1 HIPAA and Health Information Privacy and Security Revised 7/2014
2 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act
3 HIPAA Privacy and Security Rules were passed to protect patient privacy and secure electronic health information.
4 HIPAA Violations Are Serious! Penalties for HIPAA Violations: MCMH penalties: Range from employee suspension to termination. Federal and state penalties: Include possible criminal and/or civil penalties.
5 Examples of HIPAA Privacy Violations Throwing documents containing PHI in the trash Sending unencrypted containing PHI Leaving documents with PHI lying on a copier Letting your spouse know that you saw his/her friend in the ED today Discussing a patient s condition with a co-worker in the cafeteria lunch line or other public area Accessing patient records that you do not have any need to see Sharing patient information, such as a list, with outsiders Losing or misplacing mobile devices, such as a voice recorder, PDA, unencrypted USB drive, or CD that contain PHI
6 HIPAA Privacy and Security Privacy The right of each patient to protect the privacy of his or her health information Security MCMH must ensure that each patient s electronic health information is protected from unauthorized disclosure
7 HIPAA PRIVACY
8 What is PHI? Protected Health Information (PHI) is Any information, used alone or in combination with other information, that could identify an individual who is the subject of the information. Examples include name, date of birth, social security number, diagnosis, home town
9 PHI: Protected Health Information PHI includes any information connected to a patient PHI can be written, spoken or stored in a computer, on a thumb drive or CD, or faxed PHI SHOULD NOT BE LEFT unattended on printers or copiers, or face up on desks
10 Examples of PHI Name, Address Telephone Number, Fax Number Social Security Number All elements of dates (birth, admit, discharge, death dates) Diagnosis Medical Records Number, Account Number Health Plan Beneficiary Number
11 Includes but is not limited to: Protecting a Patient s Privacy Do not discuss patients in public Ensure that you discuss patient information only with authorized individuals Always dispose of patient information in locked containers or containers clearly marked for confidential documents, NEVER IN THE TRASH! Log off your computer when not in use Make sure all patient records are secured and safe before you leave your work space Never remove patient information from the work area Never send containing PHI or sensitive information, unless it is encrypted
12 What if I want to access my own PHI? Before accessing your record for the first time, you MUST go to Medical Records and sign a document which allows you to look at your own electronic medical record. If you wish to access a family member s record, they must authorize you by signing a document provided by Medical Records WARNING: MCMH audits unauthorized access, including unauthorized access to your own record
13 What if I want to access my own PHI? If you want to access your own records via the electronic records available in Meditech or LSS (EAR), you must: Have access to Meditech PCI and or EAR as part of your job You must sign a form available from Medical Records once
14 Accessing Records Other Than Your Own Other than when performing your job, accessing the record of another, such as a family member or friend, the person must: Sign a consent to release information to you and have it filed in Medical Records Individuals must consent yearly and file their consent in the Medical Records Department NOTE: YOU MAY NOT ACCESS THE RECORDS OF A SPOUSE FAMILY, OR FRIEND UNLESS THE ABOVE STEPS HAVE BEEN TAKEN.
15 PHI: Protected Health Information If patients do not trust us to keep their PHI safe They may not give us their complete health information (hide important health issues for fear someone may find out) They may not get treatment (don t want anyone to know they are having a procedure) They may pay hospital bills out of pocket to prevent insurance claims (don t want their employer to know their diagnosis)
16 Minimum Necessary Privacy Rule HIPAA requires healthcare workers to use the Minimum Necessary amount of information when accessing patient information to do their jobs efficiently and effectively and to provide quality care.
17 Your Responsibilities Regarding HIPAA Privacy Share and access only pertinent information when needed (Minimum Necessary) Understand departmental and organizational policies Protect the patients rights to privacy
18 Privacy at MCMH At MCMH, we standardize the process for release of Protected Patient Health Information (PHI) to reduce the risk of wrongful disclosures and to increase consumer confidence in the integrity of the organization as it relates to patient privacy. See your supervisor for details.
19 Information Security Information security is everyone s responsibility!
20 Information Security at MCMH includes compliance with the HIPAA Security Rule and other applicable federal and state laws.
21 Federal and State Laws Require that we protect a variety of personal information Health related patient information (HIPAA) Personal credit card and financial information Other information security laws that apply
22 What Does the HIPAA Security Rule Require? Ensure the confidentiality, integrity, and availability of all electronic Protected Health Information (PHI). Protect against reasonably anticipated threats or hazards to the security or integrity of electronic PHI Protect against reasonably anticipated unauthorized uses or disclosures. Ensure workforce compliance with the Rule.
23 ephi and Encryption Electronic PHI (ephi) includes any device or medium used to store, transmit or receive PHI electronically.
