Jeopardy $100 Access Controls EmailFaxing My Workstation Pot Luck $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500 $400 $300 $200.

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
HIPAA Security.
Baltic High School Classroom Connections Presentation.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Privacy and Information Security Training ( ) VUMC Privacy Website
System Security & Patient Confidentiality General Lesson 1.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Are you ready for HIPPO??? Welcome to HIPAA
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Factors to be taken into account when designing ICT Security Policies
Question: What is Secure Envelope?
10 Essential Security Measures PA Turnpike Commission.
Network security policy: best practices
THE WHY AND HOW OF DATA SECURITY YOUR ROLE IN DATA STEWARDSHIP DEPARTMENT OF MEDICINE IT SERVICES.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
For Medication Certified Staff Members Only.   Governs how we give medications in a school setting  States that each parish will develop, follow and.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
HIPAA PRIVACY AND SECURITY AWARENESS.
1.1 System Performance Security Module 1 Version 5.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Copyright© 2010 WeComply, Inc. All rights reserved. 9/19/2015 Record Management.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
University Health Care Computer Systems Fellows, Residents, & Interns.
Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.
Information Systems Security
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
CHCS MAILMAN USER REFERENCE GUIDE UPDATED MARCH 2014
RECEIVE AND TRANSMIT INFORMATION. . All information received must be accurately recorded, and be current, relevant, legible and complete All information.
Legal Holds Department of State Division of Records Management Kevin Callaghan, Director.
Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
Information Security. Your responsibilities as a Government of Canada employee.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
ISMS Information Security Management System
Protecting PHI & PII 12/30/2017 6:45 AM
Mysale Information Classification 101
HIPAA Online Student Orientation
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Security of People, Property and Information
Disability Services Agencies Briefing On HIPAA
County HIPAA Review All Rights Reserved 2002.
Mysale Information Classification 101
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Overview.
The Health Insurance Portability and Accountability Act
General Data Protection Regulation Q & A Session
Presentation transcript:

Jeopardy $100 Access Controls Faxing My Workstation Pot Luck $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 Final Jeopardy Final Jeopardy

1 - $100 Access to the following areas must be restricted: Access to the following areas must be restricted: A.Client Area B.Employee Area C.Medical Records D.All of the above.

1 - $200 Which of the following statements are true? Which of the following statements are true? A.Employees and Visitors must wear a badge while on TPOCC property. B.It is okay to lend your badge to someone who needs access to the building. C.If I lose my badge, my identity must be verified and I must obtain a Visitor’s Badge to wear while on TPOCC property. D.A and C.

1 - $300 PHI is very valuable, what does TPOCC do to ensure that in an Emergency, information is secured? PHI is very valuable, what does TPOCC do to ensure that in an Emergency, information is secured? A.TPOCC has a Business Continuity Plan. B.The Business Continuity Plan addresses events that may damage electronic data such as a fire or flood. C.TPOCC can conduct daily operations in “Emergency Operation Mode”. D.All of the Above.

1 - $400 Who can access the Medical Records Department? Who can access the Medical Records Department? A.All Team Leads, Program Directors and Medical Records staff. B.All Doctors, Program Directors and Medical Records staff. C.The Medical Team. D.The Medical Records staff.

1 - $500 My Access in the Electronic Medical Record may be limited to: My Access in the Electronic Medical Record may be limited to: A.The Clients on my assigned Team. B.The areas of the EMR I need to do my job. C.My job role and/or Credential. D.All of the Above.

2 - $100 Which of the following is true about at TPOCC? Which of the following is true about at TPOCC? A. users have an obligation to use appropriately, effectively, and efficiently. B. can be forwarded, printed and stored by others, so extreme discretion must be used when using . C.It is okay to forward and copy many people to make sure communication is smooth. D.A and B.

2 - $200 If is used for communication of sensitive material, the following safeguards must by taken: If is used for communication of sensitive material, the following safeguards must by taken: A.The subject line should reference that this is sensitive information. B.I must use my company account only as it is encrypted and secure. C.A disclaimer must be included within all signatures in Outlook. D.All of the above.

2 - $300 If an is misdirected to an unintended recipient, the sender must take the following action: If an is misdirected to an unintended recipient, the sender must take the following action: A.Attempt to reach the unintended recipient by phone, and ask them to delete the misdirected . B.As long as the disclaimer is attached, nothing further needs to be done. C.A and B D.A. If unable to reach by phone, send an with the subject “Misdirected ” and request the e- mail be deleted.

