Privacy and Security Update: What Clinical Researchers Must Know
|
|
- Jeffery Ramsey
- 6 years ago
- Views:
Transcription
1 Privacy and Security Update: What Clinical Researchers Must Know Megan Morash Chair of Partners Human Research Committee Sarah E. Jordan Privacy and Security Specialist Fabio Martins Research Information Security Officer Toby Tsuchida MGH Information Security Officer
2 Agenda Concepts HIPAA Future Use Genetic Information/GINA Decedents Sale of PHI Policies and Tools Data Management (RPDR and secure Survey Tools) Data Security Review Encryption Cloud storage Approved file transfer and storage tools Securing Communications Social Media Appropriate Access 2
3 Breaches in Research ed sensitive information to patients/subjects with Carbon Copy CC instead of Blind Carbon Copy BCC Left research files on top of mailbox Unencrypted USB with sensitive information stolen Unencrypted laptops with research/patient information stolen Encrypted laptop without sleep mode screen saver enabled stolen from public area Researcher s car broken into and bag with subject information taken Access to a patient s electronic health record without a need to know 3
4 HIPAA Key Concepts How Can PHI Be Used or Disclosed for Research? 1. Authorization 2. Waiver of authorization by IRB 3. De-identification Remove all 18 HIPAA identifiers 4. Limited Data Set (Dates and Zip codes only) 4
5 Authorization Written authorization to use/disclose PHI for research Merged into the written informed consent IRB templates Every research subject and/or patient must receive a copy of the Privacy Notice Compound Authorization 5
6 Use/Disclosure of PHI for Future Research Authorization to use PHI for future research studies, adequately described reasonable for the individual to expect that his or her PHI could be used or disclosed for such future research Obtain upfront authorization for future, unspecified uses and disclosures pursuant to certain conditions 6
7 Waiver of Authorization 1. The research involves no more than minimal risk to the privacy of the subjects 2. The research could not practicably be carried out without the waiver or alteration 3. The research could not practicably be conducted without access to and use of this identifiable information 7
8 De-identification 1.Safe harbor method = remove all 18 HIPAA identifiers 2.Expert determination method = statistical methods used to render the information not individually identifiable. 8
9 Limited Data Set / Data Use Agreement Limited Data Set (LDS) health information + dates and/or zip codes/ city/town names; all other identifiers removed Limited Data Set is still PHI, just fewer requirements HIPAA LDS Data Use Agreement required The PI can sign an outgoing LDS DUA if template used 9
10 Genetic Information Genetic information is not Protected Health Information (PHI) unless it also includes one or more of the 18 HIPAA identifiers GINA prevents health plans from discriminating based on genetic information 10
11 Decedents Individually identifiable health information of a person who has been deceased for more than 50 years is no longer considered PHI Facilitates historical/archival work Competing interest: privacy of still-living relatives 11
12 Sale of PHI Disclosure of PHI to Researcher Reasonable, cost-based fees Labor, materials and supplies for generating, storing, retrieving and transmitting PHI Related capital and overhead costs Does NOT include PHI transfer under research grant or contract 12
13 Research Patient Data Repository Clinical data registry Online query tool Aggregate patient totals Limited dataset Identifiable data Why use this? Efficient Automated security measures 13
14 Secure Survey Tools and EDC REDCap (free) StudyTRAX (at cost) LimeSurvey (free) 14
15 What is a Data Security Review? Who is monitoring/responsible (qualifications)? Vendors/websites Physical locations of data storage Encryption methods Instruction/Education to participants BAAs Password Management, Access Audit Controls Data backups/recovery Data Retention policy Special issues with use of Mobile Devices Anti-Virus Settings 15
16 Encryption Any mobile device* used for any Partners/MGH business must be encrypted. This policy applies- Both to devices issued by Partners and devices you own When accessing Partners systems such as *applicable devices include laptops, netbooks, smart phones, tablets, etc. 16
17 Encryption Misconceptions My laptop is password protected; I thought that was encryption. 17
18 Encryption Misconceptions I bought my laptop, new, last month directly from the Apple store. I was told it had encryption built in. I didn t know I had to do anything. 18
19 Encryption Misconceptions I make sure I use VPN or GoToMyPC every time. My computer is secure. 19
