Harbor Regional Center Service Provider Training July 27, 2015 Information Security & Electronic Document Management Systems
|
|
- Gillian Wilcox
- 8 years ago
- Views:
Transcription
1 Harbor Regional Center Service Provider Training July 27, 2015 Information Security & Electronic Document Management Systems 1 1
2 INFORMATION SECURITY 2 Judy Wada Chief Financial Officer The protection of sensitive information and information systems from unauthorized access 2
3 Compliance of Federal/State Laws Federal HIPAA Health Insurance Portability and Accountability Act HITECH Health Information Technology for Economic and Clinical Health State WIC4514 Civil Code Section
4 Personally Identifiable Information (PII) Any information about an individual maintained by an agency, including: 1) any information that can be used to distinguish or trace an individual s identity, such as name, social security number, date and place of birth, mother s maiden name, or biometric records; and 2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information 4 4
5 Protected Health Information (PHI) Individually identifiable health information is information, including demographic data, that relates to: the individual s past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, the individual's identity or for which there is a reasonable basis to believe it can be used to identify the individual. 5 5
6 18 Individual Identifiers 1. Names 2. All geographical identifiers smaller than a state 3. Dates (other than year) directly related to an individual 4. Phone numbers 5. Fax numbers 6. addresses 6 6
7 18 Individual Identifiers (cont d) 7. Social Security numbers 8. Medical record numbers 9. Health insurance beneficiary numbers 10.Account numbers 11.Certificate/license numbers 12.Vehicle identifiers and serial numbers, including license plate numbers 7 7
8 18 Individual Identifiers (cont d) 13. Device identifiers and serial numbers 14. Web Uniform Resource Locators (URLs) 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger, retinal and voice prints 17. Full face photographic images 18. Any other unique identifying number, characteristic, or code 8 8
9 PHYSICAL SECURITY 9 9
10 Facility Access Limit physical access to facilities where sensitive data is housed Control access on a need to know basis only Records must be stored in a locked cabinet or drawer Never share codes, passwords, ID cards, or keys Do not leave documents unsecured on desks, at printers, copiers and fax machines Fax machines in private area Properly destroy physical records and electronic equipment/media Shred immediately or use shred containers 10 10
11 Out and About Be aware of your surroundings Be careful in places where your conversation may be overheard (including telephone conversations) Do not label files/electronic devices as company devices Keep files/electronic devices within reach Do not work on confidential information in public places Do not leave files/electronic devices in automobiles Keep files/devices out of sight Use caution connecting to public WiFi 11 11
12 Employees & Policies 12 Train employees of their responsibilities in protecting sensitive information Policies and Procedures Document Retention Policy Confidentiality Agreements Terminated employees Disable and delete accounts, change password 12
13 DD Community Tips 13 Lists should have the minimum necessary information (i.e., Client Rosters, Sign In Sheets) Decrease the use of checks and migrate to electronic payments Redact sensitive information Do not share information or photos of clients in social media postings without express permission from client 13
14 14 Passwords Do not share passwords or user IDs 9 15 characters At least 1 special character Upper and lower case Number Force changes every days Do not use the same password for all systems, especially for encrypted files Don t give out WiFi network passwords to visitors Do not use default passwords 14
15 DATA SECURITY 15 David Bourdeau Director of Information Technology 15
16 /Web Security Definitions: Malware Delivered through and websites Steal personal and financial information Zombie, Ransomware Viruses Phishing scams Attempt to get financial and personal data SPAM 16 16
17 /Web Security 17 17
18 /Web Security 18 Encrypt Encrypt Attachments SPAM Don't open unsolicited , especially attachments Opt out of unwanted lists Anti virus / Malware protection software 18
19 /Web Security Cloud Based Systems Office365 HIPAA Compliant Privacy Encryption / Anti virus/malware / SPAM filtering Potentially free for 501(3)c Non Profits Google Mail / Google Apps HIPAA Compliant with Google apps Less Privacy Scan, track, sell information gathered about you and your e mail activity Encryption only with 3 rd party software 19 19
20 Smartphones & Mobile Devices Passcode protect Encryption Apple: activates upon putting in passcode Android: 2 step process All business/client information stored on the device must be encrypted Auto lock timeout set: max 5 minutes Stolen or lost device Report to employer Disposal/recycle or replace All sensitive information must be removed Close applications on your smartphone and computer 20 20
21 Workstations Maintain security patches Microsoft s Patch Tuesday (2 nd Tuesday of the Month) Be on latest supported Operating Systems Update individual software from manufacturer website or update software Encrypt hard drives containing sensitive data Anti virus / Malware Protection Restricted/confidential information stored on mobile computing devices
