HELLO! I am Ashley Hall
|
|
- Nathaniel Horton
- 8 years ago
- Views:
Transcription
1 HELLO! I am Ashley Hall You can reach me at ashleyh@hscnv.com
2 Social Work in the 21 st Century: Practicing Efficiently and Ethically in Today s Digital Landscape
3 ABOUT ME BSW, MSW Data Analyst & Human Services Consultant Passion for Data (weird, I know!)
4 Introduction 1
5 Technology... is a queer thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ~C.P. Snow
6 Step 1: Scare the pants off of you! Overview of HIPAA as related to electronic data Overview of tech being used today and how it can be exploited Consequences of unsecured e-data WORKSHOP INTRODUCTION
7 WORKSHOP INTRODUCTION Step 2: Train you to fight How to use tech safely Safe and secure tech options
8 WORKSHOP INTRODUCTION Step 3: Use Tech Efficiently What can we use tech for? What are our options? Tech examples
9 Scare the Pants off of You 2
10 HIPAA & e-data
11 WHAT IS PHI? PHI, or Protected Health Information is individually identifiable health information that: (1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and (i) That identifies the individual; or (ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual. Source:
12 WHAT IS e-phi? e-phi, or electronic protected health information, is any PHI that is stored via electronic media.
13 HIPAA has a definition for that too! Electronic Media is: (1) Electronic storage material on which data is or may be recorded electronically, including, for example, devices in computers (hard drives) and any removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card; (2) Transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the Internet, extranet or intranet, leased lines, dial-up lines, private networks, and the physical movement of removable/transportable electronic storage media. Certain transmissions, including of paper, via facsimile, and of voice, via telephone, are not considered to be transmissions via electronic media if the information being exchanged did not exist in electronic form immediately before the transmission. Source: WHAT IS ELECTRONIC MEDIA?
14 PHI is identifiable health information TO SUM UP e-phi is identifiable health information that is stored via electronic media Electronic media is any data that is stored electronically (even copies of paper files) and/or is transmitted electronically (typically via an intranet, the internet, or private networks, etc.)
15 QUIZ TIME!!! Scenario 1 Jane the social worker has a paper file with case notes and identifiable health information on it. She needs to send it to a colleague who is taking over her case. She decides to just fax that data over. She puts the papers into the fax machine and hits the start button. Has Jane transmitted e-phi?
16 YES OR NO? Yes - the act of faxing a document automatically creates e-phi No - a fax does not create e-phi Maybe??
17 Does your office lease one of these? YES OR NO?
18 QUIZ TIME!!! Scenario 2 John the social worker scans copies of paper intake forms that he receives from clients. He stores these scans on his local computer and backs them up on an external hard drive. Is John storing e-phi?
19 YES OR NO? Yes - John has created e-phi No - since the forms that were scanned were paper forms, the definition of e- PHI does not apply
20 Agencies/Practitioners must: HIPAA AND e-phi SECURITY Ensure the confidentiality, integrity, and availability of all e-phi they create, receive, maintain or transmit; Identify and protect against reasonably anticipated threats to the security or integrity of the information; Protect against reasonably anticipated, impermissible uses or disclosures; and Ensure compliance by their workforce
21 WHAT TECHNOLOGY IS USED IN SOCIAL WORK PRACTICE? Agencies/Practitioners use: Office desktops/laptops/copiers/scanners Field laptop Computers Mobile devices (including cell phones and tablets) Cloud servers/services Technology provided or maintained by outside vendors Any others?
