EMBEDDING PRIVACY INTO ELECTRONIC HEALTH RECORDS. Manuela Di Re Associate Director of Legal Services Information and Privacy Commissioner of Ontario
|
|
- Shana Gilmore
- 8 years ago
- Views:
Transcription
1 EMBEDDING PRIVACY INTO ELECTRONIC HEALTH RECORDS Manuela Di Re Associate Director of Legal Services Information and Privacy Commissioner of Ontario
2 Presentation Outline 1. Definitions 2. Need to Protect Privacy of Individuals Personal Health Information 3. The Promise of Electronic Health Records 4. The Peril of Electronic Health Records 5. Consequences if Inadequate Attention Paid to Privacy 6. Privacy Issues in the Design of Electronic Health Records 7. Privacy Issues in the Transition to Electronic Health Records
3 Definitions Electronic Health Record An electronic record of the health and of the care and treatment provided to an individual that integrates information provided by multiple providers of health care to the individual Electronic Medical Record An electronic record used by one health care provider or facility that includes information about the care and treatment provided only by that one health care provider or facility Personal Health Record An application that allows individuals to create, review, annotate or maintain a record in respect of their own care and treatment
4 The Need to Protect the Privacy of Individuals Personal Health Information The need to protect the privacy of individuals personal health information has never been greater given the: Extreme sensitivity of personal health information Greater number of individuals involved in the delivery of health care to an individual Increased portability of personal health information Emphasis on information technology and electronic exchanges of personal health information Need to use or disclose health information for secondary purposes seen to be in public interest
5 The Promise of Electronic Health Records Facilitate provision of more efficient and effective health care and improve the quality of diagnosis and treatment Readily accessible by all health care providers involved in the health care of an individual regardless of their location More complete than paper records which are spread over a range of health care providers Easier to read and locate than paper records and require less space and fewer administrative resources to maintain Can be designed to enhance privacy i.e. access controls, audit logs, encryption and user authentication
6 The Peril of Electronic Health Records If privacy is not built into the design, electronic health records pose unique risks to the privacy of individuals and to the security of personal health information Allow for the collection, use and disclosure of massive amounts of personal health information from diverse sources May attract hackers and others with malicious intent, including health care providers who would otherwise be permitted to access these systems but who access the information for other than health care purposes Once information is in electronic format it is easy to transfer to portable devices and removed from a secure location
7 Order HO-002- Unauthorized Access A patient told a hospital that her estranged husband and his girlfriend were employees and that she did not want them to know she was a patient Following discharge the patient became concerned, following a conversation with her estranged husband, that he was aware of her personal health information The complainant filed a complaint and the hospital placed a VIP flag on her electronic record of personal health information and ordered an audit The girlfriend, a nurse who was not involved in the health care of the patient, viewed the electronic record of personal health information on numerous occasions
8 Order HO-010- Unauthorized Access A patient complained to a hospital that an employee of the hospital inappropriately accessed the patient s records of personal health information The employee of the hospital was the former spouse of the patient s current spouse An audit revealed that the records of the patient were accessed by the employee on six separate occasions The employee was not involved in providing or assisting in providing health care to the patient
9 Orders HO-004, HO-007 and HO Portable Devices The Information and Privacy Commissioner of Ontario has issued three orders in the context of portable devices: Order HO-004 Theft of a laptop containing the unencrypted personal health information of 2,900 individuals Order HO-007 Loss of a USB memory stick containing the unencrypted personal health information of 83,524 individuals Order HO-008 Theft of a laptop containing the unencrypted personal health information of 20,000 individuals
10 The Peril of Paper-Based Records Paper-based and electronic records each have their own unique privacy and security risks and vulnerabilities Breaches also occur with paper-based records of personal health information due to the failure to: Retain records securely (i.e. abandoned records) Securely dispose of records (i.e. records found in dumpsters) Transfer records in a secure manner resulting in improper collection, use and disclosure (i.e. misdirected faxes)
11 Order HO-001 A medical clinic hired a company to shred records of personal health information dated between Due to a misunderstanding, the records were given to a recycling company instead of being shredded The recycling company sold the records to a special effects company and were used in a film shoot
12 Order HO-006 Employees of a laboratory placed records of personal health information in boxes designated for recycling as opposed to that designated for shredding The boxes designated for recycling were located immediately beside boxes designated for shredding The records of personal health information were found scattered on the street outside the laboratory
