ZixCorp Lexicons. An Overview
|
|
- Moses Curtis
- 8 years ago
- Views:
Transcription
1 ZixCorp Lexicons An Overview March 2013
2 Table of Contents Introduction.. Pg. 3 Healthcare Lexicons.. Pg. 3 Example #1: (Standard rule covering official business messages).... Pg. 4 Example #2: (Standard rule covering official business messages).... Pg. 4 Financial Lexicons. Pg. 5 Example #1: (Match on financial identifier and financial terms).. Pg. 6 Example #2: (Match on financial identifier and financial terms)..... Pg. 6 Credit Card Lexicon.. Pg. 6 SSN Lexicon Pg. 7 State Regulation Lexicon.. Pg. 7 Profanity Lexicon. Pg. 7 Medical Research Lexicon..... Pg. 8 Customized Lexicons.. Pg. 8 Lexicon Development Process... Pg. 9 Content of Zix Lexicons.. Pg ZixCorp Lexicons: An Overview
3 Introduction ZixCorp Encryption Services use a set of comprehensive lexicons to scan for sensitive information, such as personal health information (PHI) or personal financial information in electronic messages. Searches are conducted by scanning all message subjects, bodies and attachments for sensitive information defined within the lexicons. A lexicon is a file consisting of a comprehensive set of terms, phrases, expressions and pattern masks that identify sensitive types of information. Sensitive information is defined as any information that, when inappropriately disclosed, can lead to significant contractual or legal liabilities; serious damage to your organization s image and reputation; or legal, financial, or business losses. ZixCorp uses many sources to generate the lexicon content that is used to search for sensitive information, including federal regulations, authoritative reference sources on the subject and standard of care practices. The following is a description of the lexicons that are typically used in ZixCorp Encryption Services, followed by a basic list of the formats inside each of the standard lexicons. In addition to these standard lexicons, custom lexicons can be created to detect sensitive information that is unique to an organization such as customer codes or classified project identifiers. Healthcare Lexicons Healthcare lexicons are designed to identify PHI as defined by the Health Insurance Portability and Accountability Act. The Healthcare lexicons are a set of two lexicons, identifiers and health terms that work together to identify PHI. The lexicons search for PHI by taking the intersection of identifying information, combined with health terms or claims information. This provides the highest level of confidence that context is actually PHI. An example of this would be a document containing a patient s date of service and diagnosis. The date of service would constitute an identifier, and the diagnosis would constitute health information. To search for PHI, both of the healthcare lexicons are combined using the following logic: Identifiers AND Health Terms The identifiers lexicon looks for indications of official business communications, such as SSNs, Subscriber IDs, dates of birth, etc. The Health Terms Lexicon scans for diagnoses, diseases, insurance information, pharmaceutical information, etc. 3 ZixCorp Lexicons: An Overview
4 The healthcare lexicons can be used on the ZixGateway to effectively identify messages that contain PHI and then manage those messages in a method compliant with HIPAA legislation. The following are several example messages that would be identified as PHI by the healthcare lexicons. Bold font indicate terms that are contained in the lexicons. Example #1: (Standard rule covering official business messages) From: Sue To: Linda Subject: RE: Shared patient Linda, Here s the info you requested on patient Jane Doe, ss# She sees Dr. A. at General Hospital. She began fluorouracil approximately 5/15/2011. When he saw her in 2012, he stated that she had been on fluorouracil for a year. Her last visit was 10/14/2012. No cancer! Example #2: (Standard rule covering official business messages) From: Sue To: Linda Subject: RE: Daily Inpatient Report General Hospital does have an acute rehab service. Both members are improving considerably with their therapy. Members are Mr. Smith, Mbr Num: & Mr. Jones, Mbr Num: They are on a rehab unit. 4 ZixCorp Lexicons: An Overview
5 Financial Lexicons Personal financial lexicons consist of a set of 2 lexicons: financial terms and financial identifiers. These lexicon files are designed to work in combination to recognize Nonpublic Personally Identifiable Financial Information as defined in the Gramm-Leach-Bliley Act (GLBA). The lexicons work in conjunction to recognize the intersection of financial identifiers, such as SSNs, account numbers or loan numbers AND financial terms, such as balance transfer, refinance or deposit. The following logic is used to identify messages containing nonpublic personally identifiable financial information: Financial Identifiers AND Financial Terms ZixCorp personal financial lexicons can be used on the ZixGateway to effectively assist companies in identifying personally identifiable financial information in traffic. Below are several example messages that would trigger the personal financial lexicons. The expressions shown in bold font indicate terms that are identified in the lexicons. 5 ZixCorp Lexicons: An Overview
