Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Security Training 2005

Published byLarry Gurley Modified over 9 years ago

Similar presentations

Presentation on theme: "HIPAA Security Training 2005"— Presentation transcript:

1 HIPAA Security Training 2005
                                                                                               Security Training 2005

2 Introduction To improve the effectiveness of the health care system in protecting patient health information the federal government signed into law the Health Insurance Portability and Accountability Act in HIPAA, as it is commonly known provides health care entities with guidelines on how it must secure and safeguard electronic Protected Health Information (ePHI). This course: Explains the differences between HIPAA Security and Privacy Rules. Outlines new security regulations. Identifies new security-related policies and procedures. Reviews your role in protecting patient information. Use this template to create Intranet web pages for your workgroup or project. You can modify the sample content to add your own information, and you can even change the structure of the web site by adding and removing slides. The navigation controls are on the slide master. To change them, on the View menu, point to Master, then choose Slide Master. To add or remove hyperlinks on text or objects, or to change existing hyperlinks, select the text or object, then choose Hyperlink from the Insert menu. When you’re finished customizing, delete these notes to save space in your final HTML files. For more information, ask the Answer Wizard about: The Slide Master Hyperlinks

3 HIPAA Security HIPAA Security becomes effective on April 21, 2005.
HIPAA Security and Privacy go hand-in-hand. While the Privacy Rule, effective on April 14, 2003 covers all forms of protected health information (PHI), the Security Rule only applies to PHI in electronic forms.

4 What is HIPAA Security? With a focus on the protection and monitoring of Electronic Protected Health Information (ePHI), HIPAA security regulations require an entity to: Ensure the confidentiality, integrity, and availability of all electronic PHI (ePHI). Protect against any reasonably anticipated threats and uses or disclosures not allowed by the Privacy Rule. Mitigate threats by using safeguards reasonably and appropriately implemented that conform to the Security Rule standards.

5 What is PHI? Protected Health Information (PHI) consists of patient identifiable information delivered via paper, verbal communications or electronic means. Examples include: Patient name Address Date of birth SS# Medical record # address Identifiable health information may be shared among caregivers for the purposes of: Treatment, Payment or Healthcare Operations (TPO). Healthcare Operations include: QA/QI, Utilization Review, Disease, Management, Credentialing, Auditing, etc. Any other use of PHI or disclosure information, i.e., research, marketing, etc. requires the written authorization and consent of the patient.

6 Privacy/Security Comparison
Similarities and Differences between HIPAA Privacy and Security PRIVACY Patient focused PHI – electronic, paper, or verbal Privacy officer Privacy awareness training Business associate contracts Policies and procedures that meet privacy standards SECURITY Covered entity focused PHI – only electronic Security officer Security awareness training Business associate contracts Policies and procedures that meet security standards

7 HIPAA Security Safeguards
HIPAA Security safeguards fall into the following 3 main categories: Technical Access Control Audit Control Integrity Person or Entity Authentication Procedures in place that protect and monitor information access and prevent unauthorized use of data transmitted over the network. Physical Facility Access Workstation Use Workstation Security Device & Media Controls Protection of computer systems, building sites, and equipment from hazards and/or intrusions. Administrative Security Mgmt., Security Officer Workforce Security, Access Mgmt. Training, Incident Procedures Policies and procedures utilized to manage the selection and execution of security measures.

8 Technical Safeguards Using PHI Information
Access is given on a “need-to-know” basis. Access to a system does not imply it is appropriate to search any patient information at will simply to satisfy a curiosity. Use/access the absolute minimum patient information. For information not currently available to you, ask your manager or supervisor for approval.

9 Computer Security Computer and information technology are a significant component to our business structure at BWH. Never leave any PHI data displayed on your monitor when you’re away from your desk. Lock your computer. Click on the yellow lock symbol at the bottom right of the task bar to enable the PHS Password Protected Screensaver. Do not download files to local directories or copy files to external devices, such as floppy disks, CDs, and flash drives without authorization. CDs, floppy disks, etc. must be physically destroyed when no longer needed. For example, break a CD or floppy disk in half.

10 Computer Viruses/Malicious Software
Viruses can range from seemingly harmless “jokes,” all the way to widespread destructive infections that can shut down an entire network. Do not open attachments from unknown senders. If an looks suspicious – don’t open it! Delete it! If you think you downloaded a virus, contact the Help Desk. Avoid free downloads and software such as WeatherBug and Search bars. These are examples of spyware that interfere with PHS applications as well as bog down the system.

11 Protecting Portable ePHI
Portable electronic media covers devices, such as laptops, diskettes, CD’s, zip drives, flash drives, PDA’s, etc All movement of electronic media containing ePHI into and out of BWH must be tracked and logged. BWH employees who move electronic media or information systems containing ePHI are responsible for the subsequent use of such items and must take all appropriate and reasonable actions to protect them against damage, theft, and unauthorized access. Prior to downloading/moving ePHI, refer to HIPAA Security Policy, Accountability of Electronic Media.

12 Controlling PHI Access
Collecting PHI requires a controlled, secure environment to store information. As Employees Do not attempt to view information you have not been authorized to access. Memorize your password, never write it down. If you suspect your password has been compromised, change it immediately or call the Help Desk and request a new one. Audits are run regularly to ensure appropriateness. As Managers Authorize employees to receive minimum access to perform their jobs. If you’re a ‘key giver,’ identify the user’s role before giving them access. Conduct periodic application monitoring to identify and track who accessed PHI and determine its appropriateness. Remove an employee’s ability to access PHI within 24 hours after their termination date.

13 Use s containing PHI should be limited to instances of absolute necessity. Determine the following: Has the patient authorized you to communicate with them or a member of their family via ? Has all extraneous information been removed from the content of the message? Has the PHS disclaimer been linked to your outgoing messages? Have you password protected your files? For more information, refer to Clinical Guidelines in the BWH Administrative Policy Manual.

14 Physical Safeguards BWH Security staff regularly monitors those entering the building. Staff and employees must wear ID badges at all times. Report suspicious behavior. Restricted areas must remain restricted. Read and understand the BWH Privacy and Security policies, your departmental policies, and regulations regarding visitors.

15 Contingency Planning – BWH IS
Contingency planning is important for maintaining the integrity of PHI. Partners Information Systems has policies and procedures in place in the event of a network or system failure. These procedures include: Methods to back up data in case of a system failure. Plans to protect data in case of an emergency or disaster. Methods to access data if due to an emergency, you cannot access it in the usual way.

16 Contingency Planning - BWH
To learn more about contingency planning, refer to the online BWH Crisis Resource Manual (CRM). To access the BWH CRM, go to: Start Menu> Partners Applications > Clinical References > BWH Crisis Resource Manual (CRM). - OR - BWH Pike Notes > Hospital-wide Policies And Manuals > Emergency Management Manual > BWH Crisis Resource Manual (CRM).

17 Administrative Safeguards
As part of HIPAA security, BWH has implemented a broad program that includes policies, procedures, standards and guidelines to guide, protect and support you. BWH strongly encourages you to report any issues or concerns you have about HIPAA security. If you observe any inappropriate activity, it is your responsibility to report it. Speak with your manager or supervisor. the BWH HIPAA Security Office mailbox. Call the BWH Compliance Hotline (617) to make an anonymous report.

18 You have completed the BWH HIPAA Security Training Course
Congratulations You have completed the BWH HIPAA Security Training Course

Download ppt "HIPAA Security Training 2005"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Security.

HIPAA Security.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.

Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Health Insurance Portability and Accountability Act 1.

HIPAA Health Insurance Portability and Accountability Act 1.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Similar presentations

Ads by Google