1 The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015
2 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify privacy laws, policies, guidance, and principles. Understand your role in protecting privacy and the consequences for violations. Define personally identifiable information (PII) and list examples. Protect PII in different contexts and formats. Recognize potential threats to privacy. Report a privacy incident.
3 Agenda Module 1: Introduction to Privacy Module 2: Protecting PII Module 3: Threats to PII and Reporting Module 4: Privacy References
4 Introduction to Privacy MODULE ONE
5 Objectives At the end of this module, you will be able to: Define privacy and understand the importance of privacy to the mission of HHS. Understand your role in protecting privacy and the consequences of a privacy violation. Identify privacy-related laws, guidance, and policies. Understand how privacy is put into practice.
6 What Is Privacy? Privacy is a set of fair information practices to ensure: Personal information is accurate, relevant, and current. All uses of information are known and appropriate. Personal information is protected. Privacy also: Allows individuals a choice in how their information is used or disclosed. Assures that personal data will be used and viewed for business purposes only. Enables trust between HHS and the American public.
7 Roles and Responsibilities As a member of the HHS workforce, you are responsible for following privacy policies and procedures. Privacy policies and procedures require you to: Collect, access, use, and disclose personal information only for reasons that are for a legitimate job function, support the mission of HHS, and are allowed by law. Safeguard personal information in your possession, whether it be in paper or electronic format. Properly dispose of documents containing PII. Shred papers; NEVER place them in the trash. Contact the IT Department for proper disposal of equipment like copy machines and computers. Report suspected privacy violations or incidents.
8 Possible Consequences of Privacy Violations Privacy violations have several possible consequences: Employee discipline. Fines. Criminal charges.
9 Key Privacy Laws Laws Privacy Act of 1974: Provides guidance for the collection, use, management, and disclosure of personal information. E-Government Act 2002, Title II and III: Requires federal agencies to assess impact of privacy for systems that collect information about members of the public. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule: Restricts use and disclosure of protected health information (PHI) and grants individuals access to records. Children s Online Privacy Protection Act (COPPA): Requires parental consent for certain Websites who knowingly collect personal information from children under the age of 13.
10 Key Privacy Guidance and Policy Mandates Policy Office of Management and Budget M-07-16: Requires safeguards for PII in electronic or paper format and policies and procedures for privacy incident reporting and handling. National Institutes of Standards and Technology (NIST) Special Publication , Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations: In Appendix J, NIST provides a structured, standardized set of privacy controls that all systems and organizations must address. HHS-OCIO , Policy for Responding to Breaches of Personally Identifiable Information: Establishes actions taken to identify, manage, and respond to suspected or confirmed incidents involving PII. Visit for a complete list of privacy guidance and policy.
11 Fair Information Practice Principles HHS has long been a major force in establishing and meeting high standards for privacy. In 1973, HHS* advanced the Code of Fair Information Practice which has served as a foundation for future federal privacy frameworks. Today, the framework most commonly employed asks that we think of privacy as having eight unique qualities. Privacy Framework** 1. Authority and Purpose 2. Accountability, Audit, and Risk Management 3. Data Quality and Integrity 4. Data Minimization and Retention 5. Individual Participation and Redress 6. Security 7. Transparency 8. Use Limitation * Formerly known as the Department of Health Education and Welfare (HEW) ** National Institutes of Standards and Technology Special Publication , Revision 4: Security and Privacy Controls for Systems and Organizations
12 Putting Privacy into Action Everyday, HHS employees support these principles and the commitment they represent. Framework Description Examples Authority and Purpose Accountability, Audit, and Risk Management Data Quality and Integrity HHS provides the purpose for which the PII is collected at the time of collection, how the PII will be used, and the authority that permits the collection of PII. Individuals have a clear understanding of their responsibilities for handling PII. Systems owners and program managers understand and are accountable for understanding the risks and responsibilities of handling PII in their systems and programs and report these appropriately. HHS uses PII that is accurate, relevant, timely and complete for the purposes for which it is to be used. Privacy Act Statements System of Records Notices in Federal Register Privacy Impact Assessments Privacy training and awareness PII updates records and seeks clarification from individuals (as needed) Data Minimization and Retention HHS collects PII that is directly relevant and necessary to accomplish the specified purpose(s) and that PII should only be retained for as long as necessary to fulfill the specified purpose(s) and in accordance with the National Archives and Records Administration (NARA) approved record retention schedule. Collecting minimum data on forms Redacting records Truncating data elements Records are maintained and destroyed per NARA guidance
14 Protecting PII MODULE TWO
15 Objectives At the end of this module, you will be able to: Define PII and identify common examples of PII in the workplace. Identify privacy considerations throughout the information life cycle. Know how to protect PII in different contexts and formats.