6 Example #1: (Match on financial identifier and financial terms) From: Linda To: Sue Subject: Your Account Dear Miss Jones, We here at Big-Mortgage-Finance Corp. have noticed that you have defaulted on loan # We are happy to assist you however possible. Perhaps an automatic payroll deduction could help you make regular bill payments. Please see the attached account summary and submit payment in full as soon as possible to avoid foreclosure. Example #2: (Match on financial identifier and financial terms) From: Mike To: Daniel Subject: Prepayment Fees In order to complete the monthly billing, please verify the prepayment fee for the following accounts: JOHN DOE , SUE JONES , Please respond as soon as possible, so we may complete the billing process. Thank you for your assistance. Credit Card Number Lexicon Major credit card companies and banks use standard numbering sequences that are unique to each brand of card, such as Visa, MasterCard, or Discover. The Credit Card Number Lexicon can identify most credit card numbers and bank card numbers with matching technology that recognizes the identifiable patterns of numbers that all major credit card companies and banks use. 6 ZixCorp Lexicons: An Overview
7 SSN Lexicon This SSN lexicon is designed to identify social security numbers in s. The lexicon is used to detect 9 digit numbers that meet the format requirements of an SSN and are found in close proximity to a label that identifies the number as a SSN. The SSN lexicon is included in many of the other lexicons, but can also be used independently to identify s containing SSNs. State Regulation Lexicons To assist organizations with state compliance requirements, such as the privacy regulations in Massachusetts, Nevada, California, Texas and many other states, the State Regulation lexicons can be used to detect s with sensitive content as defined by those laws. The wording in these regulations typically defines sensitive content as personal information which includes a resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number, driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident s financial account. The State Regulatory lexicons are designed to detect social security numbers, state-specific driver s license numbers, financial account numbers, and credit and debit card numbers. Profanity Lexicon The profanity lexicon is designed to recognize profane and obscene language in messages. According to Merriam-Webster, profane means to debase by a wrong, unworthy, or vulgar use. Obscene means marked by violation of accepted language inhibitions and by the use of words regarded as taboo in polite usage. These definitions form the basis on which this lexicon was designed and developed. 7 ZixCorp Lexicons: An Overview
8 Medical Research Lexicon The Medical Research lexicon is designed to help organizations identify s that contain nonsensitive information directly related to research activities. Research information can often be incorrectly identified by the Healthcare and Financial lexicon as being sensitive because it has many common attributes of PHI and personal financial information. In a research environment, the traffic often contains test results of de-identified patients or animals, and information on grant funding. None of these s are sensitive, so the Medical Research lexicon is used to identify these messages, so they can be processed appropriately. The ZixResearch Center TM has identified complex expressions that are standard and exclusive to research environments. This lexicon is very effective at identifying messages that deal with nonsensitive research-related topics. Customized Lexicons ZixCorp can help customers develop and deploy custom lexicons for ZixGateway or design effective ZixGateway policies that can best implement their corporate policies. For instance, a client may have specific account number or medical record formats, in this case the Zix Research Center will create a lexicon to scan for those specific formats, thereby increasing the accuracy of that client s scanning capabilities. All customizations are performed as a client service and there is never any charge for this service. 8 ZixCorp Lexicons: An Overview
9 Lexicon Development Process ZixCorp goes to great lengths to ensure that lexicons are accurate and precise. This is accomplished through a comprehensive definition and design of the lexicons, coupled with exhaustive manual analysis to ensure that the lexicon results agree with the judgment of the lexicon designers. The following example provides a high level overview of the design process and validation of the lexicons: 1. Standard lexicons designed based on definitions from HIPAA, GLBA, State Regulations or standard of care practices. 2. Jury standard document developed 3. Message samples gathered from participating partner organizations 4. Samples manually examined using the jury standard document as a reference 5. Reference sources identified to ensure comprehensive content, including medical dictionaries, professionally-accepted terminology lists, legislation, etc. 6. Lexicons constructed and run against message samples 7. Lexicon results compared to manual results 8. Lexicons tuned and rerun against sample until performance is optimized 9. Revisions made based on changes in the definition of sensitive information and continuous collection of message samples. 9 ZixCorp Lexicons: An Overview
