Presentation is loading. Please wait.

Presentation is loading. Please wait.

Confidentiality, Privacy & Security Annual Training

Published byかおり さどひら Modified over 5 years ago

Similar presentations

Presentation on theme: "Confidentiality, Privacy & Security Annual Training"— Presentation transcript:

1 Confidentiality, Privacy & Security Annual Training
New Hampshire Homeless Management Information System (NH-HMIS) NH-HMIS Annual Privacy and Security Training 9/2018

2 Introduction Per HUD, all users are required to attend privacy and security training annually Client confidentiality and rights User policies and responsibilities NH-HMIS Policies and Procedures, documentation, and other resources available on the NH-HMIS website at nh-hmis.org NH-HMIS Annual Privacy and Security Training 9/2018

3 Agenda Client Rights Confidentiality/Privacy User Policy/Ethics
User Responsibilities Agency Responsibilities Sharing Information Data Quality and Computer Security NH-HMIS Annual Privacy and Security Training 9/2018

4 Overview Client confidentiality is important
HMIS Users are the first line of protection for client’s personal information Clients have rights about whether personal information can be collected and how that information can be used Protected Personal Information (PPI) can be shared with appropriate precautions in place Agencies are responsible for how personal information is managed within their organization NH-HMIS Annual Privacy and Security Training 9/2018

5 Client Confidentiality
NH-HMIS Annual Privacy and Security Training 9/2018

6 Client confidentiality is important for:
Protecting embarrassing information from disclosure Preventing improper dissemination of information that might increase discrimination against them Protecting personal/family security Protecting job security Avoiding prejudicial treatment Encouraging use of other services designed to help NH-HMIS Annual Privacy and Security Training 9/2018

7 Assurance of Confidentiality
Enables people to seek help without fear of: stigma retaliation disapproval damage to relationships Encourages full disclosure and maintains trust which is essential for effective treatment NH-HMIS Annual Privacy and Security Training 9/2018

8 Responsibilites to Client
Respond to client questions Respect client preferences Enter only truthful information Not change existing information Provide information to client upon request NH-HMIS Annual Privacy and Security Training 9/2018

9 Levels of Consent Consent to share personal identifying information (name, gender, birth date, race, ethnicity, part of your social security number) for de-duplication purposes with participating agencies (statewide) Consent to share additional information across programs to coordinate case management and service delivery Includes RRH & Prevention, state-grant-in-aid (SGIA), and emergency shelters NH-HMIS Annual Privacy and Security Training 9/2018

10 Confidentiality Policy Documents
Why we collect data Privacy posting NH-HMIS Notice of Uses & Disclosures NH-HMIS Client Acknowledgement NH-HMIS User Policy Agreement NH-HMIS Agency Participation Agreement Release of Information (Agency) NH-HMIS Annual Privacy and Security Training 9/2018

11 Signed Agreements Client – “NH-HMIS Client Acknowledgement Form” explained and given to client Release of Information (ROI) *New SUD Provider Release *New HMIS User – Signed “NH-HMIS User Policy Agreement” HMIS Administrator – Signed “NH-HMIS User Policy Agreement” HMIS Participating Agency – Signed “NH- HMIS Agency Participation Agreement” NH-HMIS Annual Privacy and Security Training 9/2018

12 Why we collect data Privacy Poster must be posted at each provider intake location Required as Baseline requirement of the Federal Data Standard States that we collect this information States why we collect this information NH-HMIS Annual Privacy and Security Training 9/2018

13 Privacy Poster With your permission, we collect and enter personal information into a computer database system for reasons that are fully discussed in our “Notice of Uses and Disclosures.” Other information that we collect is important to run our programs and to improve services for persons experiencing homelessness. We appreciate your cooperation with this process. NH-HMIS Annual Privacy and Security Training 9/2018

14 Data Collection Requirements
NH-HMIS Annual Privacy and Security Training 9/2018

15 Agencies subject to 42 CFR
The Agency shall abide by federal confidentiality regulations as contained in the Code of Federal Regulations (CFR) You can find a copy of this CFR at: idx?tpl=/ecfrbrowse/Title42/42tab_02.tpl NH-HMIS Annual Privacy and Security Training 9/2018

16 Notice of Uses and Disclosures
Used when working with the client Guide to explaining client’s rights in regards to data collection Must be explained to client so they understand (translation may be required) Allows the client to decline services NH-HMIS Annual Privacy and Security Training 9/2018

