Presentation is loading. Please wait.

Presentation is loading. Please wait.

Move this to online module slides 11-56

Published byPhoebe Welch Modified over 5 years ago

Similar presentations

Presentation on theme: "Move this to online module slides 11-56"— Presentation transcript:

1 This module focuses on Privacy, Confidentiality, and Security of Personal Health Information.
Move this to online module slides 11-56 Privacy, Confidentiality, and Security of Information: Annual Training 2018 – Part 3

2 Keeping Electronic Communication Secure
Sign off computer terminals after completing your work Select strong passwords Don’t share passwords EVER It’s important to sign off computer terminals after completing work because all accesses of a patient record and any documentation are tracked to the current login of the terminal. In the case of a lawsuit against the Hospital staff involved would be tracked in large part by documentation in the electronic health record.

3 Use is not to be used as the primary method of communication for PHI due to potential risk for privacy breach Refer to SMGH Privacy and Acceptable Use policies for guidance. Click on the following link to read the Acceptable Use Policy Read slide

4 Disposing of Confidential Information
All confidential information must be placed hospital grey “shred it” confidential bins “Open” Confidential waste bins must be stored in secure areas Confidential waste must be emptied regularly into locked shredding containers Read slide

5 Privacy Breaches – From the Headlines..
These are just a few examples of patient privacy breeches and the consequences that can result.

6 Examples of Privacy Breaches
Lost records, files, documents Stolen-theft of computer Accessing Meditech to view any information about family & friends Accessing your own or a family member’s record in Meditech and/or Clinical Connect Accessing a patient’s record after they have left your care. Inappropriate disclosure such as disposal of hard copy PHI or faxing/mailing errors Read slide

7 How to Access Your Own Hospital Records at SMGH
To access or get copies of your own hospital records you must complete a Release of Information form in Health Records (or on smgh.ca). You can request an audit to see who has accessed your own hospital patient record anytime by contacting the Chief Privacy Officer. Read slide

8 Duty to Report if You Become Aware of a Privacy Breach
If you become aware of patient information being lost, stolen, shared or accessed by an unauthorized person, you have a duty to notify your Manager, or the Chief Privacy Officer as soon as possible, providing: date and time the actual or suspected privacy breach occurred general description of the privacy breach the immediate steps that will be or have been taken to contain and remedy the breach Read slide

9 Consequences of a Privacy Breach
People who commit a privacy breach face one or more of the following consequences: Read slide

10 Disciplinary Action $100,000 and SMGH can be fined $500,000. And
Loss of employment/affiliation Report to your professional college You can personally be fined up to: $100,000 and SMGH can be fined $500,000. And If you fail to maintain privacy and confidentiality at SMGH this information will be placed on your personnel file in Human Resources. Read slide

11 Mandatory Privacy Breach Reporting
Effective 1 Oct 2017, the Ontario government amended the Personal Health Information Protection Act. Under section 12(3) of the act and its related regulation, health information custodians (such as hospitals, medical offices, and others who deal with patient health information) will be required to report certain privacy breaches to the Information and Privacy Commissioner. These amendments are designed to better protect patient privacy and improve accountability and transparency in the health care system. Legislation has recently been tightened.

12 Mandatory Reporting of Breaches to the Privacy Commissioner:
Use or disclosure without authority: i.e. - where the person committing the breach knew or ought to have known that their actions are not permitted either by the act or SMGH. Stolen information: i.e. - where someone has stolen paper records or a laptop or other electronic device; patient information is subject to a ransomware or other malware attack; or where the information has been seized through use of a portable storage device. Further use or disclosure without authority after a breach: i.e. where following an initial privacy breach, the information was or will be further used or disclosed without authority. Pattern of similar breaches: i.e. - a letter to a patient inadvertently included information relating to a different patient. Over a few months, the same mistake is repeated several times because an automated process for generating letters has been malfunctioning for some time. Read slide

13 Mandatory Reporting of Breaches to the Privacy Commissioner:
5. Disciplinary action against a college member: i.e. - a duty to report an employee or other agent to a health regulatory college also triggers a duty to notify the Commissioner. 6. Disciplinary action against a non-college member: i.e. - in the same circumstances that would have triggered notification to a college, also 7. Significant breach: i.e. – a breach involving many patients, whose information has potentially been made widely available. Read slide

14 Privacy Audits Privacy audits are done weekly to monitor who is accessing patient information and which screens are being viewed Managers are notified of any potential privacy breaches Managers meet with the identified staff, Human Resources (and union representatives where applicable) and the Chief Privacy Officer to review the potential privacy breach and determine next steps Read slide

15 PHIPA FAQ A comprehensive guide on:
interpretation and application of PHIPA practices to protect PHI consent concerning PHI collection, use and disclosure of PHI fundraising and marketing research Ontario health cards and health numbers access to records of PHI and correction administration and enforcement Read slide

Download ppt "Move this to online module slides 11-56"

Similar presentations

Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Kathy O’Brien NEON and NORrad – Current PHI Sharing and How Best to Comply with PHIPA August 26, 2004.

Kathy O’Brien NEON and NORrad – Current PHI Sharing and How Best to Comply with PHIPA August 26, 2004.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA Privacy & Security EVMS Health Services 2004 Training.

HIPAA Privacy & Security EVMS Health Services 2004 Training.
SECURITY: 2014. Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Practical Information Management

Practical Information Management
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Similar presentations

Ads by Google