10 Content of Zix Lexicons The section below includes the basic information that each of the standard Zix lexicons includes in its scanning formats. Health Identifiers SSNs Vehicle Identification Numbers Member Numbers Medical Savings Account numbers Medical Record Numbers Subscriber Numbers Patient ID numbers (All of the above are only found when in close proximity to a number at least 5 digits long) Admit dates Dates of Birth Dates of Death Dates of Discharge Dates of Service (All of the above are only found when in close proximity to a date) 10 ZixCorp Lexicons: An Overview
11 Health Terms Diseases Chemicals, Drugs, and Analytic, Diagnostic or Therapeutic Techniques Substance Use or Abuse Mental Health Terms Medical Records Information Insurance Information Medications Personal Financial Identifiers SSNs Vehicle Identification Numbers Account Numbers Certificate Numbers Loan Numbers Policy Numbers Customer Numbers (All of the above are only found when in close proximity to a number at least 5 digits long) Personal Financial Terms Banking Terms Investment Terms Mortgage Terms General Financial Terms Credit Card Number Lexicon Mastercard formats Visa formats American Express formats Carte Blanche / Diners Club formats Discover formats Enroute formats JCB formats 11 ZixCorp Lexicons: An Overview
12 Social Security Number Lexicon hyphenated 9 digit valid SSN sequence (nnn-nn-nnnn) 9 digit valid SSN sequence (nnnnnnnnn) and in proximity of an SSN identifier (the phrase SSN, or SS, etc.) 9 digit valid SSN sequence sperated by spaces (nnn nn nnnn) and in proximity of an SSN identifier (the phrase SSN, or SS, etc.) State Regulation Lexicons SSNs Account Numbers State specific Driver License formats Generic Driver license formats Debit/Credit Card Numbers 12 ZixCorp Lexicons: An Overview
13 About Zix Corporation Zix Corporation (ZixCorp) provides the only encryption services designed with your most important relationships in mind. The most influential companies and government organizations use the proven ZixCorp Encryption Services, including WellPoint, Humana, the SEC and more than 1,200 hospitals and 1,300 financial institutions. ZixCorp Encryption Services are powered by ZixDirectory SM, the largest encryption community in the world. The tens of millions of ZixDirectory members can feel secure knowing their most important relationships are protected. For more information, visit For more information about ZixCorp Encryption Services, contact ZixCorp at or 13 ZixCorp Lexicons: An Overview
14 Copyright and Trademarks Notice This manual, ZixGateway TM software and other computer software offered by ZixCorp Systems, Inc. and its affiliates (collectively "ZixCorp") are the property of ZixCorp and are copyrighted. Your use of ZixCorp property and services is governed by the services agreement and/or license accompanying the original media. Your right to copy ZixCorp property is limited by copyright law. Unauthorized duplication or distribution of the software, or any portion of it, may result in severe civil or criminal penalties, and will be prosecuted to the maximum extent possible under the law. ZixCorp Systems, Inc All Rights Reserved. Protected Under U.S. Patent Laws. The following are registered marks of ZixCorp or its affiliates and are protected by trademark laws under U.S. and international law: ZixAuditor, ZixCorp, ZixGateway and ZixResearch Center. All other brand and product names are trademarks or registered trademarks of their respective holders. Contact Information Zix Corporation 2711 N. Haskell Avenue Suite 2300, LB 36 Dallas, TX Telephone: (214) , (888) Fax (Main): (214) ZixCorp Lexicons: An Overview
15 15 ZixCorp Lexicons: An Overview
Stop PHI Leaks Now: A HIPAA Survival Guide
WHITE PAPER Stop PHI Leaks Now: A HIPAA Survival Guide ZIXCORP FEBRUARY 2005 INSIDE: > PHI exposure > Recognizing PHI in email > The HIPAA Security Rule > Content scanning solutions via lexicons > Lexicon
More informationSECURING EMAILS IN THE TITLE INDUSTRY
SECURING EMAILS IN THE TITLE INDUSTRY An Introduction to Secure Email Encryption By ZixCorp www.zixcorp.com PROTECTION IS A REQUIREMENT The August 2015 implementation of the CFPB s integrated mortgage
More informationPresentation to CSBS 10-Nov-10
Presentation to CSBS 10-Nov-10 Why We re Here - Regulations Fully aware of increasing threats, federal and state governments have demanded increased data protection and enacted increased regulatory requirements.