17 Data Uses and Disclosures
NH-HMIS Annual Privacy and Security Training 9/2018

18 CE-Related Uses and Disclosures Permitted by HUD
NH-HMIS Annual Privacy and Security Training 9/2018

19 Verbal Consent NH-HMIS Annual Privacy and Security Training 9/2018

20 NH-HMIS Client Acknowledgement
To be effective in serving and meeting client’s needs To build on a trusting relationship with the client To evaluate services provided To find/determine other service requirements NH-HMIS Annual Privacy and Security Training 9/2018

21 NH-HMIS Client Acknowledgement
NH-HMIS Annual Privacy and Security Training 9/2018

22 NH-HMIS Client ROI *NEW
Client Release of Information NH-HMIS Annual Privacy and Security Training 9/2018

23 NH-HMIS Client SUD ROI *NEW
Client Substance Use Disorder ROI NH-HMIS Annual Privacy and Security Training 9/2018

24 User Policy Agreement Helps assure client of your intent to protect their rights Guides users regarding ethics and confidentiality of information Builds trust in relationship between client and provider Reminds us of common sense practices NH-HMIS Annual Privacy and Security Training 9/2018

25 User Policy Agreement NH-HMIS Annual Privacy and Security Training
9/2018

26 Client Rights To receive a copy of any of their personal information stored in NH-HMIS To decide which agencies can view their personal information for services* To file a grievance To change their preferences in data collection and sharing To have their questions answered regarding the use of NH-HMIS data * RRH/HP project are required to share data NH-HMIS Annual Privacy and Security Training 9/2018

27 User Responsibilities
NH-HMIS Annual Privacy and Security Training 9/2018

28 Confidentiality Confidentiality ensures the level of privacy of information All relevant State and Federal confidentiality regulations must be followed Abide by the Code of Federal Regulations, 42 CFR Part 2 when applicable (alcohol/drug abuse) Never solicit information that is not required for the system or program NH-HMIS Annual Privacy and Security Training 9/2018

29 Confidentiality (continued)
Never release information without the proper consent of the client Never leave client information displayed on the computer screen Never leave client specific documentation in work areas Always speak softly when discussing client information NH-HMIS Annual Privacy and Security Training 9/2018

30 Integrity Provides assurance of an unaltered state of information
Information entered must be truthful, accurate and complete to the best of your knowledge Never alter or overwrite data that has been entered by another Enter only clients of your agency All clients of your agency should be entered Never cause, or attempt to cause, data corruption NH-HMIS Annual Privacy and Security Training 9/2018

31 User Ethics Answer all clients questions about keeping their personal information confidential Always respect the client’s choices with regard to the collecting and sharing of their personal information Client may change their data collection and sharing preferences at any time You are responsible for entering accurate information NH-HMIS Annual Privacy and Security Training 9/2018

32 User Ethics (continued)
The HMIS database must never be used to violate any law Clients must be given a copy of their data upon written request You must allow clients to file a written complaint regarding the use or treatment of their data Never retaliate against a client for filing a complaint NH-HMIS Annual Privacy and Security Training 9/2018

33 User Responsibilities
Never share your password! Keep user names and passwords confidential and secure Only view, obtain, disclose or use information necessary to provide services Log off HMIS when leaving the area Never leave HMIS open and unattended Position the computer screen so casual viewers cannot see Store hard copies in a secure location, do not leave in public view NH-HMIS Annual Privacy and Security Training 9/2018

34 User Responsibilities (continued)
Destroy all hard copy data that is no longer required Do not discuss confidential client information with staff, clients, or family and friends Do not leave confidential client information on answering machines Failure to meet these responsibilities may breach client confidentiality and may result in account de-activation and/or other disciplinary actions Should you observe a breach of any of these responsibilities contact your Agency Administrator immediately NH-HMIS Annual Privacy and Security Training 9/2018

35 Sharing Information NH-HMIS client data can be shared with appropriate documentation NH-HMIS will not share data with other providers Client Release of Information (ROI) must be on file prior to sharing of information Client Release of Information does typically expire Agency Partner Agreements must be in place between providers prior to sharing information Some client data can be shared, while other data may not be shared (HOPWA, RHY). NH-HMIS Annual Privacy and Security Training 9/2018

