Preventing Breaches When Using , Telephone and Fax Machines
|
|
- Eric Jeremy Rose
- 5 years ago
- Views:
Transcription
1 Preventing Breaches When Using , Telephone and Fax Machines Harley HIPAA Presented by the UAMS HIPAA Office, July 26, 2011
2 Breach Reporting When a use or disclosure occurs that is not allowed by HIPAA, UAMS may be required to notify the patient and report the breach to the Office of Civil Rights. We may also be required to notify the media. All breaches must be reported to the UAMS HIPAA Office immediately.
3 What is a Breach? A use or disclosure of PHI that is not permitted by the Privacy Rule. For example: A UAMS employee accesses the record of a patient outside the performance of their job duties An unencrypted laptop containing PHI is lost or stolen PHI is sent to the wrong address PHI is sent to the wrong fax, mailing address or printer
4 Exceptions Exceptions there are certain types of uses of disclosures that do not meet the definition of a breach. These exceptions are : Unintentional use by a UAMS workforce member that does not result in the PHI being further used or disclosed. For example, a nurse accidentally clicks on the wrong patient s name in WebChart, pulls up that patient s record, realizes that she is in the wrong patient s chart, and closes the record. Unauthorized disclosure to an individual who cannot possibly retain it. For example, when checking a patient in, you accidentally hand the patient a registration packet that belongs to someone else, but you realize your mistake and immediately retrieve the information.
5 Real Life Example Backup tapes containing patient health records were stolen out of a truck belonging to a hospital s contractor. The hospital had to send notification letters to 1.7 million patients, notify the media, and report the loss to the OCR. The letters had to be translated into 17 languages and credit monitoring services were offered to all 1.7 million patients, at a total estimated cost of $350 Million. 5
6 How can you help? Notify the UAMS HIPAA Office as soon as you suspect a possible breach. The HIPAA Office will then determine if an actual breach has occurred and take care of the notification process. Help us keep patient contact information current. Follow your department s documentation requirements. Take steps to prevent breaches from happening in your department. When in doubt, contact us.
7 UAMS Policy The patient s address is part of the patient s Protected Health Information and must be protected as any other PHI in accordance with all applicable laws, regulations and UAMS policies. For Protected Health Information (PHI) that is subject to the minimum necessary requirements of the HIPAA regulations, reasonable efforts must be made to limit the use or disclosure of, and requests for, PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. Policy Minimum Necessary 7
8 UAMS Policy Confirm the address before sending any containing Confidential Information or ephi, to ensure there are no typographical errors. Caution should be taken when using distribution lists or forwarding s that contain Confidential Information and ephi. UAMS may not be auto-forwarded to any non- UAMS account, including but not limited to personal and commercial accounts such as AOL, Yahoo, or MSN, with the exception that UAMS may be autoforwarded to VA and Arkansas Children s Hospital accounts. 8
9 UAMS Policy Provider Communication with patients: Any ephi originated by UAMS must be encrypted when being sent via . UAMS takes the steps necessary to secure e- mail and other computer messages, but no one can guarantee the security and privacy of messages. Use caution when sending highly sensitive information communication is a convenience for the patients and should not be used for emergencies or time-sensitive situations. 9
10 UAMS Policy Provider Communication with patients: Before sending the containing Confidential Information or ephi, confirm the address to ensure it does not contain any typographical errors. messages must include (a) information in the subject line, such as prescription refill, appointment request or other information generally describing the purpose of the ; and (b) patient name, telephone number and patient identification number in the body of the message. Clinically relevant messages and responses will be documented in the patient s medical record. 10
11 UAMS Policy Encryption: is secured automatically inside the UAMS network. Any e- mails sent outside of the UAMS network containing Confidential Information, including ephi, must be encrypted. It is recommended that the UAMS workforce utilize the enterprise secure gateway solution. This is easily accomplished by clicking on the mark secure button provided on the standard toolbar in Outlook, or The word [secure] typed with the brackets into the subject line will also encrypt the message Communication with other organizations in many cases will be set up for automatic encryption and a list of these organizations will be provided agedeliveryinstructions.html 11
12 Use the Mark Secure Button 12
13 Type [Secure] 13
14 Privacy & Security Safeguards Verification of Identity Faxing Policy and Form 14
15 For every request for information, ask yourself Who am I speaking with? Who is requesting the information? What is his/her authority to have the information? Who is the patient? What information is being requested? What is the purpose of the request? Are there any restrictions in place regarding release of this patient s information?
