New Uses for ROCKET: HIPAA Compliant Workspaces and Other Developments. Tara Helmer Research Services Consultant July 12, 2013

Transcription

1 New Uses for ROCKET: HIPAA Compliant Workspaces and Other Developments Tara Helmer Research Services Consultant July 12, 2013

2 What is ROCKET(Research, Organization, and Collaboration Knowledge Exchange Toolkit)? ROCKET is a web-based tool for sharing information and documents, allowing members of a workspace to collaborate by building and sharing web pages. ROCKET workspaces are meant to be dynamic and user-friendly, allowing for two-way sharing of information between members. ROCKET is also self-serving in that the members can edit and maintain the workspace per the needs of the group. Starting with a blank slate, members can add and organize files and images headers, text, dividers, and lists (bulleted, numbered, and checklists) tables as well as additional pages

3 Who can access ROCKET? Anyone! Any member of the Vanderbilt and Meharry communities (with a valid VUNet ID and password) can access ROCKET and create a workspace on StarBRITE. External users can access a workspace if they are added as a member by a Vanderbilt or Meharry workspace owner/admin. External users cannot create their own workspaces.

4 Access to Workspaces Anyone can access ROCKET and Anyone with a VUNet ID can create new Workspaces Access to Workspaces is managed in Workspace Membership Admins/Creators of a space can add new members and give them specific rights. The different user rights include: Admin Manage users on the workspace; has all user privileges(create/read/write/delete/sort), Can Lock pages, Can create Short URLs, Delete a Workspace for all users o Creators of a Workspace are an Admin by default o Only other Admins can remove an Admin s user rights Create - Add/create pages Read (default) Read-only view Write Create content on the pages; Can Clone workspaces to new workspaces, send Notifications to Workspace Members Delete - Delete pages within the workspace Sort - Sort pages in your workspace Table of Contents

5 Features on your Dashboard New PHI Safe Workspaces Receive and Manage notices from your Workspaces Manage Workspaces Your Dashboard provides a place to Create New, Search Workspaces, Organize Workspace, and receive Notifications. Note, notifications are messages sent from Workspaces. To guarantee you also receive these via , check the Send s option over your Notifications.

6 Use Case of ROCKET Workspaces The VICTR Studio Program Public (green) & Private (blue) Workspaces Workspace Tools

7 HIPAA Compliant Workspaces ROCKET is built so that creating, accessing, and sharing content can occur easily and efficiently. New HIPAA Workspaces now allow for users to apply this in sharing content in a way that PHI content is protected. The HIPAA Security Rule requires that workforce members adhere to controls and safeguards to ensure 1. Integrity of information the medical record must be accurate 2. Confidentiality The medical record should only be seen by those with a need to know and all uses of that data should be knowable by the individual. 3. Availability The medical record must be available, in essence, no reasonably avoidable downtime For additional information on VUMC information security policies and practices, visit the Info Security Page.

8 What are requirements needed to be HIPAA compliant? What does HIPAA cover? HIPAA covers the Privacy, Security and Enforcement rules of PHI. The Privacy and Security rules contain information on how one must treat PHI (whether it s electronic or not). The enforcement rules specify what happens if you don t (the penalties). Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ephi). Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption. Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations. Technical policies should also cover integrity controls, or measures put in place to confirm that ephi hasn t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact. Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ephi. This concerns all methods of transmitting data, whether it be , Internet, or even over a private network, such as a private cloud.

9 What are specific protections offered through ROCKET? Only invited users can access PHI Protected Workspaces, and thus download or access an information on the site. Numerous warning at various points in the space to remind users of their obligation to protect patient data ROCKET application only allows unique user IDs and includes measures for an emergency access procedure, automatic log off and encryption and decryption. Tracking logs exist in the application to best monitor behavior in the workspaces ROCKET team is easily able to recover any information placed on the Workspaces Additional measures within ROCKET prevent users from shared data on ROCKET to unauthorized users. Usual features such as exporting pages to and making pages public have been deactivated

10 Why might one what to use ROCKET to help protect patient information? Project teams are not physically located in the same place. Needing a single location to access information related to work as well as reviewed MRNs or Patient data relevant to the study/project Needing members to have immediate and returned access to the data, but also the need to expire access after a particular point(rocket allows admins to give access up to a specified expiration date if need be) Minimizing number of steps to access and the dispose of current available data for the work.

11 Getting Started: Creating a HIPAA Compliant Workspace New PHI Safe Workspaces Note, only Workspace Admins can make a workspace PHI Safe. Select Settings in the tool icon pop up.

12 Selecting PHI Protection By selecting the checkbox for PHI Protection, your workspace will be HIPAA compliant. Please note, this action can not be undone. Once you have selected the Workspace to be PHI protected, all pages in the workspace will be made private. You are given the option to move all public pages in the workspace to a new non-phi space if you would like.

13 Final Verification before activating the PHI status

14 HIPAA Compliant Workspaces Features not Available in HIPAA Compliant Workspaces: Copying Pages into Non-PHI protected workspaces Exporting content to Public Pages

15 Other Uses for HIPAA Compliant Workspaces Sharing Study Data across Multiple Institutions Multiple department collaborations PHI protected workspaces may be useful for teams for reason other than sharing PHI data.

16 Other Uses for ROCKET Fostering Multi-Institution Projects Grant Submission Collaboration Manuscript Development Committee Operations Planning Course Development and Communication Program/Project Management.

17 Example of a Workspace to Share information about Tools

18 Other ways to using Pictures in ROCKET One example of putting more than one image in block, is by placing more than one image in a file block you can illustrate instructions using screenshots.

19 Using ROCKET to Define Standards

20 Sticky Notes and How They Add in Editing Information

21 Manuscript Development Collect all the information in a quick and easy display for all Authors Can use creative ways to move/structure your pages to organize what content to consider

22 What s next? REDCap on ROCKET Templates ROCKET has evolved greatly in the past six months and this is largely due to suggestions and needs from its users. Please let us know using the Provide Feedback link what YOU would like in ROCKET so that ROCKET can continue to evolve.

23 Further Questions about ROCKET? In your ROCKET workspaces, there is a Provide Feedback and Report a Bug which will allow you to immediate let someone on the team know of any issues, questions, or suggestions you might have for the resource Or feel free to contact me at Jacqueline.Kirby@Vanderbilt.edu