16 What is Personally Identifiable Information (PII)? information which can be used to distinguish or trace an individual's identity, such as their name, Social Security number (SSN), biometric records, etc. alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother s maiden name, etc... * * OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information.
17 Common Examples of PII Name Social Security number (SSN) Date of birth (DOB) Mother s maiden name Financial records address Driver s license number Passport number Health information
18 PII Considerations for the Information Life Cycle The Information Life Cycle defines how to handle data from inception to disposition. Protecting PII is important during each stage of the information life cycle: Data Collection or Creation: Gathering PII for use. Data Storage: Maintaining or storing PII. Data Usage: Using PII to accomplish a job function. Data Sharing: Disclosing or transferring PII. Disposition: Disposing of PII when no longer needed in accordance with record management requirements and organizational disposal policies.
19 PII Considerations for the Information Life Cycle (cont.) Is the PII part of a record that falls under the records retention schedule? Did you shred all papers containing PII? Did you give back unused equipment (e.g. computer, copiers, fax machines) to the IT Department for proper disposal? Are you allowed to collect the PII by law? Do you have a legitimate business need to collect the PII? Are you obtaining it in a safe manner so that it cannot be overheard or seen by others? Did you only request the minimum amount of PII to get the job done? Did you verify that the sharing is allowed? Have you verified that everyone that the PII is being shared with has a need to know? Did you share only the minimum amount of PII and follow disclosure procedures? Did you share using the appropriate safeguards (e.g., encryption)? Will you use the PII for the purpose it was provided? Are you only using the minimum amount of PII to get the job done? Are you accessing PII through secure and authorized equipment or connections? Did you secure documents and files that contain PII? Are you storing PII on only authorized portable electronic devices (i.e., work equipment)? Did you follow proper security procedures to secure the stored PII (e.g., encryption)?
20 Protect PII: Lock-It-Up Personnel are required to protect PII in their possession. 1 The following will help you keep PII safe from unintended use or disclosure. Physical Protection Lock your computer workstation (CTRL + ALT + DELETE). Lock up portable devices (e.g., laptops, cell phones). Remove the Personal Identity Verification (PIV) card when you are away from your computer. Lock up documents and files that contain PII. 1 See HHS Policy for Personal Use of Information Technology Resources
21 Protect PII: Protections in Transit Protect PII during transit. Encrypt s that contain PII. Use an authorized mobile device with encryption to store PII. Don t forward work s with PII to personal accounts (e.g., Yahoo, Gmail). Don t upload PII to unauthorized Websites (e.g., Wikis).
22 Protect PII: Protections During Travel When travelling, keep equipment and papers that contain PII in your possession. Do not place it in checked baggage or leave it in the trunk of a car. Avoid leaving it in a hotel room unsupervised (e.g., use hotel safe). Remember to pick up your laptop after the TSA security check at the airport.
23 Protect PII: Clean-It-Up Maintain a clean work environment. Don t leave documents that contain PII on printers and fax machines. Don t leave files or documents containing PII unsecured on your desk when you are not there.