22 VULNERABILITIES IN TECHNOLOGY - THE OFFICE Hardware Damage Theft Leasing Software Outdated Nonexistent Network Unprotected No specified guest access Personnel (Including Vendors) Inadequate security process Inadequate security awareness Site Hazards for hardware Unreliable power source Organization Lack of audits Lack of plans
23 VULNERABILITIES IN TECHNOLOGY - IN THE FIELD Hardware (laptops) Damage Theft Leasing Software Outdated Nonexistent Network Unsecured (public) WIFI Inadequate training Personnel Inadequate security process Inadequate security awareness Site Hazards for hardware Unreliable power source Organization Lack of audits Lack of plans
24 VULNERABILITIES IN TECHNOLOGY - IN THE CLOUD Provider Not HIPAA compliant Unencrypted s Cloud Operations Free = not HIPAA compliant Uploading or downloading unencrypted data Personnel Inadequate security process Inadequate security awareness Organization BAA with cloud provider? Understanding of what cloud provider does with data it houses
25 QUICK DEFINITION - BAA So what is a BAA? A business associate agreement (BAA) is a contract between you and any vendor that has access to the PHI that you maintain. The contract protects PHI by ensuring that your business associates are in compliance with HIPAA
26 VULNERABILITIES IN TECHNOLOGY - OUTSIDE VENDORS A few notes on outside vendors An outside vendor is anyone who has access to, views, modifies, or analyzes client data These can be: consultants, service providers, IT companies, computer repair services, etc. If an outside vendor has access to PHI, a BAA needs to be signed, no exceptions
27 VULNERABILITIES IN TECHNOLOGY - OUTSIDE VENDORS Relationship Not HIPAA Compliant No BAA in place Inadequate Policy/Practice No audit of policy/practices done Security/Disaster Plan No security/disaster plan Security/disaster plan inadequate Communication Security Vendors send unencrypted data Vendors access cloud data via unsecured devices
28 VULNERABILITIES IN TECHNOLOGY - OUTSIDE VENDORS How prevalent is the problem of vendor HIPAA violations? According to HHS breach report, about 28% of data violations happened with a BAA present between 2009 and today. In Nevada, that percentage is about 38%. Source:
29 HIPAA VIOLATIONS - THE SCARY TRUTH First and foremost - HIPAA violations happen, at an alarming rate! HIPAA Violations - Tableau Public Source:
30 HIPAA VIOLATIONS - THE SCARY TRUTH The costs of a HIPAA violation should not be ignored! July 2015: $218,400 settlement with St. Elizabeth s Medical Center for using an internet-based document sharing application to store documents containing PHI Dec. 2014: $150,000 settlement with Anchorage Community Mental Health Services for malware compromising the security of its information technology resources Aug. 2014: $1,215,780 settlement with Affinity Health Plan, Inc. for failing to erase data contained in copier hard drives after returning them to a leasing agency Jan. 2013: $50,000 fine paid by The Hospice of North Idaho due to stolen laptop with unencrypted data. This case involved fewer than 500 patients View more examples at:
31 HIPAA VIOLATIONS - THE SCARY TRUTH Keep in mind You are liable for anything your employees do that violates HIPAA. Even stolen property is your responsibility While you may have a HIPAA compliant /cloud storage provider, that does not mean your data is protected in transit! You are even responsible for the actions of the vendors you work with When in doubt, assume it is your responsibility!!
32 QUIZ TIME!!! Scenario 1 Jane the social worker conducts home visits on a regular basis with youth clients. During these home visits she uses a laptop to teach certain skills. This laptop is also used to store individual client data. Jane was visiting three different clients one day and only needed the laptop for one of them. She left her laptop in her locked vehicle while visiting the first client. During the visit, Jane s vehicle was stolen. Did Jane violate HIPAA guidelines?
33 YES OR NO? Yes - client data was stored on the laptop and the theft of the device means the data has been compromised. No - the theft of the laptop was not Jane s fault and she took reasonable precautions to protect the data. Maybe?
34 QUIZ TIME!!! Scenario 2 John the social worker asks an IT company to come in and work on his broken computer located in his private practice. John is satisfied with the work the company has done and needs no ongoing IT maintenance. Six months later, John gets a notice of a HIPAA complaint - apparently the IT company stole information about a high-profile client from his computer and published it online. Did John violate HIPAA guidelines?
35 YES OR NO? Yes - John is responsible for all actions on the part of outside vendors. No - the theft and publishing is the vendor's fault, not his. Maybe?
36 QUIZ TIME!!! Scenario 2 Sally the social worker shares ephi with a team member working with a family. This data is shared via cloud storage in which a BAA is in place. Sally is informed by her IT manager that some of the data was intercepted via malware when she uploaded the data. Is Sally in violation of HIPAA guidelines?
