Presentation is loading. Please wait.

Presentation is loading. Please wait.

2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives E-mailing Patient Information.

Published byAubrey Bryant Modified over 8 years ago

Similar presentations

Presentation on theme: "2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives E-mailing Patient Information."— Presentation transcript:

1 2011 SECURITY REFRESHER Information Security

2 Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives E-mailing Patient Information File Sharing Social Media

3 HIPAA Update HIPAA compliance penalties were increased in July, 2010 under the HITECH Act New Notification Requirements: 1)Civil monetary penalties significantly increased ($100-$50,000 per violation up to $1.5m/yr) 2)Unwarranted disclosure of PHI can result in criminal prosecution and imprisonment 3)A security breach resulting in compromised PHI must be disclosed to each individual within 60 days of discovery 4)If more than 500 patients are impacted, the event must be reported to the media and HHS within 60 days of discovery* 5)State Attorney Generals empowered to pursue HIPAA Violations *If <500 patients are impacted, covered entity may notify HHS of such breaches on an annual basis

4 Recent Fines for HIPPA Breaches $1m settlement with MGH in Feb 2011 (employee left a folder on a subway containing information on HIV/AIDS status of 192 patients) $4.5m fine against Cignet Health in Feb 2011, a Maryland insurance company, based on HIPAA violations and failure to cooperate with OCR’s investigation (insurer failed to provide 41 patients with their medical records within 30 day time- frame plus failure to respond to OCR request for documents) In Feb 2011, the New York municipal hospital system notified 1.7 million patients of the theft of electronic files containing PHI from the truck of a records- management service vendor  $350 million estimated cost for patient notification, setting up a call center and providing credit reporting estimate In April 2011, the Philadelphia Family Planning Council informed 70,000 clients of a HIPPA breach stemming from a stolen unencrypted flash drive

5 State Law Enforcement April 28, 2010, A former UCLA Healthcare System surgeon has been sentenced to four months in prison Illegally read private electronic medical records of  Immediate Supervisor  Co-Workers  Celebrities Read records 3 weeks after formally terminated

6 Privacy or Confidentiality From Internet Security presentation at WICS by Whit Diffie

7 Encryption Now is the time for all good men... sd84$2*q} 59(o32nvt- =gf]|@l^... Decryption Encryption Now is the time for all good men...

8 Mobile Phones and Tablets Mobile Phones and Tablets that connect to WUSM e-mail systems Must be password/pin protected Must support device encryption Must support remote wipe If your mobile device is lost or stolen you should Notify Information Security and Privacy Offices Notify your Division IT Administrator – they will remote wipe the device then contact the carrier to kill service Never text patient identifiers via text messaging or paging Call me @ xxx-xxxx Subject is ready in Room xx

9 Innocent Enough Picture

10 Let’s Try Picasa GPS Info

11 Google Earth got the Campsite

12 USB Drives You may store patient or confidential information only on USB drives that have encryption enabled or the files are encrypted. Enable Encryption means when the drive is attached to a machine that it asks you for a password before allowing you to access the information. Even if the device is encrypted notify the Information Security Office if it is lost or stolen.

13 E-Mail When is it okay to e-mail patient information Within Medical School and Hospital e-mail systems e.g. psychiatry.wustl.edu to dom.wustl.edu or bjc.org If the file is encrypted e.g. password protected excel spreadsheet Signed patient consent to interact via e-mail

14 Phishing Example

15 File Sharing/Cloud Computing Only store patient information on approved Medical School Servers Google Docs/Microsoft 365  No BAA to allow storage of patient information  Do not put patient information in calendars e.g. Google Calendar Use WUSTL Dropbox for file transfers or University SharePoint sites for collaboration  Note: The other Dropbox service allows their administrators to review the unencrypted information.

16 Doximity Not recommended for sharing confidential or protected information No BAA to send, receive or store protected information Facebook site for Physicians

17 Blogging/Twitter Student blogs about patient interaction in emergency room Was careful to not give real names or any identifiable information Mentioned that child was of Asian descent and was adopted by a fireman from O’Fallon Inadvertently, provided enough information to identify the child and parents.

18 The End Questions/Comments

Download ppt "2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives E-mailing Patient Information."

Similar presentations

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.

HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.

Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Similar presentations

Ads by Google