Integrated Security & Confidentiality (S&C) Guidelines Across Programs: It Does Work National Security & Confidentiality Guidelines Webinar April 10, 2012.

Slides:

Advertisements

Similar presentations

CDC EHDI RESOURCES for States. CDC EHDI Website CDC EHDI Website Purpose: To provide up-to-date.

Advertisements

Training for the Work-Study Supervisor

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

Red Flag Rules: What they are? & What you need to do

Using Data for Programs:

Privacy and Information Security Training ( ) VUMC Privacy Website

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

Confidentiality and HIPAA

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

NAU HIPAA Awareness Training

U SE OF P ERSON -S EARCHING S OFTWARE (A CCURINT ) FOR HIV S URVEILLANCE P URPOSES Thomas J. Shavor, MBA, MPH Epidemiology Director, HIV/STD Programs Tennessee.

Developmental Work Toward Implementation of a Master Patient Index Technical Perspectives and Lessons Learned from North Carolina “Working for a healthier.

FERPA The Family Educational Rights and Privacy Act.

1.  Incident reports should be written only when you are sure that a persons rights have been violated. True False  Full names of consumers should never.

Utilizing the Internet for Partner Notification Patti Constant, MPH STD & HIV Section Infectious Disease Epidemiology, Prevention & Control Division Minnesota.

Christina Williamson, DHA(c),MSN, RN-BC Veterans Healthcare System of the Ozarks.

Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.

Linking STD and HIV Morbidity and Risk Behaviors in Indiana James D. Beall, MA Sr. Public Health Advisor Indiana State Department of Health.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.

Community Feedback and Involvement in [Health Department’s] Proposed Data to Care Program [Name of Provider Session Date of Provider Session]

Introduction to the Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs CSTE.

© 2003 SHRM SHRM Weekly Online Poll: March 9, 2004 QOTW - Identity Theft Analyzing 340 responses of s sent, 1628 received (response rate = 20.9%).

Improving Data Entry of CD4 Counts March Welcome! The State Office of AIDS (OA) is continuing to work with providers to improve the quality of data.

HIPAA PRIVACY AND SECURITY AWARENESS.

Program Collaboration and Service Integration: An NCHHSTP Green paper Kevin Fenton, M.D., Ph.D., F.F.P.H. Director National Center for HIV/AIDS, Viral.

Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.

Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.

Enhancing Communication Among Health Care and Educational Programs How Privacy Regulations Impact Delivery of Effective Services by Karl R. White National.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Chicago Department of Public Health Rahm Emanuel Mayor Bechara Choucair, MD Commissioner Integrated Security and Confidentiality Guidelines for HIV and.

Theresa L. Henry, Director of Field Services Program Integration The Virginia Experience Virginia Department of Health Division of Disease Prevention.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

State and Local STD Prevention Programs Prepared by Jim Lee, Senior Public Health Advisor, Texas Department of State Health Services and Melinda Salmon,

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

HIPAA Security A Quantitative and Qualitative Risk Assessment Rosemary B. Abell Director, National Healthcare Vertical Keane, Inc. HIPAA Summit VII September.

Welcome to The Wonderful World Theodore J. Leibowitz of Corporate Compliance.

Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.

Supervisor Training On-Campus Student Employment.

Division of Risk Management State of Florida Loss Prevention Program.

TTI Performance Evaluation Training. Agenda F Brief Introduction of Performance Management Model F TTI Annual Performance Review Online Module.

HIV/STD Partner Services Recommendations Cindy Getty & Rheta Barnes Divisions of HIV/AIDS Prevention & STD Prevention National Centers for HIV/AIDS, Viral.

Data Coordinators Conference – 2014 Laura Marroquin CASEWORKER/JCMS Specialist Everything New Data Coordinators Should Know.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

3.04 HIPAA Compliant Employee Sanctions: A Fair and Objective Approach Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation.

The Implementation of Medication Reconciliation in PAC Enhancing Patient Safety The Implementation of Medication Reconciliation in PAC Enhancing Patient.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Aged and Disabled Waiver (ADW) Health Insurance Portability and Accountability Act (HIPAA) Training 2015 October 2015.

1 Workers’ Compensation Office of Police and Risk Management.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

HIV Program and Data Integration

Training for the Work-Study Supervisor

Policy & Procedure Writing

HIPAA PRIVACY RULE IMPLEMENTATION – WHAT’S UP AFTER 4/14/03?

Disability Services Agencies Briefing On HIPAA

Security and Confidentiality Guidelines for HIV/AIDS Surveillance

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;

TRACE INITIATIVE: Confidentiality, Data Security, and Procedures for Protocol Violation or Adverse Event.