22 Workstations Delete old data, especially sensitive information Delete "temporary" files on your computer. These include file attachments opened in and download files. If these files contain restricted/confidential information, they should be immediately removed or encrypted
23 File Sharing 23 Box.com Office365 One drive for business Google Apps / Drive Dropbox.com Does NOT have HIPAA audit controls Not natively compliant to HIPAA/HITECH Sookasa 23
24 Systems/Network Security Copiers Hard disk drives Printers Change network default password WiFi Wireless Networks Ask to be configured with WPA2 Commercial grade Remote access VPN Technologies GoToMeeting WebEx 24 24
25 Encryption Servers File Server shares containing sensitive data Database Tables containing sensitive data Least privilege Only necessary access for job function 25 25
26 WHAT TO DO IF THERE IS A BREACH? 26 Colleen Mock Director of Community Services 26
27 Notification Requirements 27 What is a Breach? An impermissible use or disclosure that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk or financial, reputational, or other harm to the affected individual. 27
28 Notification Requirements 28 We are required to report privacy breaches and security incidents involving paper and other formats. Any loss or theft of personal, sensitive, or confidential information in any format, including but not limited to flash drives, cell phones, computers, and laptops Contact your HRC Counselor and Nancy Spiegel, HRC s Privacy Officer 28
29 Notification Requirements 29 You will need to provide the following information: 1. Date the incident occurred 2. Date the incident was detected 3. Address and type of location (car, office) 4. Description of the incident (what and how it happened) 5. Media/device type (if applicable) 6. Was portable storable device encrypted (if applicable) 29
30 Notification Requirements (cont d) 7. If local law enforcement was notified, include name of the agency, report number and the name, telephone number and badge number of the officer taking the report 8. Costs associated with resolving this incident (i.e., equipment, mailing of privacy notices, etc.) 9. If the incident involved personally identifiable information: a) What type of information b) Number of individuals affected 10. Corrective actions taken to prevent future occurrences, estimated costs and date to implement 30 30
31 ELECTRONIC DOCUMENT MANAGEMENT SYSTEMS (DM) 31 Alex Wilson Wilson Tech 31
32 32 Dave Bourdeau Colleen Mock Nancy Spiegel Judy Wada Alex Wilson Bradford Bach ca.com 32
33 Harbor Regional Center Service Provider Training July 27, 2015 Information Security & Electronic Document Management Systems Risk Assessments Healthit.gov Security Risk Assessment Video professionals/security risk assessment videos NIST Special Publication Revision 1: An introductory resource guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. FCC Small Biz Cyber Planner Tool Password Policy examples policy.html FjAEahUKEwj5oPCv_dvGAhXBG6YKHcfrBC4&url=http%3A%2F%2Fwww.altiusit.com%2Ffiles%2Fpolicies %2FAltiusITPasswordPolicy.doc&ei=obalVbnMJ8G3mAXH15PwAg&usg=AFQjCNFLkZFAU7n8dSno2RIO8n fllzx g&sig2=ycth4lsqc4bvuss1lvobeg&bvm=bv ,d.dgy Encryption Providers Barracuda Symantec Trend Micro McAfee Encrypt Attachments Winzip, 7zip, Winrar Gmail How to easily encrypt with Virtru for free: Gmail, Hotmail, Outlook, Yahoo How to easily encrypt , Gmail, Hotmail, Outlook, Yahoo; Virtru is free, protects your digital privacy, and is so super easy to use. $2.50/mo plugins for chrome and Firefox open source free donate Smartphone Android to encrypt your android phone and why you might wantto/ Cloud e mail Non Profit Organization Resources Significantly reduced costs on software and information technology. File Sharing Box.com us/articles/ Box HIPAA and HITECH Overviewand FAQs Microsoft Office
34 Harbor Regional Center Service Provider Training July 27, 2015 Information Security & Electronic Document Management Systems Google Drive / Google Apps mplementation_guide.pdf google apps hipaa compliance least secure appsdocs/ Dropbox to maintain hipaa compliance with dropbox and box/ is not hipaa compliant/ your cloud tos/ 34
35 Information Security and EDMS 7/27/2015 1
36 Presentation Purpose Discuss how document management (DM) makes securing your documents easier. Examine some different approaches to document management using technology. Review ways document management can increase profits by reducing costs and increasing revenue. 2
37 Document Organization A document placed in the wrong folder is as good as gone. With full-text Optical Character Recognition (OCR) a document is never lost. A lost document is a security risk. You can t accidentally leave a document in a document management system laying around. Keeping your documents organized in a document management means you always know where they are. Easily purge documents that you are no longer required to keep. 3
38 Document Access File rooms and file cabinets are all or nothing. Document management allows access to be controlled down to the word. Grant access without the ability to destroy. Finely tailor access so that users have access to some information, but not unnecessary PHI or PII. Documents never have to leave the repository, so you can avoid the stolen laptop scenario. 4
39 Document Auditing With paper, or files in Windows, there s no way to tell who s doing what with your documents. DM auditing provides a complete record of the chain of custody for a document once it has entered the system. Failed access audits can expose potential malfeasance. 5