24 Protect PII: Faxing Before faxing: Verify recipient s fax number prior to sending PII. Make sure someone authorized to receive the PII is there to receive the fax. Use a fax transmittal sheet. Receiving faxes: Quickly retrieve faxes transmitted to you. Secure faxes that have not been retrieved. If you are expecting a fax and have not received it, follow-up to ensure the sender has the correct fax number.
25 Protect PII: Mail Interoffice mail: Send in a confidential envelope. Follow-up to verify that the recipient received the information. Postal mail ( snail mail ): When possible, use a traceable delivery service (like UPS). Package in an opaque envelope or container. Double-check the recipient s address before sending. Encrypt .
26 Protect PII: Encryption Encrypt internal and external s that contain PII. Personal identity verification (PIV) and public key infrastructure (PKI) cards are the first choice for encryption. When that is not possible, visit for encryption alternatives. Encrypt files containing PII. Do not send the password in the same as the encrypted file. Give the password either in person, over the phone, or if necessary, send in a separate .
27 Protect PII: Telework There are special responsibilities for protecting PII during telework. You must follow standard security procedures when removing official records from the office, and have permission from your manager to transport, transmit, remotely access or download sensitive or classified information during telework. 1 Store sensitive information on authorized mobile devices or remote systems with appropriate safeguards (e.g., HHS encryption). 2 Remotely access sensitive information by using authorized methods (e.g., Virtual Private Network (VPN)). Work with your manager for approval and to ensure that your equipment has safeguards in place to protect sensitive information during telework. 1 HHS Telecommuting Program Policy 2 HHS-OCIO Policy for information Systems Security and Privacy (IS2P)
28 Protect PII: SSN Protections Employees that handle SSNs need to take extra precautions. Misuse of SSNs can put individuals at risk for identity theft. Employees should: Use the SSN only when it is required. Truncate or mask the SSN in systems or on paper printouts whenever possible. Disclose SSNs only to those that have a need to know and are authorized to receive the information. Documents containing SSNs should be locked up and put away so they are not left out when away from your desk. Identify and implement ways to eliminate the use of SSNs, when possible (e.g., removal from forms, assigning a randomly generated identifier).
29 Protect PII: Disposition Review records retention requirements prior to destroying information. Shred papers containing PII. Dispose of equipment by returning to the IT Department.
30 Protect PII: Beware of Phishing Phishing is an attempt to steal personal information. Most times it involves an , although other forms of communication can be used, which claims to be a legitimate business or person in an attempt to scam you into surrendering PII or downloading malicious software. Be suspicious of any that: You were not expecting to receive. Requests your PII (account numbers, SSN, username, passwords, birth date, etc.). Requires you to urgently take action (e.g., verify your account or log-in to prevent your account from being closed). Does not look like a legitimate business Website (e.g. logos look funny, spelling errors). Has a different URL than the one you are familiar. Contains a document that shuts down and re-launches after you open it.
31 Protect PII: Beware of Phishing (cont.) On the right, are some examples of phishing e- mails. Take the following actions if you believe you received an that is a phishing attempt: Do not respond to phishing s. Delete suspected phishing s. Do not open attachments in phishing s. Do not click hyperlinks in a phishing . Contact the Help Desk if you think you have responded to a phishing . From: Internal Revenue Service Sent: Wednesday, June 15, :45 PM To: Subject: IRS Notification - Please Read This From: Your Bank Sent: Friday, July 29, :45 PM To: Subject: Urgent - Your Account is Going to Expire. From: Your Manager Sent: Tuesday, July 26, :13 AM To: Subject: Check out these funney pickters!
32 Threats to PII and Reporting MODULE THREE
33 Objectives At the end of this module, you will be able to: Recognize an incident of privacy and identify common scenarios. Understand the effect of a privacy compromise. Report suspected incidents.
34 What is a Privacy Incident? the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar terms referring to situations where persons other than authorized users and for an other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic. * * OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information.