Importance of Data Quality for National HIV Prevention Program Monitoring and Evaluation Presented by: Guoshen Wang, MS Shubha Rao, MPH; Hui Zhao, MS;

From Baby Boomers to Millennials

School of Medicine Orientation Information Security Training

Presentation transcript:

Integrated Security & Confidentiality (S&C) Guidelines Across Programs: It Does Work National Security & Confidentiality Guidelines Webinar April 10, 2012 Dena Bensen, MPH VA HIV Surveillance Program Director Virginia Department of Health

Outline 1. VA program background 2. Keys to successful S&C implementation 3. S&C guidelines facilitate data sharing 4. Data sharing examples 5. Annual training importance 6. Applying the guidelines to specific program examples 7. Summary

Virginia: Integrated Programs Agency (VDH):  Same new employee background screening  Same new employee orientation materials Division of Disease Prevention (DDP):  Integrated HIV/STD program since 1980’s, with Hep C & TB programs later added  Sign same S&C program guidelines/policy  Same Overall Responsible Party (ORP) (Division Director)

Keys to Successful Implementation Have the Division/Office Director involved Get all program partners at the same table Conduct initial assessment Obtain feedback from all staff  Data Entry Tech to Program Coordinator  Is it realistic for the end users? Regroup after initial assessment Listen & validate concerns

Keys to Successful Implementation, cont. Be realistic & compromise “Let go” the idea that your data or program is more important than other programs Put your guidelines in writing Revise your plan as needed Learn from errors & unexpected situations  Add new guidance, policy & examples to manual  If it happens once, it can happen again

S & C Guidelines Facilitate Data Sharing Written standards facilitate data sharing between programs  You will be comfortable your data is protected  Define uses of data sharing specific to the program & program need PCSI Duplication of limited resources (data collection) Enhance data & program quality Increases use of data for public health action

Data Sharing Examples VA HIV Surveillance & DDP program staff share data based on need: TB - File exchange of specific data fields STD-MIS - HIV surveillance “read” access to STD-MIS to make HIV case report & obtain risk factor - ADAP - Fields for case finding & improved data completeness of race, sex, risk

Data Sharing Examples, cont. Partner Services  Multiple STD staff have limited “read” access to HIV Surveillance database (eHARS) for “record searching” patients for: - Internal use (e.g., complete Field Records) - Local health department Disease Intervention Specialists (DIS) & Partner Services (e.g., previously reported/tested?) Care/Ryan White  Access of limited Ryan White staff to eHARS HIV Surveillance data for timely assessment of “in care”

Data Sharing Examples, cont. HIV Surveillance matches with:  Vital Records - Requires MOA - Describes specific variables to share  Cancer - Requires S&C signing, data recipient agreement, & allowed uses

Data Sharing & Lessons Learned Share only “need to know” data Limit database access to read only Ideally export required variables to file  Create SQL table of specific variables vs. access to entire database Maps: small numbers?  Then don’t post on walls  Consider who comes into your office

Provide reasonable safeguards for securing confidential & sensitive information Ensure new technologies are addressed Address policy & program process changes in writing Allows supervisors to address  Intentional breach  Unintentional breach  Good vs. poor judgment Annual retraining is important

Why specify Your Guidelines in Writing? Physical/building security Field work Phone Fax Mail What is good judgment to one person is not the same for everyone.

Specify Guidelines in writing: Ex. Security Provide employee guidance:  Notify supervisor of a possible  But don’t forward breach (e.g., patient name/identifier)  Notify sender (but don’t hit reply to )  Employees & providers should not patient names/lists or other patient identifiers Recommend signature tagline  Borrowed from Texas Medical Monitoring Project : Please do not reply to this with any patient identifying information. This includes: Name, Phone Number, DOB, Address & Medical Record Number. Please call my confidential line at (804) 864-XXXX to coordinate this exchange. Thank you.

Lost patient data in the news Sent: Saturday, February 26, :29 AM Subject: more on HIPAA violations Today's Top News 1. Patient info lost on subway earns MGH $1 million HIPAA finePatient info lost on subway earns MGH $1 million HIPAA fine XX State General Hospital will pay the U.S. government $1 million to settle what the feds are calling "potential violations of the HIPAA Privacy Rule," according to a statement issued by the U.S. Department of Health and Human Services. The case involves patient information that an employee left on the subway. This marks the second fine related to HIPAA noncompliance in a week.

Take home messages Have the Division/Office Director involved &/or make decisions Define what variables to share with each data exchange Document your breach procedure (e.g., ) before it happens to prevent a breach! Ongoing communication  Can occur even if not in same building Don’t have time/$$ to compile the S&C procedures? Hire a contractor  Perform assessment  Write policies

Questions