20 Cloud Computing 20
21 Partners Approved File Storage and Transfer Approved options: Information regarding data storage and backup options for research is available here: Transfer files using an encrypted USB or external drive Secure File Transfer and Collaboration Information about secure file transfers and collaboration can be found here: To use the Secure File Transfer and Collaboration tool, follow this link: 21
22 22
23 DropBox Business DropBox Business is approved for workforce use. Features: Your personal DropBox may not be used for PHI or confidential information. Your institution has agreed to pay for it. Encrypted Compliant with Partners policies and procedures Unlimited storage Contact your Service Desk for a DropBox Business account. DropBox Business knowledge link: 23
24 Securing Communications Sending inside Partners Sending outside Partners Procedure (How to Protect and Secure the ) sent from one Partners.org address to another Partners.org address is secure because it is behind the firewall Sending outside Partners could mean ing with patients/subjects or external business partners ing with Patients: Patient Gateway is the preferred patient communication tool and is a secure alternative to . If you need to use to communicate with patients/subjects, use send secure to encrypt the message ing with External Business Partners (You@Partners.org Sponsor@Novartis.com) s sent outside of PHS firewall that contain Confidential Data must be encrypted. Encryption can be accomplished by: (1) send secure; or (2) secure tunnel (a list of the entities we have a secure tunnel with is available at Remember: subject lines are never encrypted. Never include Confidential Data in the subject line. 24
25 Social Media Who can view? Not only you 25
26 Why use Social Media? HEALTH: A top reason for Internet use Expand reach Low Cost Increase access to information Pre-eligibility selfscreening Patients want information and contact with others about their disease/condition Keep participants interested and engaged It s cool Target population Social media may not be used for human subjects research activities unless specifically approved by the IRB. 26
27 By Gleeson Rebello 27
28 28
29 Appropriate Access Curiosity can kill careers. Make sure your only access is appropriate access 29
30 Navigating Access Did you know? Access starts with search 30
31 Searching VIPs, friends and coworkers Does this count as access? 31
32 Break the Glass Does this count as access? 32
33 Appropriate Access 33
34 Inappropriate Access Access to PHI is not appropriate if you do not need to know it to do your job. 34
35 Self Audit Tool Screenshot All Partners / MGH employees can monitor access to their own electronic health record. Concerns? Contact the Privacy Office:
36 Resources Partners Human Research Committee HIPAA Page: MGH Privacy and Security Intranet Page: Partners Information Security and Privacy Office Page (Partners Pulse): 36
37 Open Discussion, Questions Megan Morash Sarah E. Jordan Fabio Martins Toby Tsuchida Contact Us! Intranet: 37
HIPAA and HIPAA Compliance with PHI/PII in Research
HIPAA and HIPAA Compliance with PHI/PII in Research HIPAA Compliance Federal Regulations-Enforced by Office of Civil Rights State Regulations-Texas Administrative Codes Institutional Policies-UTHSA HOPs/IRB
More informationHIPAA and Research Contracts JILL RAINES, ASSISTANT GENERAL COUNSEL AND UNIVERSITY PRIVACY OFFICIAL
HIPAA and Research Contracts JILL RAINES, ASSISTANT GENERAL COUNSEL AND UNIVERSITY PRIVACY OFFICIAL Just a Few Reminders HIPAA applies to Covered Entities HIPAA is a federal law that governs the privacy
More informationPROTECTING PHI WITH BOX HEALTH DATA FOLDERS POLICIES AND GUIDELINES
PROTECTING PHI WITH BOX HEALTH DATA FOLDERS POLICIES AND GUIDELINES March 15, 2018 Table of Contents Introduction 2 Key points to remember:... 2 Applying for a BHDF... 2 Box Security Settings 3 Folder
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More informationUniversity of Mississippi Medical Center Data Use Agreement Protected Health Information
Data Use Agreement Protected Health Information This Data Use Agreement ( DUA ) is effective on the day of, 20, ( Effective Date ) by and between (UMMC) ( Data Custodian ), and ( Recipient ), located at
More informationResearch Data Security Plan (RDSP) Reviewer Training
Research Data Security Plan (RDSP) Reviewer Training January 6, 2014 Duke Medicine Information Security Office DATA CLASSIFICATION: PUBLIC RDSP Purpose Institutional oversight and management of Research
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationBoerner Consulting, LLC Reinhart Boerner Van Deuren s.c.
