Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Slides:



Advertisements
Similar presentations
Protect Our Students Protect Ourselves
Advertisements

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Information Governance
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
New Data Regulation Law 201 CMR TJX Video.
Protecting Sensitive Information PA Turnpike Commission.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Introduction to the West Virginia Executive Branch Privacy Policies Executive Branch Privacy Program Education & the Arts Presented by Heather Butler,
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
PRIVACY AND INFORMATION SECURITY ESSENTIALS Information Security Policy Essentials Melissa Short, IT Specialist Office of Cyber Security- Policy.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Privacy and Information Management ICT Guidelines.
Murphy’s Law If anything can go wrong, it will.. 2 Data Security and Confidentiality “… a firm belief in Murphy’s Law and in the necessity to try and.
ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Data Protection Act ‘ What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Privacy & Confidentiality
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
2015 Privacy & Security Refresher. Presenters  Dana Williams  Privacy Officer  (501)  Stephen Yarberry  Chief Information Security Officer.
Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
HIPAA Privacy What Every Staff Member Needs to Know.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Protecting PHI & PII 12/30/2017 6:45 AM
Add video notes to lecture
Protection of CONSUMER information
HIPAA Online Student Orientation
Information Security 101 Richard Davis, Rob Laltrello.
Information Security Seminar
Chapter 3: IRS and FTC Data Security Rules
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
Health Insurance Portability and Accountability Act
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Good Spirit School Division
Move this to online module slides 11-56
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Handling Information Securely
Privacy and Security Basics Training
School of Medicine Orientation Information Security Training
Presentation transcript:

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy and Security Incident? Click on the statements and find out which ones are privacy and security incidents Privacy and security incident types based on CPROC 50.1 privacy.merck.com

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. What is a privacy and security incident? Before starting the test, take a look at the definitions: When we talk about “Personal Information”, we mean any information that could be used to identify, locate or contact an individual. A “Privacy Incident” is a violation of any one of the Privacy and Data Protection Principles set forth in Corporate Policy 50, or a privacy or data protection Law (this may include a Security Incident). A “Security Incident” means access to Personal Information which leads to loss, misuse and unauthorized disclosure, alteration and/or destruction of personal data. Privacy and security incident types based on CPROC 50.1 privacy.merck.com Starting the test

1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Violation of Merck privacy and data protection principles Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident

1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles It is a privacy and security incident Click here to continue Give proper notice & Respect customer choices

1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles This is not an incident. It is an adequate security measure Click here to continue

1 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Sending consumers marketing communications without obtaining proper consent or after they have opted out of receiving them. Lock up filing cabinets and all areas that store personal information. An employee improperly collects and broadly distributes sensitive or confidential employee HR data. Next incident 1 Violation of Merck privacy and data protection principles It is a privacy and security incident Click here to continue Limit what you collect & share

2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident

2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident 2 Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) This is a privacy & security incident Click here to continue Use non-identifiable data wherever possible

2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) This is not an incident Click here to continue To provide information about the number of people attending an event is non- identifiable personal information

2 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. The location of the default printer for your computer was changed, now documents containing personal data are printing out in the wrong office. When a division wants to make an internal communication informing about the number of people attending an internal celebration. Creating an internal company report that has names or other sensitive personal information about employees when it is not needed. Next incident 2 Unauthorized internal access or disclosure (When we disclosure personal information in unnecessary or inappropriate manner) Click here to continue Keep personal data safe & safely destroy it This is a privacy & security incident

3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss or theft of storage device or paper records Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident

3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records Click here to continue Lock, encrypt, protect your devices This is a privacy & security incident

3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records This is an adequate security measure Click here to continue

3 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Loss of laptops, cell phones, USBs, CDs, and other mobile or removable devices. Keeping personal information password – protected. Keeping payments to health care provider records on paper accessible to unauthorized individuals. Next incident Loss or theft of storage device or paper records Click here to continue Please be mindful to keep sensitive paper records in a safe place This is a privacy & security incident

4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Purchasing contact details and personal of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an with an attachment that includes sensitive personal information to the wrong internal distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident

4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an with an attachment that includes sensitive personal information to the wrong internal distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident This is an adequate privacy measure Click here to continue

4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an with an attachment that includes sensitive personal information to the wrong internal distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Click here to continue Verify that requesters are authorized to access the data This is a privacy & security incident

4 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Purchasing contact details and personal of potential clients from a vendor confirming the vendor has permission to share that data with Merck. Inadvertently sending an with an attachment that includes sensitive personal information to the wrong internal distribution list. A system failure causes the mailing of payment letters to the wrong physicians. Next incident Inadvertent disclosure of personal information to an unauthorized person by mistake or accident Click here to continue Protect your devices and follow Information Risk management policies This is a privacy & security incident

5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. An unauthorized outside access When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. Next

5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access This is an adequate security measure Click here to continue

5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access Click here to continue Protect your information and devices This is a privacy & security incident

5 Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Next When traveling or working from home we make sure we use a secure Merck network. Cyberattacks by criminals trying to access Merck information. A personal friend of an employee gains access to the Merck network by looking over the friends shoulder and memorizing the employees login credentials. An unauthorized outside access Click here to continue Limit the access to personal data and keep it safe This is a privacy & security incident

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. Return Test Privacy and security incident types based on CPROC 50.1 privacy.merck.com Report all known and suspected privacy and security incidents and other concerns to the MPO and/or your Compliance Officer

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.