24 Where is our Electronic PHI? MEDITECH, LSS, OR+ Systems Nurse Call System Patient Monitoring Dictation Radiology Systems Any PC, laptop or tablet on which PHI is maintained Encrypted USB devices CDs Smart Phones Electronic transmission including , File Transfer (FTP)
25 Patient accounts Credit cards Additional Electronic Information Applications for payment plans Applications for payment plans Copies of income tax returns Rule of thumb: If you wouldn t want the information known to others or published publicly, neither would our patients and families
26 Understanding the Threats The Insider 75% of information systems security incidents are attributed to internal employees or contractors. ing PHI without encryption Accessing inappropriate websites Misusing or recording information improperly Opening and attachments from addresses you may not recognize or expect
27 Understand the Threats of the Internet to MCMH Network worms, viruses Spyware, sometimes contained in attachments or clickable web addresses Professional Cyber crime Exposures due to unsafe transmission of data Social Networking such as Facebook Instant Messaging (IM)
28 Phishing: Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity. If you receive an from an unknown origin, or from family, a friend, or employee that looks suspicious, please DO NOT open. Notify the I.S. Department. If you receive a phone call requesting you take a survey, or give out information about MCMH, DO NOT answer. MCMH does not participate in surveys.
29 Protecting Against Threats at MCMH No access to social networking, such as Facebook, is allowed. It is against hospital policy to circumvent IS security in order to access these sites Screen saver downloads and downloading of personal software and free ware is prohibited Certain sites are blocked in order to protect the security of the MCMH network No one should open an or attachment from a source unknown to you Beginning in July, 2010 always use Secure when sending confidential information
30 Using Secure Secure at MCMH allows employees to exchange confidential information securely over the Internet. If you need to exchange confidential information from your MCMH , type the word SECURE in the subject line AND DO NOT INCLUDE PHI IN THE SUBJECT LINE Your will be automatically encrypted Call the I.S. Help Desk at ext 5369 if you need help or have questions about using secure
31 Impact of Security Breaches Patient Impact Potential damage to individual patient reputation Inappropriate disclosure of patient information to the public MCMH Impact MCMH community reputation Resources spent fixing infected workstations Cost of recovery from identity theft Legal repercussions
32 HIPAA and Information Security Policies Understand Your Responsibilities! IS Security Responsibilities IS Security User Passwords IS Security Internet IS Security IS Security Workstation Use MCMH User Confidentiality and Security Agreement YOU ARE RESPONSIBLE FOR UNDERSTANDING YOUR RESPONSIBILITIES AND WILL BE HELD ACCOUNTABLE! All I.S. Security Policies are located on the Intranet.
33 Security Basics Reminder You are on the front-line when it comes to the security of MCMH information systems. Do not share passwords or leave them where others can find them. Do not leave any computer session open when not in use. Lock your computer. Do not cruise the Internet. Patient information is on a need to know basis Do not put ANY patient information in an unencrypted , on a social networking site, or on your Smart Phone (iphone, Blackberry etc) DO use encrypted for confidential information All system access with your ID is YOUR responsibility.
34 Password Guidance Do not re-use the last 12 passwords. Change your password at least every 90 days. User account locks after 3 failed attempts.
35 Internet Examples of Acceptable Use: Job related research, education, business activity and limited personal use are permitted. Examples of Unacceptable Use: Posting PHI or a patient s personal information on a website Sending unsecured containing PHI or personal information Visiting sites considered offensive, counterproductive, or that may degrade network performance. Accepting and forwarding jokes or cartoons
36 MEDITECH Inclusion of PHI is strongly discouraged because it can be copied and sent outside of MEDITECH. If you must, use minimum PHI necessary, sent to limited number of authorized recipients Internet CAUTION!!!! NEVER transmit unencrypted PHI or financial information through the Internet
37 Workstation Use Workstation use governed by the Workstation Use policy. Users are responsible for securing and backing up information that resides on the desktop Passwords are changed every 90 days in order to protect information All workstation applications must be approved for use by Information Systems PRIOR to purchase
38 Remote Access Requires user authentication. Always physically secure your laptop. PDA, or other mobile device when traveling! July 07, 2010 Conn. AG, Health Net Research Settlement Over Medical Data Breach On Tuesday, insurer Health Net reached a $250,000 settlement with Connecticut Attorney General Richard Blumenthal (D), who sued the company after it lost a computer hard drive in 2009, Dow Jones/Wall Street Journal reports. The hard drive contained medical and financial information on about 500,000 members from the state. (Solsman, Dow Jones/Wall Street Journal, 7/6).