36 HIPAA vs HMIS NH-HMIS gives precedence to the HIPAA privacy and security rules The HIPAA rules are more finely attuned to the requirements of the health care system The HIPAA rules provide important and adequate privacy and security protections for protected health information NH-HMIS Annual Privacy and Security Training 9/2018

37 Agency Responsibilities
NH-HMIS Annual Privacy and Security Training 9/2018

38 Agency Responsibilities
State and Federal confidentiality regulations and laws Explanation of database and terms of consent Essential information collection Signed Client Acknowledgement Form ROI mandatory for releasing information SUD ROI mandatory for SUD Providers NH-HMIS Annual Privacy and Security Training 9/2018

39 Agency Responsibilities (continued)
Annual staff confidentiality and privacy training Maintain client Consent Acknowledgement and Release of Information documentation Accurate and honest data collection Services may be contingent upon client’s participation in database NH-HMIS Annual Privacy and Security Training 9/2018

40 Summary Client confidentiality is important to the client and to the success of our programs Clients must always be treated with respect and dignity We must do everything in our power to keep the client’s information confidential We will only share client information with those agencies the client has authorized NH-HMIS Annual Privacy and Security Training 9/2018

41 Summary (continued) We will protect access to computer hardware
We will protect access to client information through user accounts and passwords We will treat all client data with care not to allow unauthorized viewing, downloading, printing, copying or recording by some other means NH-HMIS Annual Privacy and Security Training 9/2018

42 Security NH-HMIS Annual Privacy and Security Training 9/2018

43 Authorization User accounts may have different roles which determine the features to which they have access (i.e., case manager, agency admin, system admin) NH-HMIS Annual Privacy and Security Training 9/2018

44 Authentication Passwords
Users are assigned user accounts and passwords User passwords must contain between characters, two of which must be numbers User passwords expire every 45 days When a password expires you cannot use the same password NH-HMIS Annual Privacy and Security Training 9/2018

45 Computer Security Protect the computer hardware and software from abuse or theft Place the computer where it will not be prone to hackers Place the computer where the screen will not be seen by non-authorized persons NH-HMIS Annual Privacy and Security Training 9/2018

46 Data Security and Integrity
HMIS will automatically log users off after a preset interval of inactivity Every client record is assigned a unique non- identifying ID User audit reports determine which user changed or added data to the system Refer to NH-HMIS User Confidentiality & Privacy Policy NH-HMIS Annual Privacy and Security Training 9/2018

47 Authentication Security
Users must log off HMIS when leaving a computer unattended Users will be automatically logged off if idol for more than 15 minutes Users must not allow the Windows system to remember passwords Three failed attempts to log on will result in account deactivation NH-HMIS Annual Privacy and Security Training 9/2018

48 Firewalls and Virus Protection
HMIS computers must have anti virus software installed Agency owned computers, used for HMIS, must be virus protected Users are responsible for checking for updates to the virus definitions Firewalls are used to protect the internal network Computers without a network firewall should have a personal firewall installed RECOMMENDED: Install the Windows firewall or your IT Department’s approved firewall. NH-HMIS Annual Privacy and Security Training 9/2018

49 Windows Maintenance Computer operating and virus protection software must be kept up-to-date NH-HMIS Administration will inform agencies of known updates Agencies should periodically check for and apply updates NH-HMIS Annual Privacy and Security Training 9/2018

50 Network Architecture NH-HMIS Annual Privacy and Security Training
9/2018

51 Key Takeaways NH-HMIS Annual Privacy and Security Training 9/2018

52 Where to Get More Information
Agency confidentiality and privacy policies NH-HMIS security policies NH legal assistance Forms, documentation, and other information can be found on the HMIS website at nh- hmis.org NH-HMIS Annual Privacy and Security Training 9/2018

Download ppt "Confidentiality, Privacy & Security Annual Training"

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Patient Rights and Confidentiality. Inform Patient of their Rights  Upon admissions  Written information available in English and Spanish  Non-English.

Patient Rights and Confidentiality. Inform Patient of their Rights  Upon admissions  Written information available in English and Spanish  Non-English.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.

Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
Mr. Caputo Unit #1 Lesson #7

Mr. Caputo Unit #1 Lesson #7
CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.

CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.
HMIS Homeless Management Information System. MISSION To provide standardized and timely information to improve access to housing and services, and strengthen.

HMIS Homeless Management Information System. MISSION To provide standardized and timely information to improve access to housing and services, and strengthen.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.

Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.
HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.

HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.

Similar presentations

Ads by Google