Catherine M. Boerner, Boerner Consulting LLC Heather Fields, 1 Discuss any aggregate results of the desk audits Explore the Sample(s) Requested and Inquire of Management requests for the full on-site audits
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationBeam Technologies Inc. Privacy Policy
Beam Technologies Inc. Privacy Policy Introduction Beam Technologies Inc., Beam Dental Insurance Services LLC, Beam Insurance Administrators LLC, Beam Perks LLC, and Beam Insurance Services LLC, (collectively,
More informationEnviro Technology Services Ltd Data Protection Policy
Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:
More informationDealing with Sensitive Data: Helping You Protect You
Dealing with Sensitive Data: Helping You Protect You Why the Focus on Data Security? Because some data collection and use is federally regulated, and data security is a core regulatory component. Ignoring
More informationMobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services
Augusta University Medical Center Policy Library Mobile Device Policy Policy Owner: Information Technology Support and Services POLICY STATEMENT Augusta University Medical Center (AUMC) discourages the
More informationHospital Council of Western Pennsylvania. June 21, 2012
Updates on OCR s HIPAA Enforcement and Regulations Hospital Council of Western Pennsylvania June 21, 2012 Topics HIPAA Privacy and Security Rule Enforcement HITECH Breach Notification OCR Audit Program
More informationPhysician Office Name Ambulatory EHR Security Risk Analysis
Process is in place to verify access granted is appropriate (ie: Role Based access indicates that the biller has access to billing screens and the nurse has access to the patient medical information).
More informationSocial Media and Texting: A Growing Concern
Social Media, Care Providers Texting: How Do You Protect PHI? HCCA Compliance Institute Monday, April 18, 2016 Presented By: Donna Thiel, VP & CCO, Fortis Management Group, LLC Craig Day, Esq., Lane Powell
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationHIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders
HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationHIPAA Privacy and Security Training Program
Note The following HIPAA training is intended for Vendors, Business Associates, Students, Pre Approved Shadowers, and Visitors. The following training module does not provide credit for annual training
More informationPrivacy and Security for the Medical Student. HIPAA Compliance Audit and Compliance Services Mount Sinai Health System
Privacy and Security for the Medical Student HIPAA Compliance Audit and Compliance Services Mount Sinai Health System Table of Contents 1. Confidential and Protected Information 2. Access, Use, Disclosure
More informationCERT Symposium: Cyber Security Incident Management for Health Information Exchanges
Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,
More informationIAM Security & Privacy Policies Scott Bradner
IAM Security & Privacy Policies Scott Bradner November 24, 2015 December 2, 2015 Tuesday Wednesday 9:30-10:30 a.m. 10:00-11:00 a.m. 6 Story St. CR Today s Agenda How IAM Security and Privacy Policies Complement
More informationPRIVACY POLICY QUICK GUIDE TO CONTENTS
PRIVACY POLICY This privacy policy describes the policies and practices of Comodo Security Solutions, Inc. and Comodo Security Solutions Ltd. (collectively and individually referred to herein as "Comodo"),
More informationPEDs in the Workplace: It s a Mad, Mad BYOD World
PEDs in the Workplace: It s a Mad, Mad BYOD World Technology in the Workplace Technology in the workplace has transformed over the years from this The World s First Computer (1946) 2015 Snell & Wilmer
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationPOLICY. Create a governance process to manage requests to extract de- identified data from the Information Exchange (IE).
