Alphabet Soup - GLBA, FERPA and HIPAA: Security Best Practices
|
|
- Lambert Lee Stewart
- 8 years ago
- Views:
Transcription
1 Alphabet Soup - GLBA, FERPA and HIPAA: Security Best Practices (Session ID: 152) Maureen Carver, Assistant Dean and Registrar, Law School, Villanova University Rita Garner, Registrar, Medical College of Georgia Joann Wilson-Singleton, Registrar, Harvard University-School of Public Health
2 Gramm-Leach Bliley Act Joann Wilson-Singleton
3 Agenda What is the Gramm-Leach Bliley Act (GLB)? How does the GLB impact Student Services (SS)? What assessments have been made? What actions are needed on the part of SS staff? Resources, Discussion, Questions
4 What is the Gramm-Leach Bliley Act (GLB)? GLB is a federal law enacted to protect the security of personally identifiable, non-public, financial information particularly in the banking industry. However, this applies to all institutions that provide financial services (It was ruled in 2003 that GLB applies to Higher Education). Financial activities include servicing loans, safeguarding money, providing financial advice, and collecting consumer debt. Protect customer s non-public personal information (information collected that can be paralleled with bank-like activities). Emergency loan Tax Information Check Processing Loan Processing Promissory Notes
5 Why is GLB Important? For starters: We must ask, how would we want our personal information handled? With the rapid growth of technology, identity theft has become the fastest growing crime. Every 79 seconds a thief steals someone's identify, opens an account and goes on a buying spree. CBSnews.com
6 What does GLB require? Identify and assess the risk to customer information. Design and implement a safeguard program. Monitor the implementations and make adjustments as needed. Have a written plan that illustrates actions that will be taken should data be compromised. Ensure that outside venders understand and comply with GLB.
7 Key Concepts in SS Assessments and Risks Although confidentiality is assumed under FERPA, GLB is broader and requires more scrutiny. Paper flow personal financial information is locked in room/suites, but not in filing cabinets Computer vulnerabilities- (unmonitored) passwords security locking workstation when unattended data stored in the c: drive or on the network personal data that is transmitted via Accessibility who should have access are people that should not have access able to view confidential data who do we determine that we can discuss this information with and where SS should have formal training, and written policy that incorporates security regarding technology, confidentiality and access
8 Improvement Plans Papers containing personal information should be kept in a locked filing cabinet overnight. Not locking this data, allows data to be accessible to nonaffiliated staff that should not have access (ie: maintenance/security). Keys should be kept in a safe place-not in the open. Lock computer workstations when left unattended. Password protected screen-saver should default after 15 min.
9 Improvement Plan Cont. SS offices should assess paper-flow and determine document expiration dates. An annual clean-up date should be designated s with SSN should be sent as attached excel (password protected documents). All papers containing personal information that are no longer needed should be SHREDDED. Checks should be kept in a locked area overnight. Card Swipes Security Keys for Secured Areas.
10 Improvement Plan Cont. Formal Training on FERPA and GLB will be provided by departments: New employees should be notified in their 1 st week of confidentiality and SS policy. (this includes temps) Current staff should notified of new policy implementation. A Security Agreement should be signed by staff with access to SS data via systems or files. Revisit progress at all-staff meetings (assess best practices).
11 Best Practices Storing records in a secure place Providing secure data transmission Disposing of customer information in secure manner Monitoring to ensure that improper disclosure or theft is not occurring
12 Resources Gramm-Leach Bliley Act FERPA
13 FERPA The Family Educational Rights and Privacy Act of 1974 Presenter: Maureen O Mara Carver Assistant Dean for Student Records and Registrar Villanova University School of Law
14 What Are Education Records Under FERPA? Education records are defined as records that are: Directly assigned to a student and Maintained by an educational agency or institution or by a party acting for the agency or institution
15 What Are NOT Education Records Under FERPA? Education records are NOT : Sole possession records Law enforcement unit records Employment records Medical records or Post-attendance records
16 What Happens If a College Does Not Comply With FERPA? The Department of Education may issue a notice to cease the practice complained of and could ultimately withhold funds administered by the Secretary of Education.