13 Consequences If Inadequate Attention Paid to Privacy If inadequate attention is paid to privacy, this may result in: Discrimination, stigmatization and psychological or economic harm to individuals based on the information Individuals may be deterred from seeking information, testing or treatment for certain medical conditions Individuals may withhold or falsify information provided Loss of trust or confidence in the public health system and damage to the reputation of the health care provider Significant time and resources expended in dealing with privacy breaches The costs associated with legal liabilities and proceedings
14 Risks Can be Minimized Through Concept of Privacy by Design Privacy and security risks can be minimized by carefully considering privacy and security implications during the design and implementation of electronic health records Privacy by Design is a term developed by the Information and Privacy Commissioner of Ontario to build privacy up front into design specifications and the architecture of systems and business processes On October 29, 2010 regulators from around the world unanimously passed a landmark resolution recognizing Privacy by Design as an essential component of fundamental privacy protection at the annual assembly of International Data Protection and Privacy Commissioners
15 Some Privacy Issues to be Addressed in Designing Electronic Health Records What personal health information will be included in electronic health records? Will individuals be able to withhold their consent from having their personal health included in electronic health records? Will the personal health information be included subject to the right of individuals to mask their personal health information? How will individuals be uniquely identified? What type of masking will be available all-or-nothing, encounter based, field based, provider based, etc.? Under what conditions can personal health information be unmasked? Which health care providers will have access, what information will different health care providers have access to and for what purposes?
16 Some Privacy Issues to be Addressed in Designing Electronic Health Records Will health care providers be required to satisfy certain criteria prior to being granted access to the electronic health record? - What criteria must be satisfied? - Who will be responsible for determining the criteria? - Who will be responsible for ensuring the criteria is satisfied? Who will be responsible for auditing access to electronic health records? With what frequency will audits be conducted? Will secondary uses and disclosures of personal health information in electronic health records be permitted? - Under what conditions? - Who will be responsible for determining the conditions? - Who will be responsible for ensuring the conditions are satisfied?
17 Some Privacy Issues to be Addressed in Designing Electronic Health Records Governance structure for sharing duties and responsibilities for privacy and security, including identifying accountability for: - Developing privacy and security policies and procedures? - Auditing compliance with these policies and procedures? - Conducting privacy and security audits? - Receiving and responding to requests for access? - Receiving and responding to requests for correction? - Receiving and responding to privacy inquiries? - Receiving, investigating and responding to privacy complaints? - Investigating and remediating privacy and security breaches? - Notifying individuals of privacy and security breaches? Mechanism by which the governance structure for electronic health records will be codified i.e. in legislation and/or agreements
18 Privacy Issues in the Transition to Electronic Health Records Personal health information may be most vulnerable when transitioning to electronic records given: Not fully trained on electronic system Electronic system may not be fully functional or privacy and security features may be turned off or set to minimal protection Conversion of paper records to electronic format may require frequent access to the records by larger numbers of individuals Records may be duplicated in paper and electronic format, thereby increasing the volume of records requiring protection The need to dispose of paper records in a secure manner The Information and Privacy Commissioner of Ontario, along with Dr. Peter Rossos, published a toolkit to manage privacy issues raised in transitioning from paper-based to electronic health records
19 Addresses measures such as: Obtaining necessary security expertise Educating and training agents Implementing access controls Implementing the use of strong passwords Auditing access to electronic records Privacy Issues in the Transition to Electronic Health Records Managing the retention, transfer and disposal of paper-based records Drafting or updating policies and procedures, such as policies and procedures with respect to: Transferring personal health information to portable storage devices Auditing access to electronic health records Identifying, containing, notifying, investigating and remediating privacy and security breaches or suspected breaches
Brian Beamish. Commissioner (Acting) Ontario Information and Privacy Commission. Cyber Risk National Conference February 9, 2015
Preventing Privacy Breaches and Building Confidence in Electronic Health Records Brian Beamish Commissioner (Acting) Ontario Information and Privacy Commission Cyber Risk National Conference February 9,
More informationAnn Cavoukian, Ph.D.