16 Verify Identity of Requestor if not known to you Caller s name Company name/relationship to patient Phone number When in doubt, call the phone number for the entity requesting the information or have them fax a written request on company letterhead 16
17 Verifying identity of patient Obtain any 3 of the following patient items: Full name Date of Birth Last 4 digits of SS number One additional piece of information such as address, phone, acct number (Note: It is better to have them provide information to you rather than saying Do you still stay on XYZ road? ) 17
18 Patient s Right to PHI With a few exceptions, patients or their legal representatives, have a right to copies of their medical record, including billing records, within 30 days of requesting them. Patients have a right to electronic copies of their records. 18
19 Use and Disclosure Generally, you may use and disclose PHI for treatment, payment and healthcare operations (TPO) of our organization WITHOUT patient authorization. Most of your uses (within UAMS) and disclosures (outside UAMS) of PHI for TPO, will be for Treatment purposes. 19
20 Patient Authorization HIPAA generally requires that a patient sign an Authorization for disclosures (sharing protected health information PHI with someone outside of UAMS) made for purposes other than TPO Use your Authorization check list to make sure the Authorization is valid. Make sure the authorization has not expired and is signed by the patient or the patient s documented legal representative. There are certain exceptions to this rule, such as when the disclosure is required or permitted by law, and an authorization is not required in those cases.
21 An Example of When an Authorization Is Not Required Subpoenas for Parties in Litigation One of the following is required: Patient authorization, or Court order, or Adequate assurances that the party whose PHI is requested has been given notice of the request with adequate time to object, and that no objection was made
22 Sharing information with Family and Friends Involved in the Patient s Care You may share information directly relevant to the person's involvement with the patient s care or for payment related to care under the following circumstances: If the patient is present or otherwise available prior to the disclosure, you must: Obtain the patient s agreement or Provide the patient an opportunity to object, and they do not or Using professional judgment, reasonably infer from the circumstances that patient does not object.
23 If the patient is not available or is incapacitated If there appear to be extenuating circumstances, for example the patient is incapacitated and doesn t have a legal representative to act on their behalf, staff should seek assistance from their supervisor or use professional judgment. 23
24 Patient s Legal Representative The person is authorized by law to act on behalf of the patient in connection with the patient s health care decisions, such as: Parent of their minor child; Court-appointed Guardian of a minor; A person legally acting as the parent in Loco Parentis Court-appointed Guardian of an elderly or incapacitated person; Appointed by the patient to act as their attorney-in-fact in a Durable Power of Attorney with health care rights; Appointed by the patient in a Health Care Proxy; 24
25 Legal Representatives - continued Court-appointed Administrator or Executor or Personal Representative of the Estate of a deceased patient. A guardianship or a power of attorney (or any other grant of authority by the patient) are no longer effective upon death. No will is effective until probated. For other examples, regarding persons of unsound mind, permanently unconscious or terminally ill, or other incapacitated persons see section 5 - Disclosures to Patient s Legal Representatives, - in the Use and Disclosures of PHI Policy in the Administrative Guide.
26 Requests by Parents of Minors A divorced parent who does not have custody of the minor child is still the minor s parent, and is entitled to all PHI concerning their minor child unless the parental rights have been revoked by court order. Check for documentation in our systems that the requestor is the parent. 26
27 If Documentation is not Available Explain that information may only be released to the parent or other legal representative. Ask the requestor to provide a copy of the child s birth certificate which documents their relationship, other legal documentation or have the parent or legal representative who is in the record sign an authorization for the release. 27
28 28 UAMS Faxing Policy Confidential data should be faxed only when mail will not suffice. Faxes containing PHI and other confidential information must have an official UAMS fax cover sheet. Reconfirm recipient s fax number before transmittal. Confirm receipt of fax Notify your supervisor/hipaa Office immediately if a fax is sent in error.