39 Auditing Requirements HIPAA Privacy and Security rules require MCMH to perform regular audits of access to PHI. Other information audits may occur as needed Patients may request and review a record of who has accessed PHI. If MCMH is audited regarding a suspected HIPAA or other security violation, we must share audit records with federal, state and other officials.
40 Your Responsibilities Read and adhere to the IS Security Policies HIPAA Policy Packet and on the Intranet Sign the User Confidentiality and Security Agreement Report any potential HIPAA Security Violation MCMH IS Security Officer, Compliance Hotline, Management, IS Help Desk
41 And Finally. The Privacy/Security Golden Rule Put yourself in the shoes of the patient. Who would you want to know about your protected health information? Keep what you know to yourself and protect Keep what you know to yourself and protect patient privacy.
42 Questions? Please contact : Scott Burtchell Director, Information Systems Jeff Carr, IS Security Officer
Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
PROTECTING PATIENT PRIVACY and INFORMATION SECURITY 2 PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY 3 INTRODUCTION As an agency employee, student,
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
Annual HIPAA Security & Information Security Competency 1 General Information FISO- What is a FISO? Facility Information Security Officer Responsible for the physical protection and recovery of all electronic
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure
HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the
1 of 9 PURPOSE: To define standards for appropriate and secure use of MCG Health electronic systems, specifically e-mail systems, Internet access, phones (static or mobile; including voice mail) wireless
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance
HIPAA PRIVACY OVERVIEW OBJECTIVES At the completion of this course, the learner will be able to: Define the Purpose of HIPAA Define Business Associate Identify Patients Rights Understand the Consequences
PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PURPOSE The purpose of this policy is to describe the procedures by which Workforce members of UCLA Health System and David Geffen School of Medicine
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able
MEDITECH ACCESS REQUEST PHYSICIAN OFFICE STAFF This box is for IT use only. Lisa Linda Prov Dict Access Dictionaries PACS E-Sig agreement E-Sig PIN PD PIN 3-4 ID Emailed PK Emailed MUST sign: I have read
Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) is broad federal legislation that includes
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary
HIPAA Privacy September 21, 2013 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff,
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc firstname.lastname@example.org 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
Dear Colleague, This notice is to share some recent changes we ve made with our Student Onboarding Process. Effective October 1, 2014, our onboarding process is migrating from Public Safety to our Human
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
Reporting of HIPAA Privacy/Security Breaches The Breach Notification Rule Objectives What is the HITECH Act? An overview-what is Protected Health Information (PHI) and can I protect patient s PHI? What
HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security
Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency
ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF Susan Blair Chief Privacy Officer Cheryl Granto Information Security Manager, UFIT Information Security RULES OF THE ROAD Information Highway Danger Zones
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2
Bank of America Merrill Lynch White Paper HIPAA Compliance: Efficient Tools to Follow the Rules Executive summary Contents The stakes have never been higher for compliance with the Health Insurance Portability
Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
HIPAA AND COMPLIANCE LEARNING MODULE #2 For Clinical Students and Instructors HWCA- South Central- Southwest Member Clinical Sites HEALTH CARE WORKFORCE ALLIANCE Revised August 2011 Objectives 2 At the
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
HIPAA Privacy and Security Cindy Cummings, RHIT February, 2015 1 HIPAA Privacy and Security The regulation is designed to safeguard Protected Health Information referred to PHI AND electronic Protected
1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected
Privacy & Security of Patient Information 2010 S&W PRIVACY UPDATE This module is intended to review the policies and procedures of Scott and White that address the HIPAA Privacy Regulations. The module
University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations
Huseman Health Law Group 3733 University Blvd. West, Suite 305-A Jacksonville, Florida 32217 Telephone (904) 448-5552 Facsimile (904) 448-5653 email@example.com use e Health care law firm fighting
City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 Purpose and Intent The City of Boston recognizes the importance
To view the complete Information and Security Policies and Procedures, log into the Intranet through the IRSC.edu website. Click on the Institutional Technology (IT) Department link, then the Information
HIPAA Security Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH What is this? Federal Regulations August 21, 1996 HIPAA Became Law October 16, 2003 Transaction Codes and Identifiers
Audit Report AUDIT DEPARTMENT University Medical Center HIPAA Compliance June 2013 Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT COMMITTEE: Commissioner Steve Sisolak Commissioner Chris Giunchigliani
Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 4 Policy Title: Information Security Incident Response January 26, 2016 IDENT INFOSEC4 Type of Document:
Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
AMERICAN PSYCHOLOGICAL ASSOCIATION PRACTICE ORGANIZATION Practice Working for You The HIPAA Security Rule Primer Compliance Date: April 20, 2005 Printer-friendly PDF 1 Contents Click on any title below
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been