35 Common Scenarios Privacy incidents most often occur from: Loss, damage, theft, or improper disposal of equipment, media, or papers containing PII. Accidentally sending a report containing PII to a person not authorized to view the report or sending it in an unprotected manner (e.g., unencrypted). Allowing an unauthorized person to use your computer or credentials to access PII. Discussing work related information, such as a person s medical health records, in a public area. Accessing the private records of friends, neighbors, celebrities, or any other person when not authorized to do so. Any security situation that could compromise PII (e.g., virus, phishing , social engineering attack).
36 Effects of Compromised Privacy Loss of privacy threatens people and HHS. It can result in: Exploitation of an individual s health or financial status. Embarrassment or other harms to individuals. Damage to the reputation of HHS. Loss of trust between HHS and the public. Washington State system hacked, data of thousands at risk Chinese Hackers Infiltrate New York Times Computers Reuters, May 9, 2013 New York Times, January 30, 2013 Personal information stolen from Michigan Department of Community Health website The Detroit News, July 5, 2013
37 How to Report Do not investigate the incident on your own - immediately report suspected incidents that could compromise PII in any format (electronic, paper, or oral communications). Any employee can report an incident. You are not required to speak to your Manager before reporting an incident but should keep management informed when incidents occur. Report incidents to your OpDiv Computer Security Incident Response Team (CSIRT)/Incident Response Team (IRT). Contact information for each OpDiv can be found at: You can also report directly to the HHS CSIRC by or phone Agencies that share information on terrorism or counterintelligence are participating in what is known as the Information Sharing Environment (ISE). Prior to sharing information via the ISE, be sure you are aware of its specific privacy requirements. For questions about the ISE, contact the HHS Office of Security and Strategic Information (OSSI).
38 Privacy References MODULE FOUR
39 Privacy Points of Contact For specific privacy-related questions, contact: OPDIV Senior Official for Privacy (SOP) ( acy/index.html). Privacy Act Contacts ( ml#privacy).
40 Learn More Visit the HHS Cybersecurity Privacy page ( for more information on protecting PII and incident response. Visit the HHS Cybersecurity Privacy Resource Center ( for tips on how to protect PII at work and at home. Report a privacy incident to the OPDIV CSIRT ( or HHS CSIRC or
41 Course Summary You should now be able to: Define privacy and explain its importance. Identify privacy laws, policies, guidance, and principles. Understand your role in protecting privacy and the consequences for violations. Define PII and list examples. Protect PII in different contexts and formats. Recognize potential threats to privacy. Report a privacy incident.
Holiday Pay Changes Effective September 19 th Part Time Staff Earn 4 hours Holiday Pay Full Time Staff Earn 8 hours Holiday Pay Must be entered during applicable pay period Not eligible for retroactive
LEADERSHIP FOR IT SECURITY & PRIVACY ACROSS CMS ISPG-INFORMATION SECURITY and PRIVACY GROUP OFFICE OF THE CHIEF INFORMATION OFFICER The Centers for Medicare & Medicaid Services Information Systems Security
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
U.S. Department of Housing and Urban Development Office of Public and Indian Housing SPECIAL ATTENTION OF: NOTICE PIH-2014-10 Directors of HUD Regional and Field Offices of Public Housing; Issued: April
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
1 Your Agency Just Had a Privacy Breach Now What? Kathleen Claffie U.S. Customs and Border Protection What is a Breach The loss of control, compromise, unauthorized disclosure, unauthorized acquisition,
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
Fiscal Year 2015 Information Security for Executives Introduction Information Security Overview Information Security Policy and Governance Data Protection Security and Your Business Summary Appendix Information
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?