40 Document Backup You can t back up paper. Backing up documents stored in a document management system is simple and automated. Disaster recovery to ensure business continuity. 6
41 DM in Windows Get a scanner. Set up a file share. Require everyone to have a user account. Limit access to the share. Set up and enforce a document taxonomy. Set up backup. 7
42 DM with OneDrive for Business Some scanners can scan directly to OneDrive (e.g. Web Connect from Brother). Access anywhere. HIPAA standards compliant. Provides auditing. 8
43 DM with Laserfiche Granular security. Auditing. Automation. Easy scanning. Easy back-up with disaster recovery. HIPAA compliant. Access anywhere. 9
44 Improve Your Business The information you manage is fundamental to the processes that run your business. Audits are greatly simplified with document management. Make sure you are billing on time. 10
45 My Offer Are you interested in simplifying your document security and want to see how business improvements could help pay for the investment? Give me a half-hour of your time with the people in your organization who understand your business processes. I will give you a demo customized to your specific needs. 11
Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514
More informationStatement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationData Security Basics: Helping You Protect You
Data Security Basics: Helping You Protect You Why the Focus on Data Security? Because ignoring it can get you: Fined Fired Criminally Prosecuted It can also impact your ability to get future funding, and
More informationInformation Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT are the Guidelines? HOW is it to be done? WHY is it done? 1 WHAT are the guidelines O Be in compliance of Federal/State Laws O Federal: O HIPAA - 1996 O HITECH - 2009
More informationThe Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015
The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify
More informationData Security in a Mobile, Cloud-Based World
Data Security in a Mobile, Cloud-Based World Jacob Buckley-Fortin CEO ehana What we ll cover Trends Risks Recommendations 1 Trends Mobile Has Taken Over Trend #1 2 3 450 million users worldwide Adopted
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationInformation Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT are the Guidelines? HOW is it to be done? WHY is it done? 1 WHAT are the guidelines O Be in compliance of Federal/State Laws O Federal: O HIPAA 1996 2 3 WHAT are the
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationUniversity of Cincinnati Limited HIPAA Glossary
University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations
More informationData Security Considerations for Research
Data Security Considerations for Research Institutional Review Board Annual Education May 8, 2012 1 PRIVACY vs. SECURITY What s the Difference?: PRIVACY Refers to WHAT is protected Health information about
More informationIAPP Practical Privacy Series. Data Breach Hypothetical
IAPP Practical Privacy Series Data Breach Hypothetical Presented by: Jennifer L. Rathburn, Partner, Quarles & Brady LLP Frances Wiet, CPO and Assistant General Counsel, Takeda Pharmaceuticals U.S.A., Inc.
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationHIPAA Privacy and Security
HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More informationADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security
ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF Susan Blair Chief Privacy Officer Cheryl Granto Information Security Manager, UFIT Information Security RULES OF THE ROAD Information Highway Danger Zones
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationNetwork Security for End Users in Health Care
Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information
More informationSHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationCyber Security Best Practices
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
More informationMinistry of Children and Family Development (MCFD) Contractor s Information Management Guidelines
(This document supersedes the document previously entitled MCFD Contractor Records Guidelines) Ministry of Children and Family Development (MCFD) Contractor s Information Management Guidelines November
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationCertified Secure Computer User
Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationIRB, HIPAA, and Clinical Research
IRB, HIPAA, and Clinical Research A presentation by CHS Privacy and Security Offices UAB Institutional Review Board UAB Health System UAB/UABHS HIPAA Operations Team 1 Getting Started HIPAA 2 3 A Quick
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationthe American Recovery and Reinvestment Act of 2009
Policy Title: Policy Number: HIPAA Information 9.1.10 Security Category: Effective Date: Policy Owner: Information 10/01/2013 Sr. VP Academic Affairs Technology Prior Effective Date: & Provost N/A Sr.
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationBUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements
More informationHIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
More informationComputer Security at Columbia College. Barak Zahavy April 2010
Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationHIPAA Security Rule Changes and Impacts
HIPAA Security Rule Changes and Impacts Susan A. Miller, JD Tony Brooks, CISA, CRISC HIPAA in a HITECH WORLD American Health Lawyers Association March 22, 2013 Baltimore, MD Agenda I. Introduction II.