37 YES OR NO? Yes - It is Sally s responsibility if her data was intercepted during upload, even if her computer was protected. No - the data was uploaded to a cloud service in which a BAA was in place. Maybe?
38 Train You to Fight 3
39 WHAT CAN YOU DO TO SECURE ephi? Note: We are going over the basics Consider talking to someone if you need help or are unsure: IT Professionals ISP Security Consultant
40 PROTECTING YOUR DATA - THE OFFICE Hardware Ensure hardware is somewhere safe and clean Backups are a must Software Ensure all software is updated regularly Network Ensure your network is protected and secured Personnel (Including Vendors) Ensure BAA is signed where applicable Request data security plan Site Protect hardware with surge protectors Use correct plugs Organization Audit your data security plan Continuously inspect and improve where needed
41 PROTECTING YOUR DATA - IN THE FIELD Hardware (laptops) Protect from damage Password protect and encrypt Software Update all software regularly Network Don t use public, unsecured WIFI networks without taking steps to secure your system Personnel Ensure all staff is trained and using passwords and encryption Site Make sure your mobile hardware is safe from the elements Be aware of the dangers of power surges Organization Plan and audit regularly
42 PROTECTING YOUR DATA - IN THE CLOUD Provider Ensure use of HIPAA compliant service Encrypt all s with client data Cloud Operations HIPAA Compliant Cloud storage Encrypt files Personnel Ensure all staff is trained and using passwords and encryption Organization BAA with Cloud provider a must Understand what is done with your data at every stage
43 PASSWORDS - THE FINER DETAILS Password vs. Passphrase Password = a word that you select as a code to open or unlock your computer, server, website, etc. Passwords typically don t have spaces Can be real words, fictional words, or any combination of both Example: AshleyISAwesome2015 Passphrase = like a password but much longer and contains spaces Can become closer to an encryption key than a password in terms of security May be known phrase or made up
44 PASSWORDS - THE FINER DETAILS When to use a passphrase For your computer login For your password database or password manager software Encryption When to use passwords On websites
45 PASSWORDS - THE FINER DETAILS How to select a password - from our friends at Microsoft! Is at least eight characters long. Does not contain your username, real name, or company name. Does not contain a complete word (use spaces if you are using a dictionary word) Is significantly different from previous passwords. Contains characters from each of the following four categories: uppercase letters, lowercase letters, numbers, and symbols found on the keyboard Source:
46 PASSWORDS - THE FINER DETAILS How to select a passphrase - from Micah Lee Avoid phrases from pop culture (To Be Or not to BE that is THE question) Consider Diceware Ensure the length of your passphrase is adequate. 1 word out of list of 7,776 words = 1 in 7,766 chance of guessing 2 words = 1 in 60,466,176 chance of guessing 7 words = 1 in 1,719,070,799,748,422,591,028,658,176 chance of guessing - it would take 27 million years to guess this! 7 random words is ideal Source:
47 UPDATES - THE FINER DETAILS Software updates aren t fun, especially when you run many different types of software on your machine. However, updates are essential as they often contain security patches based on new threats or discovered vulnerabilities. Long story short, update often.
48 BACKING UP - THE FINER DETAILS All data should be backed up at least twice Local backups are important to avoid problems like corrupted files or databases These can be stored on the same device as the original data, but in a special backup folder Backup folders should also be backed up in a separate location, such as the cloud, and external hard drive, or another computer in a different building I prefer to back up in the cloud AND on an external device Make sure backed up data is encrypted and password protected!
49 BAA S - THE FINER DETAILS Red Flags If your business associate has never heard of HIPAA or a BAA, consider training or additional steps to ensure protection of PHI If your business associate does not have a BAA for you to sign, consider asking for copies of data security plans and policies It is always a good idea to have your own BAA!