Academic Health Center Office of Biomedical Health Informatics POLICY Extraction of De- Identifiable Data from the Information Exchange Approved Proposal Purpose Create a governance process to manage requests
More information3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/
Compliance Institute Session 501: Implementing a System-Wide Access Monitoring Program Brian D. Annulis Meade, Roach & Annulis, LLP Aegis Compliance & Ethics Center, LLP 4147 N. Ravenswood Avenue Suite
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationHIPAA 101: What All Doctors NEED To Know
HIPAA 101: What All Doctors NEED To Know 1 HIPAA Basics HIPAA: Health Insurance and Portability Accountability Act of 1996 Purpose: to protect confidential information through improved security and privacy
More informationThe NIH Collaboratory Distributed Research Network: A Privacy Protecting Method for Sharing Research Data Sets
The NIH Collaboratory Distributed Research Network: A Privacy Protecting Method for Sharing Research Data Sets Jeffrey Brown, Lesley Curtis, and Rich Platt June 13, 2014 Previously The NIH Collaboratory:
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is
More information(Provide name and role/title as identified in the study protocol, (a backup data custodian is recommended but not required))
UHealth Research Data HSRO Security Assessment Version: 1.0 Study Number: Study Title: Date: Last Update/Review Date: Review Cycle: Annual Primary Data Custodian: (Provide name and role/title as identified
More informationNeil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016
Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Agenda Why Breaches Matter to the ITAM group The cost
More informationDealing with Sensitive Data: Helping You Protect You
Dealing with Sensitive Data: Helping You Protect You Why the Focus on Data Security? Because some data collection and use is federally regulated, and data security is a core regulatory component. Ignoring
More informationTexas Health Resources
Texas Health Resources POLICY NAME: Remote Access Page 1 of 7 1.0 Purpose: To establish security standards for remote electronic Access to Texas Health Information Assets. 2.0 Policy: Remote Access to
More informationHealthcare in the Public Cloud DIY vs. Managed Services
Business White Paper Healthcare in the Public Cloud DIY vs. Managed Services Page 2 of 9 Healthcare in the Public Cloud DIY vs. Managed Services Table of Contents Page 2 Healthcare Cloud Migration Page
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationHIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER
HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER Researchers Must Ensure... Electronic Protected Health Information (ephi) in their possession or under their control is secured from unauthorized
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationI. INFORMATION WE COLLECT
PRIVACY POLICY USIT PRIVACY POLICY Usit (the Company ) is committed to maintaining robust privacy protections for its users. Our Privacy Policy ( Privacy Policy ) is designed to help you understand how
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationSample Security Risk Analysis ASP Meaningful Use Core Set Measure 15
Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15 Risk Analysis with EHR Questions Example Answers/Help: Status What new electronic health information has been introduced into my practice
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationUpdate on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016
Update on HIPAA Administration and Enforcement Marissa Gordon-Nguyen, JD, MPH October 7, 2016 Updates Policy Development Breaches Enforcement Audit 2 POLICY DEVELOPMENT RECENTLY PUBLISHED: RIGHT OF ACCESS,
More informationHMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING. Created By:
HMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING Created By: Overview The purpose of this presentation is to emphasize the importance of security when using HMIS. Client information
More informationAccessing Encrypted s Guide for Non-NHSmail users
Accessing Encrypted Emails Guide for Non-NHSmail users April 2017 Version 2.1 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationInside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: Can serve as annual HIPAA training for physician practice
More informationDATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE
DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationIRB RESEARCH REPOSITORY COMPLIANCE PROGRAM. FAQs: Designing and Managing Repositories. Compliance Deadline: August 31, 2011