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationTriageLogic Information Security Policy
TriageLogic Information Security Policy What is HIPAA, and what information is protected by it? HIPAA, short for the United States Health Insurance Portability and Accountability Act, is a set of standards
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationNORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION. Division of Data, Research and Federal Policy July 29, 2013
NORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION Transmitting Private Information Electronically Best Practices Guide for Communicating Personally Identifiable Information by Email, Fax or Other Electronic
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationPresented by Dave Olsen, CPA, President
Presented by Dave Olsen, CPA, President My Frame of Reference 15 Years in Public Practice 11 Years in Tax & Accounting Software (20% of prof. e-files) 3 Year term on IRS ETAAC committee and Security Sub-Group
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationCertified Secure Computer User
Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The
More informationMust score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationHIPAA Privacy. September 21, 2013
HIPAA Privacy September 21, 2013 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff,
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationSUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices
SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information
More informationNC DPH: Computer Security Basic Awareness Training
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More information= AUDIO. The Importance of Mobile Device Management in HIT. An Important Reminder. Mission of OFMQ 12/9/2015
The Importance of Mobile Device Management in HIT Mario Cruz OFMQ Chief Information Officer An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906 0123. Step 2: Enter code 2071585#.
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationITS Policy Library. 11.06 - Device Encryption. Information Technologies & Services
ITS Policy Library 11.06 - Device Encryption Information Technologies & Services Responsible Executive: Chief Information Officer, WCMC Original Issued: July 15, 2008 Last Updated: November 21, 2014 POLICY
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
More informationBest Practices for Information Security
Best Practices for Information Security Suzanne Dmytrenko, Information Privacy Officer Email: suzanne@sfsu.edu. Ph: 415-338-2823 Mig Hofmann, Information Security Officer Email: mig@sfsu.edu. Ph: 415-338-3018
More informationPREP Course #23: Privacy and IT Security for Researchers
PREP Course #23: Privacy and IT Security for Researchers Presented by: Emmelyn Kim, Office of Research Compliance & Debbie Wright, Office of Corporate Compliance CME Disclosure Statement The North Shore
More informationDHHS Information Technology (IT) Access Control Standard
DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of
More informationHIPAA Compliance Issues and Mobile App Design
HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationBRIDGEVALLEY COMMUNITY & TECHNICAL COLLEGE OPERATING POLICY
BRIDGEVALLEY COMMUNITY & TECHNICAL COLLEGE OPERATING POLICY Effective Date Subject Number Page April 1, 2014 PROTECTING PERSONALLY IDENTIFIABLE INFORMATION (PII) B-OP-17-14 1 of 7 Supersedes/Supplements:
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationHIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as
HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the
More informationDRAFT National Rural Water Association Identity Theft Program Model September 22, 2008
DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)
More informationSenaca Shield Presents 10 Top Tip For Small Business Cyber Security
Senaca Shield Presents 10 Top Tip For Small Business Cyber Security Presented by Liam O Connor www.senacashield.com info@senacashield.com #Senacashield Small businesses need cyber security too. This slide
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationHIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
More informationNORTH CAROLINA COMMUNITY CARE INC. Privacy Policy Manual
NORTH CAROLINA COMMUNITY CARE INC. Privacy Policy Manual 0 Contents Contents... 1 Privacy Policy... 2 Privacy Official Policy... 3 Privacy Safeguards Policy... 5 Workforce Policy... 9 Business Associates
More informationIS-906: Awareness. Visual 1 IS-906: Workplace Security Awareness
IS-906: Workplace Security Awareness Visual 1 Course Administration Sign-in sheet Course evaluation forms Site logistics Emergency procedures Breaks Restrooms Cell phones/blackberrys Visual 2 Course Objectives
More informationGeneral Security Best Practices
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
More informationTopics. What are privacy and security all about? How can I protect confidential information? What should I do if I see a problem?
Federal: Privacy And Security 1 Topics What are privacy and security all about? What s confidential here? How can I protect confidential information? What should I do if I see a problem? How can I get
More informationComputer Security Incident Response Plan. Date of Approval: 23- FEB- 2015
Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...
More informationHIPAA Privacy and Information Security Management Briefing
HIPAA Privacy and Information Security Management Briefing Karen Pagliaro-Meyer Privacy Officer kpagliaro@columbia.edu (212) 305-7315 Soumitra Sengupta Information Security Officer sen@columbia.edu (212)
More information