29 Printed PHI When retrieving information from the printer and sending information, check every page to make sure it is the correct patient. Also make sure other patients information is not included on the page. Don t leave PHI lying around where others can see it. Don t put PHI in the regular trash. Shred or place in the privacy bins. 29
30 Electronic PHI Minimize your computer screen if someone walks up Log off or lock your computer prior to stepping away from it Encrypt any containing PHI sent outside UAMS intranet. All computers and laptops and thumb drives containing PHI must be encrypted. 30
31 Why would the HIPAA Office call me? Access to patient records is monitored If your name is on an audit report, and the appropriateness is not readily apparent to the auditors, you or your supervisor will be contacted This is routine follow-up and is done for physicians, students and staff. 31
32 Why would the HIPAA Office call me? Access of patient records outside the performance of your job is prohibited This includes your own records and the records of: Family Friends and acquaintances Co-workers Violations of UAMS HIPAA Policies are taken so seriously that your supervisor will be notified and must impose disciplinary action 32
33
34 Social Networking Do not post photographs, video or any information about a UAMS patient through an electronic means such as social networking sites, blogs, pinging and tweeting. The only exception is a response to a UAMS patient that gives no further information about the patient. Example of a post that would violate our policy: An employee posts on her face book wall I talked to a woman today regarding her medicine for that is almost a thousand dollars. I would hate to be her.
35 UAMS has a HIPAA Team to help you: Vera Chenault, JD, UAMS Privacy Officer & Campus HIPAA Coordinator ( ) Anita Westbrook, Medical Center Privacy Officer ( ) Steve Cochran, Security Officer ( ) Bill Dobbins, Informatics Manager & Auditor ( ) Yolanda Hill, HIPAA Auditor and Investigator ( ) Tanya Mehran, HR and Training Coordinator ( )-starting 8/1/11 Scott Addison, AHEC Privacy Officer ( ) Jennifer Sharp, Research Privacy Officer ( ) The HIPAA Office is available to conduct additional training for your department, attend staff meetings to address specific issues, or conduct question and answer sessions to help clarify the HIPAA rules and UAMS Policies. To schedule an in-service or other training, please contact the HIPAA Training Coordinator at
HIPAA and Social Media and other PHI Safeguards. Presented by the UAMS HIPAA Office August 2016 William Dobbins
HIPAA and Social Media and other PHI Safeguards Presented by the UAMS HIPAA Office August 2016 William Dobbins Social Networking Let s Talk Facebook More than 1 billion users (TNW, 2014) Half of all adult
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: Can serve as annual HIPAA training for physician practice
More informationFamily Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD
Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD The UAMS HIPAA Office Heather Schmiegelow, UAMS HIPAA Privacy Officer Stephen Cochran, UAMS Security Officer Sara Thompson, HIPAA
More informationWASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information
WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7 Appropriate Methods of Communicating Protected Health Information Statement of Policy Washington University and its member organizations (collectively, Washington
More informationHIPAA UPDATE. Michael L. Brody, DPM
HIPAA UPDATE Michael L. Brody, DPM Objectives: How to respond to a patient s request for a copy of their records. Understand your responsibilities after you send information out to another doctor, hospital
More informationLesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)
Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA) Introduction: Welcome to Honesty and Confidentiality Lesson Three: The False Claims Act is an important part
More informationHIPAA: Health Insurance Portability & Accountability Act. Presented by the UAMS HIPAA Office August 2015
HIPAA: Health Insurance Portability & Accountability Act Presented by the UAMS HIPAA Office August 2015 HIPAA (not HIPPA) Is the Health Insurance Portability and Accountability Act. A federal law that
More informationHIPAA FOR BROKERS. revised 10/17
HIPAA FOR BROKERS revised 10/17 COURSE PURPOSE The purpose of this information is to help ensure that all Optima Health Brokers are prepared to protect the privacy and security of our members health information.
More informationHIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders
HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA
More informationCompliance & HIPAA Annual Education
Compliance & HIPAA Annual Education 1 The purpose of this education is to UPDATE The purpose and of this education REFRESH is to UPDATE your and REFRESH understanding understanding of: of: Aultman s Compliance
More informationHIPAA Privacy and Security Training Program
Note The following HIPAA training is intended for Vendors, Business Associates, Students, Pre Approved Shadowers, and Visitors. The following training module does not provide credit for annual training
More informationHMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING. Created By:
HMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING Created By: Overview The purpose of this presentation is to emphasize the importance of security when using HMIS. Client information
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationHIPAA For Assisted Living WALA iii
Table of Contents The Wisconsin Assisted Living Association... ix Mission... ix Vision... ix Values... ix Acknowledgments... ix Who Should Use This Manual... x How to Use This Manual... x Updates and Forms...
More informationFrequently Asked Questions. My life. My healthcare. MyChart.