More informationSecure in Transition and Secure behind the Network Page 1
Secure in Transmission and Secure behind the Network A Review of Email Encryption Methods and How They Can Meet Your Company s Needs By ZixCorp www.zixcorp.com Secure in Transition and Secure behind the
More informationA NATURAL FIT. Microsoft Office 365 TM and Zix TM Email Encryption. By ZixCorp www.zixcorp.com
Microsoft Office 365 TM and Zix TM Email Encryption A NATURAL FIT By ZixCorp www.zixcorp.com Microsoft Office 365 TM and Zix TM Email Encryption Page 1 INTRODUCTION IT managers and decision makers are
More informationEmail Encryption Services
Services ZixCorp provides easy-to-use email encryption services for privacy and regulatory compliance. As the largest email encryption services provider, ZixCorp protects tens of millions of members in
More informationHow To Use Zixselect In Outlook 2003
for Outlook 2003 Version 3.5 Copyright and Trademarks Notice The contents of this manual, the associated ZixVPM software and other computer programs offered by Zix Corporation (hereinafter collectively
More informationEmail Encryption Services
Services ZixCorp provides easy-to-use email encryption services for privacy and regulatory compliance. As the largest email encryption services provider, ZixCorp protects tens of millions of members in
More informationThe Risks of Email and the Rewards of Innovative Encryption
The Risks of Email and the Rewards of Innovative Encryption By ZixCorp www.zixcorp.com The Risks of Email and the Rewards of Innovative Encryption Page 1 EMAIL IS HOW YOUR COMPANY KEEPS BUSINESS MOVING.
More informationStop PHI Leaks: A Guide to the Importance of Email Encryption and HIPAA
Stop PHI Leaks: A Guide to the Importance of Email Encryption and HIPAA INSIDE: > PHI exposure > Recognizing PHI in email > Tougher HIPAA enforcement > Content filter development and accuracy A Whitepaper
More informationEmail Filtering Service
Secure E-Mail Gateway (SEG) Service Administrative Guides Email Filtering Service HIPAA Compliance Features HIPAA Compliance Features AT&T Secure E-Mail Gateway includes five HIPAA compliance rule selections
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationThe Case for Email Encryption
The Case for Email Encryption Improve Compliance and Protect PHI on the Move Healthcare organizations face an ongoing compliance burden involving the protection of sensitive patient data. The task of safeguarding
More informationData Loss Prevention and HIPAA. Kit Robinson Director kit.robinson@vontu.com
Data Loss Prevention and HIPAA Kit Robinson Director kit.robinson@vontu.com ID Theft Tops FTC's List of Complaints For the 5 th straight year, identity theft ranked 1 st of all fraud complaints. 10 million
More informationThe Value of Email DLP
The Value of Email DLP Identifying and Minimizing Your Organization s Greatest Risk By ZixCorp www.zixcorp.com Zix Email Data Loss Prevention Page 1 CLICKING SEND IS ALMOST TOO EASY. We ve all had those
More informationThe Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide
The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional
More informationHOW EMAIL ENCRYPTION STRENGTHENS SECURITY. www.zixcorp.com THE LEADER IN EMAIL ENCRYPTION
HOW EMAIL ENCRYPTION STRENGTHENS SECURITY www.zixcorp.com THE LEADER IN EMAIL ENCRYPTION THE SECURITY YOU NEED NOW Whether you are a HIPAA-covered entity or business associate, the changes to HIPAA through
More informationTexas Medical Records Privacy Act
A COALFIRE PERSPECTIVE Texas Medical Records Privacy Act Texas House Bill 300 (HB 300) Rick Dakin, CEO & Co-Founder Rick Link, Director Andrew Hicks, Director Overview The State of Texas has pushed ahead
More informationNew Perspective Counseling Services Child/Teen Intake Form
Child/Teen Intake Form Welcome to New Perspective Counseling Services. We look forward to providing you with excellent and efficient counseling services. Please take a few minutes to fill out this form.