2 - $400 When using When using A.It is okay to print and file s with PHI in my unlocked desk drawer. B.It should be used as a business tool. C.It is okay to forward to my Gmail or other personal account. D.None of the above.

2 - $500 The following is an unfortunate result of leaking into the wrong hands: The following is an unfortunate result of leaking into the wrong hands: A.The PHI can be used for fraud. B.The PHI can be used for identity theft. C.The PHI may fall into the hands of someone who does not have “need to know” access to the information. D.All of the above.

3 - $100 Faxing information should only be done when: Faxing information should only be done when: A.The original record or mail-delivered copy will not meet the needs for TPO. B.Urgent information, such as an approval for services is needed. C.Authorization to release the information has been obtained and signed.

3 - $200 When faxing information, use the following guideline when deciding what information to fax. When faxing information, use the following guideline when deciding what information to fax. A.Fax only the information you obtained authorization for. B.Certain information such as Therapy notes, HIV test results and Alcohol and Drug Abuse Records may not be released without specific written Client authorization unless required by law. C.Fax whatever the person requests. D.A and B.

3 - $300 What must accompany all fax transmissions containing PHI? What must accompany all fax transmissions containing PHI? A.An official TPOCC fax cover letter. B.A stamp on each page indicating that the documents are confidential. C.A and B are required. D.None of the above.

3 - $400 To confirm a Fax was sent successfully: To confirm a Fax was sent successfully: A.Call the person to see if it was received. B.Obtain and keep a copy of the fax transmittal and fax confirmation sheet. C.A or B. D.All of the above.

3 - $500 Which of the following statements are true regarding faxes that are received? Which of the following statements are true regarding faxes that are received? A. If the intended receiver is not TPOCC, follow the instructions to destroy the information and notify the sender of the error. B. Fax machines are located in secure areas and faxed information should be removed immediately. C. Not everyone is authorized to use the fax machines at TPOCC. D. All of the above!

4 - $100 What is the command to lock a workstation when leaving it unattended? What is the command to lock a workstation when leaving it unattended? A.Press the “lock workstation” key on the keyboard. B.Press Control + Alt + Delete on the keyboard. C.Press the Windows + L key on the keyboard. D.B or C.

4 - $200 Which of the following is part of the Procedure for storage of information? Which of the following is part of the Procedure for storage of information? A.Company information must be stored on the TPOCC secure networks. B.It is okay to use a flash drive to store PHI. C.It is okay to load games and music to the TPOCC secure network. D.I can upload software anytime I want to my workstation.

4 - $300 The EMR password requirements include: The EMR password requirements include: A. All lower case letters and two whole numbers. B. Can be easy to remember like your birthday or pet’s name. C. Passwords must include three of four requirements: lower case letter, upper case letter, a number or a special character. D. They must be 20 characters long.

4 - $400 Fill in the blanks: _____________ controls what you see in Credible, _____________ controls your scope of practice or what you are able to do in Credible. Fill in the blanks: _____________ controls what you see in Credible, _____________ controls your scope of practice or what you are able to do in Credible. A.Forms, Attachments B.Program, Team C.Security, Credentials D.None of the above.

4 - $500 What is the automatic log-off time for inactive workstations? What is the automatic log-off time for inactive workstations? A.15 minutes. B.One hour. C.30 minutes. D.It depends on your access.

5 - $100 Physical access to our facilities is restricted by: Physical access to our facilities is restricted by: A.Locks and alarms. B.On-Site Security. C.Signs indicating restricted areas. D.A and C.

5 - $200 TPOCC has which additional Physical Access Controls in place to protect PHI: TPOCC has which additional Physical Access Controls in place to protect PHI: A.Computer Network Firewalls and Virus Detection. B.Property control tags on all TPOCC equipment. C.Redundancy, backup and security systems in place to prevent data loss. D.All of the above.

5 - $300 Which of the following statements are true about offsite access? Which of the following statements are true about offsite access? A.Offsite use includes use of the EMR at school, a Client home or an Employee working from home. B.Employees who work offsite must be approved by their Program Director to do so. C.Employees must review and sign the acknowledgement of offsite best practices. D.All of the above.

5 - $400 There are additional Policies and Procedures that I need to be aware of such as: There are additional Policies and Procedures that I need to be aware of such as: A.Transport of Paper Records B.Retention and Destruction of Records C.Neither A nor B D.There are additions and updates that I need to be aware of!

5 - $500 What is the term for an accidental or intentional leak of PHI? What is the term for an accidental or intentional leak of PHI? A. Meaningful Use B. TPO C. Breach D. Disclosure

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.