Protecting Privacy in an Era of Electronic Health Records Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Barrie and Community Family Health Team Royal Victoria Hospital Georgian College
More informationWhat s New in Access, Privacy and Health Care. Brian Beamish Commissioner. Ontario Connections May 21, 2015
What s New in Access, Privacy and Health Care Brian Beamish Commissioner Ontario Connections May 21, 2015 The Three Acts The IPC ensures compliance with: o Freedom of Information and Protection of Privacy
More informationIndividuals affected by the breach How many individuals are affected by the breach? Who was affected by the breach: employees, public, contractors, clients, service providers, other organizations? Foreseeable
More informationHOT!! Privacy Issues:
September, 2015 HOT!! Privacy Issues: Handle with care................... Micheal Harding Legislative & Policy Analyst Legislative Unit Manitoba Health, Healthy Living and Seniors By the end of 2016, the
More informationApplying the legislation
Applying the legislation GUIDELINE Information Privacy Act 2009 Privacy breach management and notification A privacy breach occurs when there is a failure to comply with one or more of the privacy principles
More informationWhat to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER
What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1
More informationAdministrative Procedures Memorandum A1452
Page 1 of 11 Date of Issue February 2, 2010 Original Date of Issue Subject References February 2, 2010 PRIVACY BREACH PROTOCOL Policy 2197 Management of Personal Information APM 1450 Management of Personal
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationDetecting and Deterring Unauthorized Access to Personal Health Information
Detecting and Deterring Unauthorized Access to Personal Health Information TABLE OF CONTENTS Introduction... 1 The Benefits and Risks of Electronic Records... 3 The Impact of Unauthorized Access... 5
More informationTHE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK
THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction
More informationReport of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:
Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal
More informationPrivacy Breach Protocol
& Privacy Breach Protocol Guidelines for Government Organizations www.ipc.on.ca Table of Contents What is a privacy breach? 1 Guidelines on what government organizations should do 2 What happens when the
More informationPersonal Information Protection Act Information Sheet 11
Notification of a Security Breach Personal Information Protection Act Information Sheet 11 Introduction Personal information is used by organizations for a variety of purposes: retail and grocery stores
More informationPRIVACY BREACH POLICY
Approved By Last Reviewed Responsible Role Responsible Department Executive Management Team March 20, 2014 (next review to be done within two years) Chief Privacy Officer Quality & Customer Service SECTION
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationAccess & Correction Policy
EHR Policies Table of Content 1. Access & Correction Policy.. 2 2. Assurance.. 14 3. Consent Management Policy.. 27 4. Inquiries and Complaints Policy.. 39 5. Logging and Auditing Policy... 51 6. Privacy
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationAnnual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance
Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Information Privacy and IT Security & Compliance The information in this module in addition to the
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationProcedure for Managing a Privacy Breach
Procedure for Managing a Privacy Breach (From the Privacy Policy and Procedures available at: http://www.mun.ca/policy/site/view/index.php?privacy ) A privacy breach occurs when there is unauthorized access
More informationPersonal Information Protection and Electronic Documents Act
PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationCyber Risk in Healthcare AOHC, 3 June 2015
Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan, Senior Healthcare Risk Management and Data Specialist James Penafiel, Underwriting Supervisor, Insurance Operations CFPC Conflict of Interest -
More informationHIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals
HIPAA New Breach Notification Risk Assessment and Sanctions Policy Incident Management Policy For breaches affecting 1 3 individuals +25 individuals + 500 individuals Focus on: analysis documentation PHI
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationSCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND
More informationIntroduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI
Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved
More informationThis procedure is associated with BCIT policy 6700, Freedom of Information and Protection of Privacy.