17 DIRECTORY INFORMATION Information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed. It includes but is not limited to, the student s name, address, telephone listing, electronic address, photograph, date and place of birth, major field of study, dates of attendance, grade level, enrollment status (e.g., undergraduate or graduate; full-time or part-time), participation in officially recognized activities and sports, weight and height of members of athletic teams, degrees, honors and awards received, and the most recent educational agency or institution attended.
18 NON-DIRECTORY INFORMATION Items that can never be designated and disclosed as directory information are a student s: social security number, gender, religious preference, grades, and GPA.
19 TRUE OR FALSE? Faculty have the right to inspect and review the education records of any student.
20 TRUE OR FALSE? A faculty member has posted grades of all the students in his class outside his office. This is a violation of FERPA.
21 TRUE OR FALSE? A state institution in Pennsylvania must respond to a subpoena received from the Supreme Court of California.
22 TRUE OR FALSE? Health records, maintained at the Student Health Center, are education records, subject to FERPA.
23 TRUE OR FALSE? Student representatives on committees (e.g. honors, curriculum, etc.) have the right to see other students education records during the deliberations of that committee if they have been designated as school officials.
24 FOOD FOR THOUGHT I offer another unrelated suggestion to bar admissions authorities. That is a modification of the release form signed by applicants to address the requirements of the Family Educational Rights and Privacy Act (FERPA), often referred to as the Buckley Amendment. Bar admissions authorities routinely have applicants sign a release of information held by a laundry list of agencies, including the applicant s law school. When bar admissions authorities request a copy of an applicant s law school application or other information from a law school, they accompany the request with a copy of the applicant s signed release. I have yet to see a bar admissions release that, in my opinion, satisfies FERPA s release requirements. This puts the law school in the position of choosing between its obligation to assist the bar admissions authority and its obligations under FERPA; a violation of the latter can conceivably result in loss of federal funds for the school s parent institution. I have mentioned this problem at national meetings on bar admission, but as yet to no avail. In order to protect my law school, I now have matriculants sign a form during orientation that releases the school from any liability under FERPA for providing information to bar admissions authorities. Because professional licensing of various types is extremely important to the protection of society, an amendment to FERPA to protect institutions that provide information to professional licensing entities is advisable. Absent that, bar admissions authorities should be able to develop a release form that would protect law schools from FERPA claims. The bar admissions process is vitally important to the legal profession. As deans, we should take seriously our role in this gatekeeping process, and I believe we do. Better cooperation between law schools and bar admissions authorities and more attention to specific details of our interrelationship would benefit both and, in turn, the legal profession and the public we serve. * Dean and Professor of Law, University of South Dakota School of Law.
25 Where Can I Get More Information Regarding FERPA? Family Policy Compliance Office U.S. Department of Education 400 Maryland Avenue, SW Washington, DC Phone: (202) FAX: (202) ferpa@ed.gov Web:
26 HIPAA Security (Health Insurance Portability and Accountability Act) Rita B. Garner, Registrar Medical College of Georgia
27 What is HIPAA? Health Insurance Portability and Accountability Act of 1996 August 21, 1996 Improve the portability and continuity of Health Insurance Make Health Care industry more efficient
28 What is HIPAA? (cont.) Simplify the administration of health insurance. Give patients more control over Protected Health Information (PHI)
29 What is PHI? Names Geographic Data Dates Phone numbers Fax numbers addresses SSN Medical Record # Driver s License # Finger & Voice images Full face photographic images and comparable images
30 Health Insurance Portability and Accountability Act (HIPAA) Portability [Insurance Reform] Accountability [Administrative Simplification] Transactions, Code Sets & Identifiers Privacy Security
31 Privacy VS Security WHAT is protected - Health information about an individual Who is permitted access, use or disclosure of the information HOW information is protected Insuring privacy by controlling access to information and protecting it from inappropriate disclosure and accidental or intentional destruction or loss.