More informationAn Executive Overview of GAPP. Generally Accepted Privacy Principles
An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business
More informationAnthem Workers Compensation
Anthem Workers Compensation ICD-10 Frequently Asked Questions What is ICD-10? International Classification of Diseases, 10th Revision (ICD-10) is a diagnostic and procedure coding system endorsed by the
More informationSomansa Data Security and Regulatory Compliance for Healthcare
Somansa White Paper Somansa Data Security and Regulatory Compliance for Healthcare How Somansa can protect ephi- electronic patient health information and meet the requirements for healthcare compliances,
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationKeweenaw Holistic Family Medicine Patient Registration Form
Keweenaw Holistic Family Medicine Patient Registration Form How did you first learn of our Clinic? Circle one: Attended Lecture Internet KHFM website Newspaper Sign in window Yellow Pages Physician Friend
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationPrivacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy
Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) is broad federal legislation that includes
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationEmail Encryption Simplified
The Directors Education Series Email Encryption Simplified Joel Abramson Complete Data Products (248) 247.3091 Joel.abramson@securecdp.com Agenda: Discussion 1. Introduction 2. Alternatives When Sending
More informationTJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT
PRIVACY POLICY STATEMENT Purpose: It is the policy of this Physician Practice that we will adopt, maintain and comply with our Notice of Privacy Practices, which shall be consistent with HIPAA and California
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationLivingston County. E-Mail Encryption. Revised Date: 10/06/2015 Revision: 1.0 File Name: Mimecast E-Mail Encryption
Livingston County E-Mail Encryption Revised Date: 10/06/2015 Revision: 1.0 TABLE OF CONTENTS 1.0 INTRODUCTION... 3 2.0 USE OF E-MAIL ENCRYPTION... 4 3.0 GOOD PRACTICE WHEN SENDING AN ENCRYPTED E-MAIL...
More informationELECTRONIC HEALTH RECORDS. Nonfederal Efforts to Help Achieve Health Information Interoperability
United States Government Accountability Office Report to Congressional Requesters September 2015 ELECTRONIC HEALTH RECORDS Nonfederal Efforts to Help Achieve Health Information Interoperability GAO-15-817
More informationHIPAA Employee Training Guide. Revision Date: April 11, 2015
HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationSecuring Your Customer Data Simple Steps, Tips, and Resources
Securing Your Customer Data This document is intended to provide simple and quick information security steps for small to mid-size merchants that accept credit and/or debit cards as a form of payment for
More informationPractices for Managing Information Protection & Storage
HIPAA Compliance and Best Practices for Managing Information Protection & Storage Wednesday, March 31, 2010 Sponsored by: Moderator Bernie Monegain Editor Healthcare IT News Guest Speakers Shawna Ridley,
More informationRevenue Cycle Management
Revenue Cycle Management 2007 Edition Copyright 2007 Revenue Integrity Specialist Team University of Arkansas for Medical Sciences All rights reserved INTRODUCTION Welcome! The program is facilitated by
More informationHealth Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
More informationHIPAA Training 2010. For Research Investigators and Study Staff
HIPAA Training 2010 For Research Investigators and Study Staff HIPAA IS... THE HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 Portability Created to ensure access to health coverage Allows for
More informationHIPAA Education Level One For Volunteers & Observers
UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationProtecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)
Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationFraud, Waste, and Abuse
These training materials are divided into three topics to meet the responsibilities stated on the previous pages: Fraud, Waste, Compliance Program Standards of Conduct Although the information contained
More informationPacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009
Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program
More informationwhat your business needs to do about the new HIPAA rules
what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or
More informationInformation Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514
More informationBy the end of this course you will demonstrate:
1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health
More informationUNIFORM EMERGENCY VOLUNTEER HEALTHCARE PRACTITIONERS ACT
FOR APPROVAL UNIFORM EMERGENCY VOLUNTEER HEALTHCARE PRACTITIONERS ACT NATIONAL CONFERENCE OF COMMISSIONERS ON UNIFORM STATE LAWS MEETING IN ITS ONE-HUNDRED-AND-FIFTEENTH YEAR HILTON HEAD, SOUTH CAROLINA
More informationFirst Name MI Last. Street Address (P.O. Boxes cannot be accepted) City State Zip. First Name MI Last
Accident Claim Form Instructions for Filing a Claim LIFESECURE INSURANCE COMPANY ADMINISTRATIVE OFFICE ATTN: Claims Department PO Box 13490, Pensacola, FL 32591-3490 1-888-575-8246 Please have all sections
More informationTo file a claim: If you have any questions or need additional assistance, please contact our Claim office at 1-800-811-2696.
