Keep operating system (OS) up to date

15.  Antivirus  System restore software (Deep Freeze)  Privacy/Protective monitor screens  Private area for reviewing online health information  User training  Online Security  Reliable Online Health Resources

16.  The Medical Library Association Guide to Providing Consumer and Patient Health Information. Edited by Michele Spatz.  Personal Health Records and the HIPAA Privacy Rule: http://library.ahima.org/xpedio/groups/public/documents/government/bok1 _042307.pdf#page%3D1 http://library.ahima.org/xpedio/groups/public/documents/government/bok1 _042307.pdf#page%3D1  When HIPAA applies to mobile applications: http://mobihealthnews.com/11261/when-hipaa-applies-to-mobile- applications/ http://mobihealthnews.com/11261/when-hipaa-applies-to-mobile- applications/  Find and Evaluate Health Information on the Web: https://www.mlanet.org/resources/userguide.html https://www.mlanet.org/resources/userguide.html  The Consumer Health Reference Interview and Ethical Issues: http://nnlm.gov/outreach/consumer/ethics.html http://nnlm.gov/outreach/consumer/ethics.html  Health Information in Libraries (ALA): http://www.ala.org/tools/atoz/health-information-libraries http://www.ala.org/tools/atoz/health-information-libraries

17.  Protecting Your Wireless Network: http://www.fcc.gov/guides/protecting-your-wireless-network http://www.fcc.gov/guides/protecting-your-wireless-network  The Ultimate Guide for Creating Strong Passwords: http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords  Guidelines for Securing Mobile Computing Devices: http://web.stanford.edu/group/security/securecomputing/mobile_device s.html http://web.stanford.edu/group/security/securecomputing/mobile_device s.html  The Best Antivirus for 2014: http://www.pcmag.com/article2/0,2817,2372364,00.asp http://www.pcmag.com/article2/0,2817,2372364,00.asp

18. Emily J. Hurst, MSLS Technology Coordinator National Network of Libraries of Medicine South Central Region emily.hurst@exch.library.tmc.edu (800) 338.7657 (Toll Free) This project has been funded in whole or in part with Federal funds from the National Library of Medicine, National Institutes of Health, under Contract No. HHSN-276-2011-00007-C with the Houston Academy of Medicine-Texas Medical Center Library.

19.  https://www.surveymonkey.com/s/july2014scr https://www.surveymonkey.com/s/july2014scr  Complete by August 1, 2014

20.  Wednesday, August 20, 2014  Topic: Metadata: The Key to Linking Data  Speaker: Guest Speakers: Dick Miller, Thea S. Allen & Joanne Banko from Lane Medical Library, Stanford University