Download presentation
Presentation is loading. Please wait.
1
East Carolina University
HIPAA Security Office
2
Objectives HIPAA Security Rule Security Rule Principles
Basic Security Awareness Practices & Wireless Guidelines Portable Devices Secure Messaging
3
Background Health Insurance Portability and Accountability Act of 1996
Federal standard for privacy and security of protected health information (PHI) Security Rule: ensure confidentiality, integrity and availability of ePHI (that a covered entity creates, receives or transmits) Sets guidelines for protection against: Threats or hazards of integrity and security of ePHI, unauthorized use and disclosures
4
Security Rule Principles
Administrative Safeguards - Policies & Procedures Physical Safeguards - Controlling physical availability Technical Safeguards - Controlling access and protecting electronic communications
5
Basic Security Awareness
Use strong passwords, per ECU policy Lock your computer when not in use Guard your display Do not install personal or unauthorized software Lock sensitive storage areas Update anti-virus
6
Basic Security Awareness
Identify and report potential security incidents Do not store ePHI unless it is a University approved method Maintain an inventory of systems, applications, devices that contain PHI. Communicate this to the ECU HIPAA Security Office Follow ECU policies and procedures for purchasing and/or updating new health information systems, applications, or devices.
7
E-Mail and Wireless Guidelines
Do not send ePHI over unless it is encrypted: ECU to ECU is encrypted ECU to Vidant or other entity is not encrypted Do not access or send ePHI over a wireless network unless the data is encrypted prior to transmission.
8
Portable Device Security
Portable devices are NOT secure for storing ePHI Must be encrypted Must have a passcode Portable devices must always by physically and technically secured. Turn wireless interfaces off until needed Any loss, theft, or unauthorized use must be reported to ECU ITCS immediately
9
Secure Messaging Cortext Currently ECU providers
Password required for access Potential roll out to other staff
10
ECU HIPAA Security HIPAA Security is everyone’s responsibility
No single security measure will provide total security Everyone must be knowledgeable of policies and procedures. Security is an ongoing process
11
Notification of Security Incidents
Report incidents to the University Help Desk The Help Desk can also provide information regarding purchasing, installing, and using software. or
12
Contact Information ECU HIPAA Security Officer Michelle C. Evans, MPA, CHC, CHPC (252) HIPAA Security Analysts Brad Sikes Tim Smith Complete HIPAA Privacy and Security Policies are available at:
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.