The Accident Expense Plus policy is a financial tool that helps cover high deductibles, co-pays and other expenses not covered by your primary major medical plan. This supplemental plan reimburses you
More informationHealth Information Technology Courses
Health Information Technology Courses Course ID Course Title Credits HIT-100 Introduction to Healthcare 3 HIT-110 Medical Terminology I 3 HIT-120 Medical Terminology II 3 HIT-130 Medical Transcription/Editing
More informationYou also may have purchased the Hospital Cash Rider and/or the Disability Income Benefit Rider. Refer to your policy for detail information.
Your Emergency Care policy is supplemental insurance to help cover the additional expenses associated with an accidental injury. An Accident is defined as an unforeseen occurrence of an event, which results
More informationHOW COMMUNITY-BASED EMAIL ENCRYPTION STRENGTHENS SECURITY
HOW COMMUNITY-BASED EMAIL ENCRYPTION STRENGTHENS SECURITY www.zixcorp.com The Power OF Everyone How often do you click send without a second thought? If you re a typical corporate email user, it s more
More informationDivision of Public and Behavioral Health (DPBH) INTRODUCTION TO SECURE EMAIL. Updated October 2015
What is secure email? Division of Public and Behavioral Health (DPBH) INTRODUCTION TO SECURE EMAIL Updated October 2015 Secure email ensures that Personal Information (PI), Personal Health Information
More informationHIPAA Privacy & Security Training for Clinicians
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
More informationDeploying DLP and Encryption
case study Deploying DLP and Encryption in Financial, Government, Healthcare, and Insurance Verticals Proven DLP Results in the Banking Industry 1 A company with two hundred distributed offices which offers
More informationZixCorp. The Market Leader in Email Encryption Services. Adam Lipkowitz ZixCorp (781) 993-6102 alipkowitz@zixcorp.com
ZixCorp The Market Leader in Email Encryption Services Adam Lipkowitz ZixCorp (781) 993-6102 alipkowitz@zixcorp.com Agenda: Discussion 1. Alternatives When Sending Sensitive Information 2. Business Justification
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationUNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14
UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More informationVulnerability Management Policy
Vulnerability Management Policy Policy Statement Computing devices storing the University s Sensitive Information (as defined below) or Mission-Critical computing devices (as defined below) must be fully
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationICD-10 Frequently Asked Questions For Providers
ICD-10 Frequently Asked Questions For Providers ICD-10 Basics ICD-10 Coding and Claims ICD-10 s ICD-10 Testing ICD-10 Resources ICD-10 Basics What is ICD-10? International Classification of Diseases, 10th
More information(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data;
Legal Updates & News Legal Updates Pending Changes to California s Data Breach Law: New Burdens for Retailers? September 2007 by Christine E. Lyon, William L. Stern Related Practices: Privacy and Data
More informationIssues to Address: The Privacy Concerns of Individuals
July 21, 2009 The Honorable Michael J. Astrue Commissioner Social Security Administration 6401 Security Boulevard Baltimore, MD 21235-7703 Dear Mike: As you requested, the ABA explored the issues related
More informationWELCOME TO PCCMA. We look forward to being of service to you and helping you to be healthier in the future.
Phone: 717-234-2561 Franklyn J. Myers, III, M.D., F.C.C.P. Alexis B. Aaronson, M.S.N, C.R.N.P. Michele M. Knepper, C.R.N.P. WELCOME TO PCCMA Welcome to our practice. We are specialists in the treatment
More informationHIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA)
Sí necesita ayuda para traducir esta información, por favor comuníquese con el departamento de Servicios a miembros de Highmark Delaware al número al réves de su tarjeta de identificación de Highmark Delaware.
