Presentation on theme: "Louisiana CAREWare Access Network User Training #2: Data Security, Confidentiality, HIPAA, & CAREWare Sharing November 2011."— Presentation transcript:
Louisiana CAREWare Access Network User Training #2: Data Security, Confidentiality, HIPAA, & CAREWare Sharing November 2011
LaCAN Policies: Data Security & Confidentiality Data Sharing in CAREWare HIPAA Training How to share in CAREWare Client consent for sharing Today’s Topics
Web Folks: Mute your phones Do not put your phone on hold Feel free to use chat for questions at any time OR just speak up Call the Genesys help desk if you have technical difficulties In-Person Folks: Silence your cell phones Raise your hand if you have a question Housekeeping
What is confidential information? 1.Sensitive health and risk-related information 2.Client personal identifiers 3.Potentially identifying information 4.Any other information provided to contractors for which confidentiality was assured when the individual or establishment provided the information. Policy Review: Data Security & Confidentiality What is potentially identifying information? Information that when viewed in conjunction with other information could possibly identify and/or be harmful to a particular person or group of people. Examples?
General Policies 1.All CAREWare users must receive confidentiality training through their employing agency, sign the LaCAN User Confidentiality Agreement, & be provided the Louisiana STD/HIV Program Security & Confidentiality Policy since they are accessing a State data system. 1.All CAREWare access is based on need-to-know. 1.Users may access CAREWare with only their own account. If someone needs to access CAREWare and does not have an account, they must apply for one. Do not give your account information to anyone. Policy Review: Data Security & Confidentiality
Computer Security 1.Screens must not be readable by anyone but the direct user. Check from windows, doors, hallways, and other chairs in your office. 2.CAREWare computers must be in a secure area/office or behind a door that can be locked. Do not access CAREWare from public computers, including computers designated for client use. 3.CAREWare computers must have a Windows login password and a password-protected screensaver. Policy Review: Data Security & Confidentiality
Communicating client information Policy Review: Data Security & Confidentiality BAD Emailing identifiers, URNs, UINs, or client IDs Leaving identifiers, URNs, UINs, or client IDs on voicemail Faxing client info unless you know the fax machine is secure GOOD Using secure folders to transmit client data Giving client info on the phone directly to the person you are communicating with Faxing client info to a fax approved to receive identifying information
What is a CAREWare Security Breach? CAREWare printouts or data files are lost or stolen. CAREWare printouts or data files are shown or given to someone not authorized to view them. Someone tries to break into an area that has a CAREWare computer, whether successful or not. Someone tries to “hack” into a computer that has CAREWare or into CAREWare itself. Any evidence, including a media story, that an unauthorized person gained access to information from CAREWare. Policy Review: Data Security & Confidentiality Common Examples?
What do you do if a CAREWare security breach occurs? 1.Call the SHP Services Data Manager (Megan Wright) at 504-568- 7474 immediately. If Megan is not available, contact the SHP Data Management & Analysis Unit Manager (Dr. Debbie Wendell) at the same number. 1.Do not speak to the media. Refer all media inquiries to SHP. Policy Review: Data Security & Confidentiality
Policy Review: Data Security & Confidentiality What will SHP & the other LaCAN Partners do? 1.Comply with all applicable federal and state requirements for the reporting and notification of breaches of protected health information. (45 C.F.R. §§164.400 et seq., R.S. 51:3071 et seq.) 1.Ensure that any breach of confidentiality will immediately be investigated to assess causes and implement remedies. Infractions related to inappropriate access to or disclosure of confidential information may result in loss of CAREWare access, disciplinary action, termination of employment, loss of professional licensure, and/or federal, civil, or criminal penalties. (HIPAA Privacy 164.530; 45 C.F.R, §§160.300 et seq., 160.400 et seq., 160.500 et seq., 42 U.S.C. §1320d-6)
Data Security & Confidentiality Policy Questions?
