Presentation on theme: "Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation – College of Nursing August 22,2014 Cheryl Webber, MS, RHIA University."— Presentation transcript:
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation – College of Nursing August 22,2014 Cheryl Webber, MS, RHIA University of Florida Privacy Manager, Jacksonville
Goals Of this Orientation HIPAA Training Requirements. To help you understand your obligation to preserve the privacy and confidentiality of restricted information. To educate you about the RISKS of using a Mobile Device and the SAFEGUARDS you must use to minimize those risks. To make you aware of how to report lost or stolen devices.
Privacy Orientation This orientation is not your HIPAA and Privacy training for the year! You must: Complete UF’s Online HIPAA & Privacy Training Sign UF’s Online Confidentiality Agreement Additional training modules for Shands and the VA (if you see patients there).
HIPAA Training Complete: General Awareness Training – if you will not be involved in any research OR HIPAA for Researchers – if you will be doing human subject research. (This training counts for both Research and General Awareness.) Note: Have you already completed one of the modules within MyUFL?
Training and Re-training…. Privacy Training is renewed annually. Failure to complete the training on time is a Level II HIPAA violation and will result in disciplinary action. Be sure you are included in your college or department’s email list.
Common HIPAA Violations Unauthorized disclosures Be aware of your surroundings when discussing patients. Use extra caution with privileged information. Improper use of portable devices Recording (and sharing) unauthorized pix and videos Failure to use encryption Losing or misplacing equipment Downloading unnecessary PHI Removing PHI or health records from UF premises.
Privacy Sanctions UF Sanctions Loss of student privileges, computer access Verbal counseling up to termination Suspension or expulsion Reporting to professional licensing or credentialing boards Sanctions for HIPAA violations are serious: Fines Jail-time
New Penalties So, a breach involving PHI for 10 individuals could cost you anywhere from $100 to $50,000 per disclosure TiersDescription Minimum per Violation Max per Year (for identical violations) Tier ADid not know $100 - $50,000 $1,500,000 Tier B Reasonable cause – not willful neglect $1,000 - $50,000 $1,500,000 Tier C Willful neglect – corrected w/in 30 days $10,000 - 50,000 $1,500,000 Tier D Willful neglect – uncorrected $50,000$1,500,000
Mobile Device Management Risks and SafeguardsAppropriate Use of Mobile DevicesApproved and Required Software
Know the RISKS and SAFEGUARDS Before you use a Mobile Device to: Create Access Transmit Receive Store You are required to educate yourself about the RISKS of using a Mobile Device and the SAFEGUARDS you must use to minimize those risks. PHI
Mobile Device Risks If you’re using your Mobile Device for patient care, do you know what to do if: Your device is Lost or Stolen? Your device is infected by a virus or other malware? Are you aware that you should never: ◦Share your personal mobile device with anyone? ◦Use your device on an unsecured network?
Required Device SAFEGUARDS Use Proper Authentication Use strong password that meets or exceeds UF Health’s password requirements. Set an inactivity timeout of no more than 10 minutes – require a password to re-enter. Never share your password and change it often. Use and Maintain Approved Software Install only approved software. Enable approved encryption software. Enable and maintain anti-virus and -malware protection. Disable file-sharing applications.
Required Device SAFEGUARDS Maintain Physical Control Keep your device with you or locked up. Enable approved tracking or recovery software. Do not allow others to use your device (children, spouse, friends, etc.). Do not leave your device in a parked vehicle. Use Secure Networks Use adequate security over Wi-Fi networks. Do not forward e-mail to outside accounts. Ensure Proper Disposal
REPORT Lost or Stolen Devices Report the loss or theft of your device immediately! Notify your immediate supervisor. Also Notify: IT Security Office Privacy Office UF Police Department
Appropriate Use Direct patient care during emergencies or disasters. Share PHI only with co-workers involved in patient care. Create and/or share photos/videos only for making immediate health care decisions. Remember, all communications and/or images used for healthcare decision making or for treatment become part of the patient’s health record.
Approved Software AMCOM – enterprise communication software that offers HIPAA-compliant texting. Haiku – software for smartphones (iPhones) intended to securely connect to the electronic health record. Canto – like “Haiku for iPads,” securely connects to the electronic health record. Citrix Receiver – application for smartphones and personal data assistants, runs Epic Hyperspace application. VMWare Horizon Client – application that allows users to securely access a virtual desktop. E-mail from and to a recipient with a “ufl.edu” e-mail address when both sender/receiver have a professional need to know the information shared. Epic Hand-held Software (that may come available).
Examples Acceptable Uses: ◦A resident physician photographs a patient’s wound and sends the image (using HAIKU) to attending physician for the immediate delivery of care. ◦A nurse “texts” stat lab results (using AMCOM) to the ordering physician. ◦A clinician photographs the placement of a healthcare device, excluding any patient identifiers, and sends the image to the device manufacturer for advice. Unacceptable Uses: ◦Recording patient images out of curiosity or under the auspices of “general medical education.” ◦Taking a picture with a patient, at the patient’s request, in a patient care area and then forwarding the picture to the patient or posting the picture on Facebook. ◦Auto-forwarding e-mail to any e-mail system outside the ufl.edu domain, such as G-mail, Yahoo, AOL, or similar external e-mail systems.
Wrap-Up Watch what you say and where you say it Protect health records in all formats and all locations Safeguard personal computing devices; ◦Employ encryption and other security measures whenever possible. Follow the rules! Report theft of devices
Resources UF Privacy Office o (352) 273-1212 o http://privacy.health.ufl.edu http://privacy.health.ufl.edu AHC IT Security ◦(352) 265-8317 ◦Security@shands.ufl.edu UF Police Department ◦(352) 392-1111 Non-emergency ◦UPDinfo@admin.ufl.edu