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationData Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationUnderstanding. Your Medical Record
Understanding Your Medical Record Table of Contents Choose topics at right by selecting the phrases. To go to the next or previous page, click on the arrows. To return to the table of contents, please
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationOregon Prescription Drug Monitoring Program. Terms & Conditions of Account Use Agreement. Statutory Authority:
Oregon Prescription Drug Monitoring Program Terms & Conditions of Account Use Agreement Statutory Authority: The Oregon Health Authority (OHA) was given authority under ORS 431.962 to establish and maintain
More informationFaculty Group Practice Patient Demographic Form
Name (Last, First, MI) Faculty Group Practice Patient Demographic Form Today s Date Patient Information Street Address City State Zip Home Phone Work Phone Cell Phone ( ) Preferred ( ) Preferred ( ) Preferred
More informationDeveloped by the Centers for Medicare & Medicaid Services
Developed by the Centers for Medicare & Medicaid Services Every year millions of dollars are improperly spent because of fraud, waste, and abuse. It affects everyone. Including YOU. This training will
More informationIDENTITY THEFT: DATA SECURITY FOR EMPLOYERS. Boston, MA 02110 Richmond, Virginia 23219 Tel. (617) 502.8238 Tel. (804) 783.7579
IDENTITY THEFT: DATA SECURITY FOR EMPLOYERS Daniel J. Blake, Esq. Vijay K. Mago, Esq. LeClairRyan, A Professional Corporation LeClairRyan, A Professional Corporation One International Place, Eleventh Floor
More informationSecurityMetrics. PCI Starter Kit
SecurityMetrics PCI Starter Kit Orbis Payment Services, Inc. 42 Digital Drive, Suite 1 Novato, CA 94949 USA Dear Merchant, Thank you for your interest in Orbis Payment Services as your merchant service
More informationHow To Comply With The Pci Ds.S.A.S
PCI Compliance and the Data Security Standards Introduction The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of
More informationTraining Guide for Delaware Practitioners and Pharmacists Delaware Division of Professional Regulation Prescription Monitoring Program
Training Guide for Delaware Practitioners and Pharmacists Delaware Division of Professional Regulation Prescription Monitoring Program August 2014 v1.7 Contents Contents 1 Document Overview... 1 Purpose
More informationHIPAA Orientation. Health Insurance Portability and Accountability Act
HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the
More informationFive Essentials to Keeping Your Bank Secure and Relevant. Joel Abramson Complete Data Products
Five Essentials to Keeping Your Bank Secure and Relevant Joel Abramson Complete Data Products Topics I. Why banks need a proven email encryption solution. II. III. IV. Disaster recovery-not just data recovery.
More informationReleasing Information
Releasing Information There are 3 kinds of release situations now: our original Release of Information and it s uses under Colorado Law and Professional Ethical Standards; HPAA s Consent to release information
More informationMcZeely Coterie, LLC Privacy Notice. Effective Date of this Privacy Notice: February 11, 2015.
McZeely Coterie, LLC Privacy Notice Effective Date of this Privacy Notice: February 11, 2015. We at McZeely Coterie, LLC, the company that proudly brings you Plan Z by Zola ( Plan Z ), respect your concerns
More informationHIPPA Goes HITECH. Data Protection for Agents
HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able
More informationGrand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development
Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability
More informationUbiquity of Email Security Compliance and Content Management
CIBC Global Services Ubiquity of Email Security Compliance and Content Management Stephen Dodd Director Enterprise Accounts dodd@echoworx.com 416-226-8616 404-551-3077 2006, Echoworx Corporation Agenda
More informationMetropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031
The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this
More informationWelcome To Our Physical Therapy Department
Welcome To Our Physical Therapy Department Our entire staff is dedicated to providing our patients with the best possible care and service while keeping the costs to you from increasing at an unreasonable
More informationCompliance in the Corporate World
Compliance in the Corporate World How Fax Server Technology Minimizes Compliance Risks Fax and Document Distribution Group November 2009 Abstract Maintaining regulatory compliance is a major business issue
More informationPatient Insurance Information
Improving Lives & Performance Dr. Jeff Eidsvig, D.C., TPI- CGFI 3060 Communications Parkway, Suite #104 Plano, Texas 75093 972-312- 9310 New Patient Information / Change of Information : New Patient Change
More informationPatient Privacy and HIPAA/HITECH
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationBuilding Trust and Confidence in Healthcare Information. How TrustNet Helps
Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)
More informationINFORMATION SECURITY & HIPAA COMPLIANCE MPCA
INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health
More information