What does data sharing mean for CAREWare users? See your clients’ services from other LaCAN agencies See your clients’ clinical information See your clients’ ADAP & LaHIP services Policy Review: Data Sharing in CAREWare Why do we want to share client data in CAREWare? Improve care coordination Improve performance measurement Increase the quality of our data
Sharing Policy Details All sharing will be client-by-client Agencies will never see information for clients they have not served Starting 1/1/2012, all clients served must sign a consent form indicating share preference All sharing consent forms will be scanned and uploaded to the client’s CAREWare record Policy Review: Data Sharing in CAREWare
Procedure for Client Consent to Share 1.Case manager or other appropriate agency staff will review the consent document with the client & answer any questions. 1.Agencies will contact their designated LaCAN Partner if the client has questions they cannot answer. 1.After the client signs the form, the agency will scan it & attach to the client’s CAREWare record. 1.The original paper copy must be kept in the client’s file at the agency. Policy Review: Data Sharing in CAREWare
Procedure for Client Consent to Share, continued 5.If the client consented to share their information, the provider can then request services & clinical data from other LaCAN providers through CAREWare. 5.When sharing requests are received in CAREWare, LaCAN providers will grant access after verifying the client’s consent to share document in CW. 5.Any providers failing to grant access within a reasonable amount of time will be subject to having their requests granted by a LaCAN Partner. Policy Review: Data Sharing in CAREWare
Procedure for Deactivating Client Consent to Share 1.If the client decides (at any time) to revoke sharing, agencies will review the LaCAN Client Revocation of CAREWare Sharing document with them and have the client sign. 1.After the client signs, the agency will scan & upload the document to the client’s CAREWare record. The original paper form will remain in the client’s file. 1.The agency will immediately revoke sharing for the client’s services & clinical data in CAREWare. 1.Within 1 business day, the agency will notify their designated LaCAN Partner of the revocation. The LaCAN Partner will deactivate sharing for all agencies serving the client. Policy Review: Data Sharing in CAREWare
What’s already shared? Demographics Annual Review Custom Annual Review Service Tab - Vital Status Client Information Tab Emergency Contacts Tab
The Client Record Continued Starts on Page 36 of LaCAN Manual
Client ID: This field is provider specific. Address, City, State, Zip Code, County, and Phone Number: Enter the client’s address, city, state, and zip code here. Enter the parish name of the client under the county field. Note: Only use ‘Include label on report’ checkbox if mail can be sent to the client’s address reported. Ethnicity & Race: is based on the client’s self- identification. Note: For Part A New Orleans, enter the UIN number in the client field. Demographics Tab Starts on Page 36 of LaCAN Manual
Annual Review Tab Starts on page 47 of LaCAN Manual
Page 51 of LaCAN Manual Custom Annual Review Tab
Services Tab Starts on Page 40 of LaCAN Manual Used by all providersOnly apply to your agency
Client Information Tab Starts on page 75 of LaCAN Manual Used to record other client information such as who is their case manager, SSN, and mailing preferences. Fields on this tab are shared with and editable by all of the client’s providers.
Emergency Contacts Tab Starts on page 75 of LaCAN Manual
What’s able to be shared? Services Clinical Encounters Case Notes Subforms Appointments
Sharing Information Sharing will be set to level 1. This means data will be shared with providers that a client has consented and had at least one service. Requesting Granting Viewing Cancelling a Sharing Request
Sharing Request Open the client’s record click the service tab. At the lower left corner of the window, click service sharing New Request Select providers from the list to send a request to click request close and save Note: This button will be grayed out for CAREWare users who do not have permissions. Contact your designated grantee for assistance. For users with General User or higher permissions, this button will only be grayed out if the client is only served at your agency.
1.Agencies are required to collect client information in CAREWare as a condition of funding. 2.Their data is secure in CAREWare. 3.That CAREWare is a computer database, similar to what is used at their physician’s office or a hospital. 4.Only authorized personnel will have access to their information. 5.Agencies they are not served by will never see their data. 6.Identifying information is not sent to the federal government. 7.They are not required to share their services & clinical information, but there are benefits. What we need to communicate to clients What else?
What questions do you anticipate from clients? What questions do you have? What do your clients already ask you about their data? What are ways agencies can ensure clients feel their data is protected & respected? What cultural beliefs do we need to take into account?
The Next LaCAN Training Referrals & Reports in CAREWare 10AM-1PM November 29, 2011