IRB RESEARCH REPOSITORY COMPLIANCE PROGRAM FAQs: Designing and Managing Repositories Compliance Deadline: August 31, 2011 Susan Bankowski, MS, JD IRB Chair Kathryn Schuff, MD, MCR IRB Co-Chair Agenda Review
More informationCloud and Self-hosted Bitrix24 at a glance. Bitrix24
Bitrix24 Cloud and Self-hosted Bitrix24 at a glance In the Cloud Self-hosted version Communication Tools Free Standard Professional Activity Stream + + + + + Publish external data to Activity Stream -
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationDavid C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017
David C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017 Privacy and security of patient information held by health care providers remains a concern of the federal government. More resources
More informationIBM Cloud Service Description: Watson Analytics
IBM Cloud Services Agreement IBM Cloud Service Description: Watson Analytics The following is the Service Description for your Order: 1. Cloud Service The Cloud Service offering is described below, portions
More informationSHS Annual Information Privacy and Security Training
SHS Annual Information Privacy and Security Training Purpose for Training Samaritan Health Services has created the following training to meet the annual regulatory requirements for education related to
More informationInformation Handling and Classification Table
Information Handling and Classification Table Title: Information Classification and Handling Table Reference: IS-07a Status: Approved Version: 1.2 Date: March 2018 Classification: Non-Sensitive/Open Author(s)
More informationLesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)
Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA) Introduction: Welcome to Honesty and Confidentiality Lesson Three: The False Claims Act is an important part
More informationEXAMPLE 3-JOINT PRIVACY AND SECURITY CHECKLIST
Purpose: The purpose of this Checklist is to evaluate your proposal to use or disclose Protected Health Information ( PHI ) for the purpose indicated below and allow the University Privacy Office and Office
More informationSecurity Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer
Security Rule for IT Staffs J. T. Ash University of Hawaii System HIPAA Compliance Officer jtash@hawaii.edu hipaa@hawaii.edu Disclaimer HIPAA is a TEAM SPORT and everyone has a role in protecting protected
More informationBitrix24 Cloud and On-Premise Features
Updated: August 20, 2016 Bitrix24 Cloud and On-Premise Features Cloud Version On-Premise Version Free Plus Standard Professional BizPace BizPace Enterprise Communication Tools Activity Stream + + + + +
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationInformation Security BYOD Procedure
Information Security BYOD Procedure A. Procedure 1. Audience 1.1 This document sets out the terms of use for BYOD within the University of Newcastle. The procedure applies to all employees of the University,
More informatione180 Privacy Policy July 2018
e180 Privacy Policy July 2018 We are e180, the creators of Braindate. We care deeply about protecting your personal information, so we ve outlined everything you need to know about it here. Last modified:
More informationHIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016
HIPAA Faux Pas Lauren Gluck Physician s Computer Company User s Conference 2016 Goals of this course Overview of HIPAA and Protected Health Information Define HIPAA s Minimum Necessary Rule Properly de-identifying
More informationOnline Reliance System FAQs
Online Reliance System FAQs Table of Contents Online Reliance System FAQs... 1 When should the Online Reliance System be used?...3 Who can use the Online Reliance System?...3 Do I have to use the Online
More informationData Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationData protection policy
Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees
More informationVirtual Machine Encryption Security & Compliance in the Cloud
Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach
More informationGuide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com
: HIPPA Compliance GoToMyPC Corporate HIPAA Compliance Privacy, productivity and remote access 2 The healthcare industry has benefited greatly from the ability to use remote access to view patient data
More informationSecuring IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates
Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Ruby Raley, Director Healthcare Solutions Axway Agenda Topics: Using risk assessments to improve
More informationNorth Carolina Health Information Exchange Authority. User Access Policy for NC HealthConnex
North Carolina Health Information Exchange Authority User Access Policy for NC HealthConnex North Carolina Health Information Exchange Authority User Access Policy for NC HealthConnex Introduction The
More informationInformation Technology Update
Information Technology Update HIPAA SECURITY RULE Faculty and Staff Training University of South Carolina USC Specialty Clinics HIPAA Security Rule Agenda What is the HIPAA Security Rule Authority Definition
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationFrequently Asked Questions About Getting On NCAtrak
Frequently Asked Questions About Getting On NCAtrak Frequently Asked Questions About Getting on NCAtrak (technology reaching all kids) 1. What is NCAtrak? NCAtrak is a computerized, web-based case tracking
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationWithin the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):
Privacy Policy Introduction Ikano S.A. ( Ikano ) respects your privacy and is committed to protect your Personal Data by being compliant with this privacy policy ( Policy ). In addition to Ikano, this
More informationHIPAA & RESEARCH DATA SECURITY FOR BU RESEARCHERS CHARLES RIVER CAMPUS. November 14, 2017
HIPAA & RESEARCH DATA SECURITY FOR BU RESEARCHERS CHARLES RIVER CAMPUS November 14, 2017 This Training Will Cover- How HIPAA impacts human subject research What researchers need to do to protect health
More informationHIPAA UPDATE. Michael L. Brody, DPM
HIPAA UPDATE Michael L. Brody, DPM Objectives: How to respond to a patient s request for a copy of their records. Understand your responsibilities after you send information out to another doctor, hospital
More informationAgenda. BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Introduction BYOD Defined Trends By the Numbers
BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Daniel M. Briley, CISSP, CIPP Managing Director Summit Security Group Agenda Introduction BYOD Defined Trends By the Numbers Common Risks
More informationNMHC HIPAA Security Training Version
NMHC HIPAA Security Training 2017 Version HIPAA Data Security HIPAA Data Security is intended to provide the technical controls to ensure electronic Protected Health Information (PHI) is kept secure and
More informationIn order to mine data. P. Pearl O Rourke, MD Partners HealthCare Boston, MA
In order to mine data P. Pearl O Rourke, MD Partners HealthCare Boston, MA In order to mine data You need a Mine P. Pearl O Rourke, MD Partners HealthCare Boston, MA Assumptions Current science requires
More informationTITLE: HIE System Audit
TITLE: HIE System Audit Policy #: Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: May 18, 2016 Approved By: Hawai i HIE Board of Directors Table of Contents 1. Purpose 2. Scope 3. Definitions
More informationInformation Security Policy for Associates and Contractors
Information Security Policy for Associates and Contractors Version: 1.13 Date: 11 October 2016 Reference: 67972761 Location: Livelink Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationUniversal Patient Key
Universal Patient Key Overview The Healthcare Data Privacy (i.e., HIPAA Compliance) and Data Management Challenge The healthcare industry continues to struggle with two important goals that many view as
More informationUniversity of Pennsylvania Institutional Review Board
Reliance Agreement Guidance Creating Consent Templates This document provides step by step guidance on how to convert the Penn IRB approved consent form into a consent form template that can be shared
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version January 12, 2018 1. Scope, Order of Precedence and Term 1.1 This data processing agreement (the Data Processing Agreement ) applies to Oracle
More informationHIPAA and RESEARCH DATA SECURITY Boston Medical Center and Boston University Medical Campus
HIPAA and RESEARCH DATA SECURITY Boston Medical Center and Boston University Medical Campus January 2018 This Training Will Cover- What BU Medical Campus and BMC researchers need to know about HIPAA What
More informationREDCAP INTRODUCTION CLASS. November 9, 2017
REDCAP INTRODUCTION CLASS November 9, 2017 Agenda Overview Getting access Design Testing Data collection Export What is REDCap? Project Navigation How to design your variables Testing your forms, user
More information