Privacy Breach No.: 6700 PR2 Policy Reference: 6700 Category: Information Management Department Responsible: Privacy and Records Management Current Approved Date: 2012 May 01 Objectives This procedure
More informationTable of Contents. Acknowledgement
OPA Communications and Member Services Committee February 2015 Table of Contents Preamble... 3 General Information... 3 Risks of Using Email... 4 Use of Smartphones and Other Mobile Devices... 5 Guidelines...
More informationPACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )
PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,
More informationGuidance on data security breach management
Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction
More informationPOLICY STATEMENT 5.17
POLICY STATEMENT 5.17 DENTAL RECORDS 1 (Including ADA Guidelines for Dental Records) 1. Introduction 1.1 Dentists have a professional and a legal obligation to maintain clinically relevant, accurate and
More informationProcedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom
Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom
More informationRecord Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario
Record Keeping Guide to the Standard for Professional Practice 2013 College of Physiotherapists of Ontario March 7, 2013 Record Keeping Records tell a patient s story. The record should document for the
More informationHow To Manage Records And Information Management In Alberta
8. RECORDS AND INFORMATION MANAGEMENT Overview This chapter is intended to help public bodies understand how good records and information management practices assist in the effective administration of
More informationPersonal Information Protection and Electronic Documents Act (PIPEDA)
Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring
More informationDartmouth College Merchant Credit Card Policy for Processors
Mission Statement Dartmouth College Merchant Credit Card Policy for Processors Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the
More informationNew HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010
New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,
More informationAn Executive Overview of GAPP. Generally Accepted Privacy Principles
An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business
More informationData Loss Prevention Program
Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional
More informationThe United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),
MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE OFFICE OF THE DATA PROTECTION COMMISSIONER OF IRELAND ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL
More informationJeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM
Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL
More informationGuidance on data security breach management
ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...
More informationElectronic Health Record Privacy Policies
Electronic Health Record Privacy Policies Table of Contents 1. Access and Correction Policy v1.1 2. Assurance Policy v1.1 3. Consent Management Policy v1.2 4. Inquiries and Complaints Policy v1.1 5. Logging
More informationPrivacy and Security Incident Management Protocol
Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated health information that enables sound policy and effective
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationDHS Data Privacy & Integrity Advisory Committee 07 May 2007. Comments of the. DHS Data Privacy & Integrity Advisory Committee
DHS Data Privacy & Integrity Advisory Committee 07 May 2007 Comments of the DHS Data Privacy & Integrity Advisory Committee Regarding the Notice of Propose Rulemaking For Implementation of the REAL ID
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationData Security Breach Management - A Guide
DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process
More informationPERSONAL INFORMATION PROTECTION ACT Breach Notification Decision. BrandAlliance Inc. (Organization) P2016-ND-26 (File #002391) February 17, 2016
PERSONAL INFORMATION PROTECTION ACT Breach Notification Decision Organization providing notice under section 34.1 of PIPA Decision number (file number) Date notice received by OIPC Date Organization last
More informationMohawk DI-r: Privacy Breach Management Procedure Version 2.0. April 2011
Mohawk DI-r: Privacy Breach Management Procedure Version 2.0 April 2011 Table of Contents 1 Purpose... 3 2 Terminology... 5 3 Identifying a Privacy Breach... 5 4 Monitoring for Privacy Breaches... 6 5
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationDATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff
DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has
More informationIssue #5 July 9, 2015
Issue #5 July 9, 2015 Breach Response Plans by Lyndsay A. Wasser, CIPP/C, Co-Chair Privacy Privacy breaches can occur despite an organization s best efforts to prevent them. When such incidents arise,
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationStatement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationBy the end of this course you will demonstrate:
1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More information8.03 Health Insurance Portability and Accountability Act (HIPAA)
Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of
More informationHIPAA Privacy and Security
HIPAA Privacy and Security Cindy Cummings, RHIT February, 2015 1 HIPAA Privacy and Security The regulation is designed to safeguard Protected Health Information referred to PHI AND electronic Protected
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationThe Importance of collecting Personal Information
Ottawa Valley Veterinary Professional Corporation Personal Information Policy Introduction The Personal Information Protection and Electronics Documents Act ( PIPEDA ) is a federal legislation which came
More informationEncrypting Personal Health Information on Mobile Devices
Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Number 12 May 2007 Encrypting Personal Health Information on Mobile Devices Section 12 (1) of the Personal Health Information Protection
More informationHIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
More informationBest Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP
Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII
More informationAssessing Risk in Social and Behavioral Sciences
Tracy Arwood, MS Clemson University Sangeeta Panicker, PhD American Psychological Association Assessing Risk in Social and Behavioral Sciences Assessing Risk in Social and Behavioral Sciences Content Authors
More informationOwnership, Storage, Security and Destruction of Records of Personal Health Information STANDARD OF PRACTICE S-022 INTENT DESCRIPTION OF STANDARD
Quality Assurance Committee Approved by Council: February 11, 2014 Amended: September 20, 2014 *(formerly Guideline G-017) Note to readers: In the event of any inconsistency between this document and the
More informationThe Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationState of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY
State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY Effective December 15, 2008 State of Illinois Department of Central Management Services Bureau
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security
More informationHIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations
HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations Health Care Litigation Webinar Series March 22, 2012 Spence Pryor Paula Stannard Jason Popp 1 HIPAA/HITECH
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationIMAX CORPORATION PROTOCOL FOR REPORTING SUSPECTED VIOLATIONS OF THE IMAX CODE OF ETHICS. (Whistle Blower Program)
IMAX CORPORATION PROTOCOL FOR REPORTING SUSPECTED VIOLATIONS OF THE IMAX CODE OF ETHICS (Whistle Blower Program) November 2004 (updated February 2012) PROTOCOL FOR REPORTING SUSPECTED VIOLATIONS OF THE
More informationPrivacy & Security Standards to Protect Patient Information
Privacy & Security Standards to Protect Patient Information Health Insurance Portability & Accountability Act (HIPAA) 12/16/10 Topics An An Introduction to to HIPAA HIPAA Patient Rights Rights Routine
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationArizona Medical Information Exchange Proof Of Concept. Privacy & Security Policy Manual version 1.0
Arizona Medical Information Exchange Proof Of Concept Privacy & Security Policy Manual version 1.0 September 29, 2008 Chapter 100 Introduction Table of Contents... 2 Chapter 100 Introduction... 4 101:
More informationSecurity Compliance, Vendor Questions, a Word on Encryption
Security Compliance, Vendor Questions, a Word on Encryption Alexis Parsons, RHIT, CPC, MA Director, Health Information Services Security/Privacy Officer Shasta Community Health Center aparsons@shastahealth.org
More informationBCS IT User Syllabus IT Security for Users Level 2. Version 1.0
BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4
More informationPersonal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1
Personal Information Protection Act ( PIPA ) Tips for Protecting Customers Personal Information 1 More than ever before, retailers have to be prepared to deal with customers who ask questions about the
More informationISEC Seminar : Protecting Personal Data in the Electronic Media Personal Data Security @ JPMorgan Micky Lo March 2007 1 Agenda Data Theft Incidence & Industry Figures Threats and Vulnerabilities Data Protection
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationWhen HHS Calls, Will Your Plan Be HIPAA Compliant?
When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this
More informationHow To Ensure Your Office Meets The Privacy And Security Requirements Of The Health Insurance Portability And Accountability Act (Hipaa)
HIPAA - Privacy And Security Audit For Provider Practices THIS IS A MODEL AUDIT. IT WILL NEED TO BE CHANGED TO MEET THE PARTICULAR NEEDS AND CIRCUMSTANCES OF ANY TRUSTED SOURCES DEVELOPING AN AUDIT. The
More informationHelpful Tips. Privacy Breach Guidelines. September 2010
Helpful Tips Privacy Breach Guidelines September 2010 Office of the Saskatchewan Information and Privacy Commissioner 503 1801 Hamilton Street Regina, Saskatchewan S4P 4B4 Office of the Saskatchewan Information
More information