32 Security Administrative Procedures Physical Safeguards Technical Safeguards
33 Administrative Procedures Ensure the following exist: Security Plans Policies and Procedures Contractual Agreements Training
34 Physical Safeguards Workstation Location Physical Device Security Laptop computer vs. Desk Top computer
35 Technical Safeguards Strong password policy Reset Password Lock out Auto Logoff Firewall Location of data storage (server or PC) File encryption (VPN)
36 Password Protection Standards Change passwords at least once every 90 days. Do not write down passwords. Do not store passwords on-line without encryption.
37 Password Protection Standards Do not use the same password for all accounts (e.g., personal ISP account, on-line banking, , etc.). Do not share passwords with anyone, including administrative assistants, your boss, co-workers or family members. Don't reveal a password over the phone or in .
38 Password Protection Standards Don't hint at the format of a password (e.g., "my family name"). Don't reveal a password on questionnaires or security forms. Don't use the "Remember Password" feature of applications (e.g., GroupWise, Instant Messenger, Internet Explorer, Firefox).
39 Security Highlights All workforce members must receive security awareness training Establish policies and procedures that allow access to electronic PHI on a need-to-know basis Workstations must contain proper security mechanisms to ensure the data is protected. Limit physical access to facilities that contain electronic PHI Implement audit controls that record and examine who has logged into information systems that contain PHI Establish and enforce sanctions to all workforce members who don t follow security P&P s
40 References paa/index.asp
41 QUESTIONS? Rita B. Garner, Registrar Medical College of Georgia Joann Wilson-Singleton, Registrar Harvard School of Public Health Maureen O Mara Carver Assistant Dean for Student Records and Registrar Villanova University School of Law Carver@law.villanova.edu
Security of Student Information: Family Educational Rights and Privacy Act (FERPA)
Security of Student Information: Family Educational Rights and Privacy Act (FERPA) FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT The Family Educational Rights and Privacy Act of 1974, as amended ("FERPA")
More informationPII Personally Identifiable Information Training and Fraud Prevention
PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationWhat is FERPA? This act is enforced by the Family Policy Compliance Office, U.S. Department of Educational, Washington, D.C.
What is FERPA? The Family Educational Rights and Privacy Act of 1974 (FERPA), as amended (also referred to as the Buckley Amendment), is a Federal law designed to protect the confidentiality of a student
More informationLANDER UNIVERSITY STUDENT INFORMATION SECURITY AND PRIVACY PROCEDURE
founded in 1872 LANDER UNIVERSITY Office of Information Technology Services LANDER UNIVERSITY STUDENT INFORMATION SECURITY AND PRIVACY PROCEDURE 2012 REVISION TABLE OF CONTENTS I. PRIVACY.....................................................
More informationStatement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
More informationValdosta Technical College. Information Security Plan
Valdosta Technical College Information Security 4.4.2 VTC Information Security Description: The Gramm-Leach-Bliley Act requires financial institutions as defined by the Federal Trade Commision to protect
More informationBERKELEY COLLEGE DATA SECURITY POLICY
BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data
More informationHIPAA Training for Hospice Staff and Volunteers
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
More informationHow To Protect Data At Northeast Alabama Community College
Information Systems Security Policy Northeast Alabama Community College Center for Information Assurance Northeast Alabama Community College 138 AL Hwy 35, Rainsville, AL 35986 (256) 228-6001 1 5/22/2014
More informationTest Yourself on FERPA
Test Yourself on FERPA The Family Educational Rights and Privacy Act of 1974 (also known as the Buckley Amendment) CCS Office of the Registrar 1 Review: basic student FERPA rights 1. Right to inspect and
More informationInformation Security Awareness Training Family Educational Rights and Privacy Act (FERPA)
Information Security Awareness Training Family Educational Rights and Privacy Act (FERPA) The FERPA training packet is part of the Information Security Awareness Training that must be completed by employees.