Page 1 of 19 Course 13 Topic: 01 Page: 01 Course Introduction 1 of 3 Introduction Text Description of Image or Animation Long Description: Animation. Welcome to the Course. The Department of Health & Human
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
AUGUST 16, 2013 Privacy Impact Assessment CIVIL PENALTY FUND AND BUREAU-ADMINISTERED REDRESS PROGRAM Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220
Iowa Health Information Network (IHIN) Security Incident Response Plan I. Scope This plan identifies the responsible parties and action steps to be taken in response to Security Incidents. IHIN Security
OFFICE OF THE SPECIAL COUNSELOR Privacy TSA MANAGEMENT DIRECTIVE No. 3700.4 To enhance mission performance, TSA is committed to promoting a culture founded on its values of Integrity, Innovation and Team
The Department of Health and Human Services Information Systems Security Awareness Training Fiscal Year 2015 Information Systems Security Awareness Introduction Information Security Overview Information
Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012 Mission of Pro Bono Partnership of Atlanta: To maximize the impact of pro bono engagement by connecting
Privacy 101 Awareness and Best Practices GPO Protection of Personally Identifiable Information (PII) National Institute Of Standards & Technology What is Privacy It is more than information security Privacy
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency
PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs The Identity Theft and Fraud Protection Act (Act No. 190) allows for the collection, use
Title: DPH Current Effective Date: September 22, 2003 Original Effective Date: April 14, 2003 Revision History: April 22, 2004 May 1, 2011 January, 2014 Purpose The purpose of the Division of Public Health
HIPAA Privacy September 21, 2013 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff,
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College
Information Security Training 2012 Authored by: Gwinnett Medical Center Information Security Department Modified for affiliated schools students & instructors by: Linda Horst, RN, BSN, BC Objectives After
NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides
General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information The following rules of behavior apply to all Department of Homeland Security
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
Information Security Section: General Operations Title: Information Security Number: 56.350 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE DATE OF POLICY.140
1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
Protecting Patient Privacy It s Everyone s Responsibility Observation & Student Learning Packet 1. Read packet Instructions for Self-Study Module 2. Complete post-test. A score of 80% must be achieved.
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
BRIDGEVALLEY COMMUNITY & TECHNICAL COLLEGE OPERATING POLICY Effective Date Subject Number Page April 1, 2014 PROTECTING PERSONALLY IDENTIFIABLE INFORMATION (PII) B-OP-17-14 1 of 7 Supersedes/Supplements:
Reporting of HIPAA Privacy/Security Breaches The Breach Notification Rule Objectives What is the HITECH Act? An overview-what is Protected Health Information (PHI) and can I protect patient s PHI? What
Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information
National Archives and Records Administration NARA 1608 August 6, 2009 SUBJECT: Protection of Personally Identifiable Information (PII) 1608.1 What is the purpose of this directive? This directive: a. Defines
Federal Trade Commission Privacy Impact Assessment for the: Secure File Transfer System June 2011 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc firstname.lastname@example.org 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
Introduction to The Privacy Act Defense Privacy and Civil Liberties Office dpclo.defense.gov 1 Introduction The Privacy Act (5 U.S.C. 552a, as amended) can generally be characterized as an omnibus Code
DECEMBER 20, 2013 Privacy Impact Assessment MARKET ANALYSIS OF ADMINISTRATIVE DATA UNDER RESEARCH AUTHORITIES Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
HIPAA Update Focus on Breach Prevention Objectives By the end of this program, participants should be able to: Identify top reasons why breaches occur Review the breach definition and notification process
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: email@example.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
1 PHI - Protected Health Information UNIVERSITY OF MICHIGAN HEALTH SYSTEM Updated 09/23/2013 2 Q: Is PHI the same as the medical record? A: No. protects more than the official medical record. Lots of other
VA Privacy and Information Security Awareness Course July 9, 2010 U.S. Department of Veterans Affairs Office of Information and Technology National IT Training Academy Table of Contents Introduction...
Hamilton College Administrative Information Systems Security Policy and Procedures Approved by the IT Committee (December 2004) Table of Contents Summary... 3 Overview... 4 Definition of Administrative
Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology
Brooklyn Community Services Policies and Compliance Guide relating to the HIPAA Security Rule June 2013 Table of Contents INTRODUCTION... 3 GUIDE TO BCS COMPLIANCE WITH THE HIPAA SECURITY REGULATION...
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice
PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PURPOSE The purpose of this policy is to describe the procedures by which Workforce members of UCLA Health System and David Geffen School of Medicine
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers