Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrated Security & Confidentiality (S&C) Guidelines Across Programs: It Does Work National Security & Confidentiality Guidelines Webinar April 10, 2012.

Published byErika Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "Integrated Security & Confidentiality (S&C) Guidelines Across Programs: It Does Work National Security & Confidentiality Guidelines Webinar April 10, 2012."— Presentation transcript:

1 Integrated Security & Confidentiality (S&C) Guidelines Across Programs: It Does Work National Security & Confidentiality Guidelines Webinar April 10, 2012 Dena Bensen, MPH VA HIV Surveillance Program Director Virginia Department of Health

2 Outline 1. VA program background 2. Keys to successful S&C implementation 3. S&C guidelines facilitate data sharing 4. Data sharing examples 5. Annual training importance 6. Applying the guidelines to specific program examples 7. Summary

3 Virginia: Integrated Programs Agency (VDH):  Same new employee background screening  Same new employee orientation materials Division of Disease Prevention (DDP):  Integrated HIV/STD program since 1980’s, with Hep C & TB programs later added  Sign same S&C program guidelines/policy  Same Overall Responsible Party (ORP) (Division Director)

4 Keys to Successful Implementation Have the Division/Office Director involved Get all program partners at the same table Conduct initial assessment Obtain feedback from all staff  Data Entry Tech to Program Coordinator  Is it realistic for the end users? Regroup after initial assessment Listen & validate concerns

5 Keys to Successful Implementation, cont. Be realistic & compromise “Let go” the idea that your data or program is more important than other programs Put your guidelines in writing Revise your plan as needed Learn from errors & unexpected situations  Add new guidance, policy & examples to manual  If it happens once, it can happen again

6 S & C Guidelines Facilitate Data Sharing Written standards facilitate data sharing between programs  You will be comfortable your data is protected  Define uses of data sharing specific to the program & program need PCSI Duplication of limited resources (data collection) Enhance data & program quality Increases use of data for public health action

7 Data Sharing Examples VA HIV Surveillance & DDP program staff share data based on need: TB - File exchange of specific data fields STD-MIS - HIV surveillance “read” access to STD-MIS to make HIV case report & obtain risk factor - ADAP - Fields for case finding & improved data completeness of race, sex, risk

8 Data Sharing Examples, cont. Partner Services  Multiple STD staff have limited “read” access to HIV Surveillance database (eHARS) for “record searching” patients for: - Internal use (e.g., complete Field Records) - Local health department Disease Intervention Specialists (DIS) & Partner Services (e.g., previously reported/tested?) Care/Ryan White  Access of limited Ryan White staff to eHARS HIV Surveillance data for timely assessment of “in care”

9 Data Sharing Examples, cont. HIV Surveillance matches with:  Vital Records - Requires MOA - Describes specific variables to share  Cancer - Requires S&C signing, data recipient agreement, & allowed uses

10 Data Sharing & Lessons Learned Share only “need to know” data Limit database access to read only Ideally export required variables to file  Create SQL table of specific variables vs. access to entire database Maps: small numbers?  Then don’t post on walls  Consider who comes into your office

11 Provide reasonable safeguards for securing confidential & sensitive information Ensure new technologies are addressed Address policy & program process changes in writing Allows supervisors to address  Intentional breach  Unintentional breach  Good vs. poor judgment Annual retraining is important

12 Why specify Your Guidelines in Writing? Email Physical/building security Field work Phone Fax Mail What is good judgment to one person is not the same for everyone.

13 Specify Guidelines in writing: Ex. Email Security Provide employee guidance:  Notify supervisor of a possible email  But don’t forward email breach (e.g., patient name/identifier)  Notify sender (but don’t hit reply to email)  Employees & providers should not email patient names/lists or other patient identifiers Recommend email signature tagline  Borrowed from Texas Medical Monitoring Project : Please do not reply to this email with any patient identifying information. This includes: Name, Phone Number, DOB, Address & Medical Record Number. Please call my confidential line at (804) 864-XXXX to coordinate this exchange. Thank you.

14 Lost patient data in the news Sent: Saturday, February 26, 2011 10:29 AM Subject: more on HIPAA violations Today's Top News 1. Patient info lost on subway earns MGH $1 million HIPAA finePatient info lost on subway earns MGH $1 million HIPAA fine XX State General Hospital will pay the U.S. government $1 million to settle what the feds are calling "potential violations of the HIPAA Privacy Rule," according to a statement issued by the U.S. Department of Health and Human Services. The case involves patient information that an employee left on the subway. This marks the second fine related to HIPAA noncompliance in a week.

15 Take home messages Have the Division/Office Director involved &/or make decisions Define what variables to share with each data exchange Document your breach procedure (e.g., email) before it happens to prevent a breach! Ongoing communication  Can occur even if not in same building Don’t have time/$$ to compile the S&C procedures? Hire a contractor  Perform assessment  Write policies

16 Questions Dena.bensen@vdh.virginia.gov 804-864-7959

Download ppt "Integrated Security & Confidentiality (S&C) Guidelines Across Programs: It Does Work National Security & Confidentiality Guidelines Webinar April 10, 2012."

Similar presentations

CDC EHDI RESOURCES for States. CDC EHDI Website CDC EHDI Website Purpose: To provide up-to-date.

CDC EHDI RESOURCES for States. CDC EHDI Website CDC EHDI Website Purpose: To provide up-to-date.
Training for the Work-Study Supervisor

Training for the Work-Study Supervisor
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Using Data for Programs:

Using Data for Programs:
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
U SE OF P ERSON -S EARCHING S OFTWARE (A CCURINT ) FOR HIV S URVEILLANCE P URPOSES Thomas J. Shavor, MBA, MPH Epidemiology Director, HIV/STD Programs Tennessee.

U SE OF P ERSON -S EARCHING S OFTWARE (A CCURINT ) FOR HIV S URVEILLANCE P URPOSES Thomas J. Shavor, MBA, MPH Epidemiology Director, HIV/STD Programs Tennessee.
Developmental Work Toward Implementation of a Master Patient Index Technical Perspectives and Lessons Learned from North Carolina “Working for a healthier.

Developmental Work Toward Implementation of a Master Patient Index Technical Perspectives and Lessons Learned from North Carolina “Working for a healthier.
FERPA The Family Educational Rights and Privacy Act.

FERPA The Family Educational Rights and Privacy Act.
1.  Incident reports should be written only when you are sure that a persons rights have been violated. True False  Full names of consumers should never.

1.  Incident reports should be written only when you are sure that a persons rights have been violated. True False  Full names of consumers should never.
Utilizing the Internet for Partner Notification Patti Constant, MPH STD & HIV Section Infectious Disease Epidemiology, Prevention & Control Division Minnesota.

Utilizing the Internet for Partner Notification Patti Constant, MPH STD & HIV Section Infectious Disease Epidemiology, Prevention & Control Division Minnesota.
Christina Williamson, DHA(c),MSN, RN-BC Veterans Healthcare System of the Ozarks.

Christina Williamson, DHA(c),MSN, RN-BC Veterans Healthcare System of the Ozarks.
Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.

Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.

Similar presentations

Ads by Google