50 PUBLIC WIFI - THE FINER DETAILS Public WIFI is always a risk - but there are ways that you can use this necessary tool safely Turn off sharing on your computer Enable your firewall Use HTTPS and SSL where possible Use a Virtual Private Network Paid service Takes some time and effort to setup and could require software and licensing When in doubt, don t use public wifi for accessing or uploading secured data Turn off WIFI when you aren t using it When in doubt, just don t do it.
51 ENCRYPTION - THE FINER DETAILS Encryption does not have to be scary or complicated! Encryption protects files from unauthorized access such as a stolen computer, but also from someone stealing your data in transit (i.e., when an is sent or when a file is uploaded to the cloud. You can encrypt for free, either with free software or extensions - this typically requires a password created by you and shared with the recipient of your /files and typically requires the recipient to have an extension or be directed to a secure location to download the file Or you can pay for services that handle the encryption and /cloud storage security for you
52 Use Technology Efficiently and Safely 4
53 USING TECHNOLOGY IN YOUR PRACTICE Yes, technology is vulnerable, and yes, security can be complicated. But technology can make life easier for. You Your staff and your clients
54 USING TECHNOLOGY IN YOUR PRACTICE So what can technology be used for in social work? Client data management and workload/workforce data management Financial data management Communication Project/program management Collaboration - internal and external
55 USING TECHNOLOGY IN YOUR PRACTICE And where do we find tech to help with these tasks? Outside Vendors Easy and managed by professionals Typically includes some sort of reporting Not for everyone - expense Homegrown Solutions If you hire someone to develop software, keep up on it! Don t get swept up by fancy products - basic software can sometimes do the same job Out-of-the-box solutions Database software Case management software
56 USING TECHNOLOGY IN YOUR PRACTICE So what are some examples of software that can be used? Training Lynda.com Youtube! Survey software SuveyMonkey Qualtrics Google Forms Collaboration Google Apps Trello - online collaboration tool JoinMe Organizational EventBrite - event planning and attendee management Social Media - marketing and event planning/organizing Tableau Public - communicating data Out-of-the-box solutions Zengine - database software FAMcare - case management software Microsoft Products (Access, Excel)
57 USING TECHNOLOGY IN YOUR PRACTICE And which common software options are safe for ephi? Google Apps - only paid service and only after signing a BAA Dropbox - Not HIPAA Compliant but can be if used in conjunction with outside software Sookasa, BoxCryptor, Vivo, Cloudfogger Paubox Microsoft OneDrive - HIPAA compliant with BAA Box - HIPAA compliant with BAA icloud - Does not offer BAA REMEMBER! Even with HIPAA compliant storage or collaboration options, you still have to take steps to encrypt files for transmission and storage. Consider software such as BoxCryptor and others to help with this task.
58 USING TECHNOLOGY IN YOUR PRACTICE HIPAA compliant and cloud storage with encryption in the background? YES PLEASE! HIPAA Compliant with seamless encryption This incoming was seamlessly encrypted by Paubox Learn about Paubox today HIPAA compliant cloud storage with 256-bit AES (Advanced Encryption Standard) encryption at rest and in transit No extra software - send and received s, upload files to the cloud, all without any additional steps Can be used as a wrap-around service if you are already using business platforms like Microsoft Exchange, Office 365 & Google apps
59 USING TECHNOLOGY IN YOUR PRACTICE Cloud and communication services make possible or enhance: File sharing and storage Collaboration and communication Organization and productivity Client interactions
60 USING TECHNOLOGY IN YOUR PRACTICE Technology Examples In these brief videos you will see the following tech options being used: Cloud applications Online meeting software Collaboration software
61 USING TECHNOLOGY IN YOUR PRACTICE - GOOGLE APPS Google Apps:
62 USING TECHNOLOGY IN YOUR PRACTICE JOIN ME Join Me:
63 USING TECHNOLOGY IN YOUR PRACTICE - TRELLO Trello:
64 WRAPPING IT UP I hope I didn t scare you too badly The threat is real Data breaches cost money Just because you are a small agency, does not make you immune to cyber dangers I hope you gained useful insight into tools you can use to protect e-phi Planning and foresight can help Adequate policies and training are a must When in doubt, seek consultation I hope that you are now aware of ways in which technology can be our friend Technology is an amazing thing It can streamline and speed up our work It can eliminate time and space limitations
65 You cannot endow even the best machine with initiative; the jolliest steam-roller will not plant flowers. ~Walter Lippmann
66 THANKS! Any questions? You can find me at
67 CREDITS Special thanks to all the people who made and released these awesome resources for free: Presentation template by SlidesCarnival Photographs by Unsplash
SENDING HIPAA COMPLIANT EMAILS 101
White Paper SENDING HIPAA COMPLIANT EMAILS 101 THE SAFEST WAYS TO SEND PHI 2015 SecurityMetrics Sending HIPAA Compliant Emails 101-1 SENDING HIPAA COMPLIANT EMAILS 101 THE SAFEST WAYS TO SEND PHI HIPAA
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationDSHS CA Security For Providers
DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public
More informationNetwork Security for End Users in Health Care
Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationElectronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security
Electronic Communication In Your Practice How To Use Email & Mobile Devices While Maintaining Compliance & Security Agenda 1 HIPAA and Electronic Communication 2 3 4 Using Email In Your Practice Mobile
More informationC.T. Hellmuth & Associates, Inc.
Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More informationHIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationHIPAA Requirements for Data Security
HIPAA Requirements for Data Security Dennis Schmidt, HIPAA Security Officer UNC School of Medicine March, 2012 What does HIPAA Compliant Mean? It depends! The HIPAA Security Rule does not give many specific
More informationHIPAA: Bigger and More Annoying
HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationSUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices
SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationMust score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
More informationCyber Security Best Practices
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
More informationHIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
More informationBSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
More informationSchool of Nursing Research Seminar. Data Security in The Academic Health Center. Presented By Jon Harper AHC Information Systems
School of Nursing Research Seminar Data Security in The Academic Health Center Presented By Jon Harper AHC Information Systems 1 Overview of AHC-IS and Supported Services Provide desktop support to ~8500+
More informationHave you ever accessed
HIPAA and Your Mobile Devices Not taking the appropriate precautions can be very costly. 99 BY MARK TERRY Alexey Poprotskiy Dreamstime.com Have you ever accessed patient data offsite using a laptop computer,
More informationPreparing for the HIPAA Security Rule
A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions
More informationINFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationHIPAA Security Training Manual
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationData Security Basics: Helping You Protect You
Data Security Basics: Helping You Protect You Why the Focus on Data Security? Because ignoring it can get you: Fined Fired Criminally Prosecuted It can also impact your ability to get future funding, and
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationManagement and Storage of Sensitive Information UH Information Security Team (InfoSec)
Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationHIPAA Security. assistance with implementation of the. security standards. This series aims to
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationHIPAA COMPLIANCE AND
INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery
More informationefolder White Paper: HIPAA Compliance
efolder White Paper: HIPAA Compliance October 2014 Copyright 2014, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within
More informationHIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013
Office of the Secretary Office for Civil Rights () HIPAA Enforcement Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services December 18, 2013 Presentation Overview s investigative
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationHealthcare Compliance Solutions
Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human
More informationHIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014
HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding
More informationHow To Protect Your Health Care From Being Hacked
HIPAA SECURITY COMPLIANCE GUIDE May 9, 2005 FOR PIONEER EDUCATORS HEALTH TRUST. PIONEER EDUCATORS HEALTH TRUST HIPAA Security Introduction Various sponsoring employers (referred to collectively as the
More informationContents. Instructions for Using Online HIPAA Security Plan Generation Tool
Instructions for Using Online HIPAA Security Plan Generation Tool Contents Step 1 Set Up Account... 2 Step 2 : Fill out the main section of the practice information section of the web site.... 3 The next
More informationProtecting Privacy & Security in the Health Care Setting
2013 Compliance Training for Contractors and Vendors Module 3 Protecting Privacy & Security in the Health Care Setting For Internal Training Purposes Only. After completing this training, learners will
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationWhen HHS Calls, Will Your Plan Be HIPAA Compliant?
