2 HIPAA Security Presentation Please review this presentation on HIPAA Security. When you are finished you will receive a sign-off sheet with instructions on returning it.If you have any questions, please contact Sheila Kline at or
4 1. Develop Administrative Procedures Write Policies & procedures related to security of our systemsImplement a Disaster recovery plans
5 2. Ensure Physical Safeguards Keep Servers in a secure locationKeep Offices and file cabinets locked
6 3. Implement Technical Security Services Control Access – who are the users & security levelsAudit – who can access data & who did access data
7 4. Institute Technical Security Mechanisms User accounts and passwordsVirus protectionFirewallsData transfer protocols, file encryptionSecure, monitored servers(MIS department responsibilities)
8 What Are Electronic Files? Information stored onComputersLaptopsPDA’sFloppiesCD’sDVD’sZip DisksFlash DrivesReasonable measures need to occur to keep these items secure. Laptops, CDs, DVD’s, Floppies and Flash drives need to be stored in a locked area if they contain PHI.
10 Employee Security Rules Do not use to communicate confidential informationDepaul.org is NOT secureAWARDS messaging is HIPPA CompliantFAX TransmissionsUse cover sheet with the DePaul disclaimerKnow who you are faxingDial the correct number or use speed-dial when possibleVerify receipt of faxKeep fax machines in private areasConversations in public placesBe aware of where you are and who can hear you
11 Employee Security Rules Be aware of who can hear your Voic messages or conversations on Speaker PhoneWritten CorrespondenceKeep confidential and secureDo not leave PHI out in the open on your deskEnsure that doors, desks and cabinets are lockedIf you do not have a locked area to keep PHI contact your supervisorBe aware of who can observe data you are entering or displayed on your monitorDo not leave confidential information on your computer screenLock your computer before leaving your workspace for any length of time (ctrl+alt+delete)
12 Employee Security Rules Do not install or download any software on your computerAll software on DePaul computers must be authorized by the MIS Dept.File transfer programs can create security loop holesData Minor programs installed inadvertently while surfing the internet can search for data on your computer.PhonesDo not use speaker phone when listening to voic when PHI could be discussedBe aware of who can hear speakerphone or conference call conversations.
13 Employee Security Rules PasswordsNever give your passwords to another userChange often (every 3 months or sooner)Be creative when thinking of a password.do not store passwords near your computer.Never login and allow other staff to access databases under your user name and password.If a new staff person needs rights to a database – they need to contact the MIS Department.If a staff person does not have all the rights they need to complete their job in a database – they need to contact the MIS Department – not use another staff’s database credentials.
14 Click here to access the sign-off sheet. If you have any questions regarding HIPAA Security, please contact Sheila Kline orClick here to access the sign-off sheet.