More informationTHE CITY UNIVERSITY OF NEW YORK FERPA RELEASE FORM PERMISSION FOR ACCESS TO EDUCATIONAL RECORDS
THE CITY UNIVERSITY OF NEW YORK FERPA RELEASE FORM PERMISSION FOR ACCESS TO EDUCATIONAL RECORDS This form allows students to grant third parties, including parents, access to their educational records
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationIvy Tech Community College of Indiana
Ivy Tech Community College of Indiana POLICY TITLE Family Educational Rights and Privacy Act (FERPA) POLICY NUMBER 3.6 (Former APPM 3.4) PRIMARY RESPONSIBILITY Student Affairs CREATION / REVISION / EFFECTIVE
More informationHIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete
More informationSpring 2016. 23 Invoices for Spring will be available 15 Installment Plan 3 of 5 due by 5 p.m.
Spring 2016 Payment Deadlines Frequently Asked Questions Tuition and Fee Rates Payment Plans Refund Information December March 23 Invoices for Spring will be available 15 Installment Plan 3 of 5 due by
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationHamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)
Hamilton College Administrative Information Systems Security Policy and Procedures Approved by the IT Committee (December 2004) Table of Contents Summary... 3 Overview... 4 Definition of Administrative
More informationHIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
More informationCollege of DuPage Information Technology. Information Security Plan
College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data
More informationINFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security
INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security State Fair Community College shall provide a central administrative system for use in data collection and extraction. Any system user
More informationInformation Security Policy
Information Security Policy Introduction The purpose of the is policy is to protect Rider University information resources from accidental or intentional unauthorized access, modification, or damage and
More informationKentucky Wesleyan College Policy & Procedure Manuals - Student Information Privacy
Kentucky Wesleyan College Policy & Procedure Manual Student Information Privacy Policy Approval: President Policy Type: College Policy Owner: Registrar Responsible Office: Registrar Revision History Approval
More informationC.T. Hellmuth & Associates, Inc.
Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.
More informationHealth Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationInformation Security Policy
Information Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED
More informationPatient Privacy and HIPAA/HITECH
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationYoung Scholars of Central Pennsylvania Charter School 1530 Westerly Parkway State College, PA 16801. 2015-2016 School Year
Young Scholars of Central Pennsylvania Charter School 1530 Westerly Parkway State College, PA 16801 2015-2016 School Year Annual Notification of Rights under Family Educational Rights and Privacy Act (FERPA)
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationHIPAA Education Level One For Volunteers & Observers
UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationHIPAA: Bigger and More Annoying
HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL
More informationIndex .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY
Information Security Section: General Operations Title: Information Security Number: 56.350 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE DATE OF POLICY.140
More informationHIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
More informationGramm Leach Bliley Act. GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007
Gramm Leach Bliley Act 15 U.S.C. 6801-6809 6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007 1 Objectives for GLBA Training GLBA Overview Safeguards Rule
More informationPII = Personally Identifiable Information
PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationInformation Systems Security Policy
Information Systems Security Policy University of South Alabama Computer Services Center University of South Alabama 5840 USA Drive South 251-460- 6161 5/19/2014 Outline 1 Introduction... 2 Data Retrieval
More informationHIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING
HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationUNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY
PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment
More informationHIPAA Privacy & Security Training for Clinicians
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
More information8.03 Health Insurance Portability and Accountability Act (HIPAA)
Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of
More informationIdentity Theft and Data Protection
Identity Theft and Data Protection As keepers of student, faculty, and staff information, we as an institution are obligated and regulated by state and federal laws to protect certain pieces of information.