When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationCyber Security Awareness
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
More informationEncrypting Personal Health Information on Mobile Devices
Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Number 12 May 2007 Encrypting Personal Health Information on Mobile Devices Section 12 (1) of the Personal Health Information Protection
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationHIPAA Training Part III. Health Insurance Portability and Accountability Act
HIPAA Training Part III Health Insurance Portability and Accountability Act POLICIES & PROCEDURES Goals Learn simple ways to protect information. Learn how to continually give training. Learn how to continually
More informationHow To Understand The Health Insurance Portability And Accountability Act (Hipaa)
Common HIPAA Risks & The New HITECH Final Rule Eric W. Humes 1 What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to protect the privacy of patient
More informationData Security Considerations for Research
Data Security Considerations for Research Institutional Review Board Annual Education May 8, 2012 1 PRIVACY vs. SECURITY What s the Difference?: PRIVACY Refers to WHAT is protected Health information about
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationCyber Security Awareness
Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationOCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationOCR Reports on the Enforcement. Learning Objectives
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationThe CIO s Guide to HIPAA Compliant Text Messaging
The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationHIPAA Requirements and Mobile Apps
HIPAA Requirements and Mobile Apps OCR/NIST 2013 Annual Conference Adam H. Greene, JD, MPH Partner, Washington, DC Use of Smartphones and Tablets Is Growing 2 How Info Sec Sees Smartphones Easily Lost,
More informationReporting of HIPAA Privacy/Security Breaches. The Breach Notification Rule
Reporting of HIPAA Privacy/Security Breaches The Breach Notification Rule Objectives What is the HITECH Act? An overview-what is Protected Health Information (PHI) and can I protect patient s PHI? What
More informationAssessing Your HIPAA Compliance Risk
Assessing Your HIPAA Compliance Risk Jennifer Kennedy, MA, BSN, RN, CHC National Hospice and Palliative Care Organization HIPAA Security Rule All electronic protected health information (PHI and EPHI)
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationSECURING YOUR REMOTE DESKTOP CONNECTION
White Paper SECURING YOUR REMOTE DESKTOP CONNECTION HOW TO PROPERLY SECURE REMOTE ACCESS 2015 SecurityMetrics SECURING YOUR REMOTE DESKTOP CONNECTION 1 SECURING YOUR REMOTE DESKTOP CONNECTION HOW TO PROPERLY
More informationCyber Security: Beginners Guide to Firewalls
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationHealthcare Compliance Solutions
Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and
More informationReferences NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household
This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of
More informationRFG Secure FTP. Web Interface
RFG Secure FTP Web Interface Step 1: Getting to the Secure FTP Web Interface: Open your preferred web browser and type the following address: http://ftp.raddon.com After you hit enter, you will be taken
More informationHIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP
HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationPotential Liability for HIPAA Violations: A Primer
Potential Liability for HIPAA Violations: A Primer Wednesday, March 23, 2016 Presented By the IADC Medical Defense and Health Law Committee and In-House and Law Firm Management Committee Welcome! The Webinar
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationSix Steps Healthcare Organizations Can Take to Secure PHI on Mobile Devices
Six Steps Healthcare Organizations Can Take to Secure PHI on Mobile Devices As an IT professional for a covered entity in the heavily regulated health care field, you no doubt worked hard building a secure
More informationHIPAA Security Overview of the Regulations
HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.
More informationThe 2014 Bitglass Healthcare Breach Report
The 2014 Bitglass Healthcare Breach Report Is Your Data Security Due For a Physical? BITGLASS REPORT Executive Summary When hackers break into U.S. hospital health records to steal patient data, it s a
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationKeeping Data Safe. Patients, Research Subjects, and You
Keeping Data Safe Patients, Research Subjects, and You How do hackers access a system Hackers Lurking in Vents and Soda Machines By NICOLE PERLROTH APRIL 7, 2014 New York Times SAN FRANCISCO They came
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More informationCyber Security Beginners Guide to Firewalls A Non-Technical Guide
Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.
More informationTHE SECURITY OF HOSTED EXCHANGE FOR SMBs
THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available
More information