Presentation on theme: "HIPAA Data Security PCF Data Security Update May 1 st, 2015."— Presentation transcript:
HIPAA Data Security PCF Data Security Update May 1 st, 2015
Pediatrics PCF Understanding of the Data Transfer Requirements What are you trying to accomplish? Who do you need to share your data with? Do you need a BAA and is one already in place? More on this later… Some have requirements to share and/or exchange data with various agencies Internal Connections External Connections
Pediatrics PCF HIPAA Policies WUSM Security and Privacy Policies are located at: http://secpriv.wusm.wustl.edu/Pages/SecPrivWelcome.aspx http://secpriv.wusm.wustl.edu/Pages/SecPrivWelcome.aspx E-Mail and Internet Usage Guideline Policy # 02.03.04 Storing Protected and/or confidential information on Internet Servers Sending e-mails that contain Protected and/or Confidential Information Disclaimer – PCF automatically appends the disclaimer to all outbound email Encryption – all email containing protected information other than provider-to-patient communication should utilize an encryption mechanism to ensure the integrity and confidentiality of the protected information
Pediatrics PCF PCF Email Services Discussed the Email Disclaimer previously PCF and BJC Email environments route email to each other through the GroupWise Email Connector Automatically routes email addressed to respective email recipients through the connector – no need to encrypt! Shared address books Free/Busy Calendar views – allows for better integration for areas that require hybrid (SLCH/Dept. of Pediatrics) Helps breakdown organizational barriers This tool will be extended to the other WUSM email environments in the future
Pediatrics PCF Mobile Device Management (MDM) WUSM has implemented the AirWatch MDM product All mobile devices connecting to the WUSM-secure Wi-Fi network are required to use the AirWatch service Download the AirWatch client from the appropriate App store
Pediatrics PCF AirWatch Email notification from the PCF Helpdesk
Pediatrics PCF Who needs to install AirWatch Required to Install Connect your mobile device (iPhone, iPad, Android, etc.) to the secure wireless network WUSM-Secure Not required to Install Only connects your mobile device to e-mail or the Guest wireless network
Pediatrics PCF Box Cloud Services http://box.wustl.edu/ WUSTL Box may be used to manage the following content: Protected health information (HIPAA) Attorney/Client privileged information IT Security information Protected identifiable human subject research data (HIPAA & Common Rule) Student education records (FERPA) Student loan application information (GLBA)
Pediatrics PCF New SPAM Filters and [SECURE] Email Transport PCF recently launched a new SPAM filter appliance, ProofPoint Improved SPAM filtering With this, PCF launched the new [SECURE] outbound email encryption service Simply type in [SECURE] in the subject line
Pediatrics PCF New SPAM and [SECURE] Email notification from the PCF Helpdesk
Pediatrics PCF Encryption Options 1.Put the EPHI in a file (Access, Excel, Word) and encrypt the file with a secure password and email it (maximum of 32 GB file size) Send the recipient the password for the encrypted file in a separate email! 2.Put the EPHI in a file (Access, Excel, Word) and encrypt the file with a secure password and use the WUSTL Digital Dropbox service to transfer the file (maximum of 200 GB file size) https://lft.wustl.edu Instructions for the WUSM Large File Transfer service are located on the site Send the recipient the password for the encrypted file in a separate email!
Pediatrics PCF Encryption Options, cont. 3.Contact PCF to use the Tumbleweed Secure Transport product (capable of handling large file transfers > 700 GB) The Tumbleweed product can be set up as a point to point secure dropbox service for sites or businesses that you routinely transfer EPHI with. This is the preferred option to use when you have project requirements to regularly send documents with EPHI to businesses outside of the WUSM environment. Currently in place between agencies that Dept. of Pediatrics business relationships with that need this type of routine data exchange capabilities. 4.Use the [SECURE] transport service in your native Outlook or OWA client
Pediatrics PCF Tips on Data Exchange PCF has a policy to encrypt the hard drives on all PCF supported desktops and laptops o Older machines have not been encrypted and will be replaced via the annual bulk device replacement process Citrix is encrypted end to end, designed as a remote access tool to map your network drives. o Can map your local drive on your remote PC or laptop file exchange VPN connection is encrypted end to end PCF Web based email is encrypted end to end o Quick and dirty way to send a file to yourself Use encrypted USB drives Never send an email that contains PHI to a non-WUSM email service without encrypting the email and/or the attachment!
Pediatrics PCF Business Associate Agreements New Business Associate Agreements (BAA) are required to comply with new HIPAA regulations New BAA form on the Purchasing web site List of all HIPAA BAA is on the site http://resourcemanagement.wustl.edu/ps/Pages/H IPAA.aspx http://resourcemanagement.wustl.edu/ps/Pages/H IPAA.aspx
Pediatrics PCF Questions/Comments Thanks for your time!