More informationPrivacy and Information Security Awareness Training. Health Insurance Portability & Accountability Act of 1996 -- HIPAA
Privacy and Information Security Awareness Training Health Insurance Portability & Accountability Act of 1996 -- HIPAA Objectives Understand basic HIPAA requirements Understand how the MCG Health System
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationCREDIT CARD PROCESSING & SECURITY POLICY
FINANCE AND TREASURY POLICIES AND PROCEDURES E071 CREDIT CARD PROCESSING & SECURITY POLICY PURPOSE The purpose of this policy is to establish guidelines for processing charges/credits on Credit Cards to
More informationMetropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031
The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More informationA California Business Privacy Handbook
A California Business Privacy Handbook April 2008 This brochure is for informational purposes and should not be construed as legal advice or as policy of the State of California. If you want advice in
More informationHIPAA Orientation. Health Insurance Portability and Accountability Act
HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the
More informationUNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C
UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationSCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY
SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationAudit Report. University Medical Center HIPAA Compliance. June 2013. Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT DEPARTMENT
Audit Report AUDIT DEPARTMENT University Medical Center HIPAA Compliance June 2013 Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT COMMITTEE: Commissioner Steve Sisolak Commissioner Chris Giunchigliani
More informationElectronic Data Security: Designing Good Data Protection Plans
Electronic Data Security: Designing Good Data Protection Plans Dean Gallant Harvard University FAS Assistant Dean for Research Policy and Administration & Executive Officer, Committee on the Use of Human
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Policy Number: 04.75.12 Issuing Authority: Office of the Vice President for Computer and Financial Services, and Chief Information Officer Responsible
More informationM E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General
M E M O R A N D U M To: From: IT Steering Committee Brian Cohen Date: March 26, 2009 Subject: Revised Information Technology Security Procedures The following is a revised version of the Information Technology
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationHIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013
HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com
More informationHIPAA OVERVIEW ETSU 1
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationPrivacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues
Doing Business in Oregon Under the Oregon Consumer Identity Theft Protection Act and Related Privacy Risks Privacy Data Loss www.breachblog.com Presented by: Mike Porter March 10, 2009 2 Privacy Data Loss
More informationProtecting Patient Privacy It s Everyone s Responsibility
Protecting Patient Privacy It s Everyone s Responsibility Observation & Student Learning Packet 1. Read packet Instructions for Self-Study Module 2. Complete post-test. A score of 80% must be achieved.
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationInformation Security Manager Training
Information Security Manager Training Kent Swagler CCEP Director, Corporate Compliance Direct line (314) 923-3097 Cell (314) 575-8334 kswagler@metrostlouis.org Information Security Manager Training Overview
More informationHEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationHIPAA PRIVACY OVERVIEW
HIPAA PRIVACY OVERVIEW OBJECTIVES At the completion of this course, the learner will be able to: Define the Purpose of HIPAA Define Business Associate Identify Patients Rights Understand the Consequences
More informationData Protection, Privacy and the Law. Presented for Data Privacy Month 2013 Presented by Tim Gurganus, OIT And Clifton Williams, OGC
Presented for Data Privacy Month 2013 Presented by Tim Gurganus, OIT And Clifton Williams, OGC Payment Card Industry Data Security Standard (PCI-DSS) Protection of card holder data processed, stored or
More informationProtecting. Personal Information A Business Guide. Division of Finance and Corporate Securities
Protecting Personal Information A Business Guide Division of Finance and Corporate Securities Oregon Identity Theft Protection Act Collecting, keeping, and sharing personal data is essential to all types
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationFamily Educational Rights
University of New Hampshire Family Educational Rights and Privacy Act FERPA is a federal law that protects students. This law gives students five rights. The right to inspect and review education records.
More informationHIPAA Compliance. 2013 Annual Mandatory Education
HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationDRAFT National Rural Water Association Identity Theft Program Model September 22, 2008
DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationHIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationBSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
More informationLegal and Ethical Issues in Computer Security
Legal and Ethical Issues in Computer Security Prepared By: Rusul M. Kanona Supervised By: Dr. Lo a i A.Tawalbeh Arab Academy for Banking & Financial Sciences (AABFS) Fall 2007 :Objectives for this session
More informationProcedure Title: TennDent HIPAA Security Awareness and Training
Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationCareer Connection, Inc. Data Privacy. Bringing Talent Together With Opportunity
Career Connection, Inc. Data Privacy Objectives This course is intended for CCI employees. The course gives guidance on data privacy concepts and describes how data privacy is relevant when delivering
More information