Frequently Asked Questions My life. My healthcare. MyChart. My life. My healthcare. MyChart. What is MyChart? MyChart offers patients personalized and secure online access to portions of their medical
More informationHIPAA and HIPAA Compliance with PHI/PII in Research
HIPAA and HIPAA Compliance with PHI/PII in Research HIPAA Compliance Federal Regulations-Enforced by Office of Civil Rights State Regulations-Texas Administrative Codes Institutional Policies-UTHSA HOPs/IRB
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More information2017_Privacy and Information Security_English_Content
2017_Privacy and Information Security_English_Content 2.3 Staff includes all permanent or temporary, full-time, part-time, casual or contract employees, trainees and volunteers, including but not limited
More informationHIPAA Omnibus Notice of Privacy Practices
HIPAA Omnibus Notice of Privacy Practices Revised 2013 Urological Associates of Bridgeport, PC 160 Hawley Lane, Suite 002, Trumbull, CT 06611 Tel: 203-375-3456 Fax: 203-375-4456 Effective as of April/14/2003
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationInside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
More informationData Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationData Backup and Contingency Planning Procedure
HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage
More informationTexas Health Resources
Texas Health Resources POLICY NAME: Remote Access Page 1 of 7 1.0 Purpose: To establish security standards for remote electronic Access to Texas Health Information Assets. 2.0 Policy: Remote Access to
More informationSteffanie Hall, RHIA HIM Director/Privacy Officer 1201 West 12 th Emporia, Kansas ext
JOINT NOTICE OF PRIVACY PRACTICES NEWMAN REGIONAL HEALTH, NEWMAN REGIONAL HEALTH MEDICAL PARTNERS, HOSPICE, NEWMAN PHYSICAL THERAPY, COMMUNITY WELLNESS AND MEMBERS OF THE NEWMAN REGIONAL HEALTH ORGANIZED
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationHIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016
HIPAA Faux Pas Lauren Gluck Physician s Computer Company User s Conference 2016 Goals of this course Overview of HIPAA and Protected Health Information Define HIPAA s Minimum Necessary Rule Properly de-identifying
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationHIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996
HIPAA Privacy & Security Training HIPAA The Health Insurance Portability and Accountability Act of 1996 AMTA confidentiality requirements AMTA Professional Competencies 20. Documentation 20.7 Demonstrate
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationHIPAA Compliance Officer Training By HITECH Compliance Associates. Building a Culture of Compliance
HIPAA Compliance Officer Training By HITECH Compliance Associates Building a Culture of Compliance Your Instructor Is Michael McCoy Nationally Recognized HIPAA Expert » Nothing contained herein should
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationUniversity of Mississippi Medical Center Data Use Agreement Protected Health Information
Data Use Agreement Protected Health Information This Data Use Agreement ( DUA ) is effective on the day of, 20, ( Effective Date ) by and between (UMMC) ( Data Custodian ), and ( Recipient ), located at
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationElectronic Communication of Personal Health Information
Electronic Communication of Personal Health Information A presentation to the Porcupine Health Unit (Timmins, Ontario) May 11 th, 2017 Nicole Minutti, Health Policy Analyst Agenda 1. Protecting Privacy
More informationSFDPH Annual Privacy and Data Security Training Module
SFDPH Annual Privacy and Data Security Training Module FY2017-2018 Office of Compliance and Privacy Affairs (OCPA) 1 Objectives By the end of this course you will demonstrate: 1. How HIPAA privacy rules
More informationUnited States Postal Service (USPS) Employee Assistance Program
United States Postal Service (USPS) Employee Assistance Program Introduction Magellan provides an EAP for the United States Postal Service (USPS). This appendix provides important account-specific information
More informationFor any questions regarding this notice call: Meredith Damboise, Privacy Officer , ext. 17
This notice describes how information about you may be used and disclosed and how you can get access to this information. Please review it carefully. For any questions regarding this notice call: Meredith
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationInformation Technology Standards
Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this
More informationPrivacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data
Privacy Policy Datacenter.com (referred to as we, us, our, Datacenter or the Company ) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationBanner Health Information Security and Privacy Training Team. Morgan Raimo Paul Lockwood
Banner Health Information Security and Privacy Training Team Morgan Raimo Paul Lockwood PHI Storage InfoGraphics PHI Data Storage and Sharing Cybersecurity and Privacy Training and Awareness Table of Contents
More informationEmergency Nurses Association Privacy Policy
Emergency Nurses Association Privacy Policy The Emergency Nurses Association ( ENA, we, or us ) has created and posted this privacy policy in an effort to maintain efficient service while respecting your
More informationRETINAL CONSULTANTS OF ARIZONA, LTD. HIPAA NOTICE OF PRIVACY PRACTICES. Our Responsibilities. Our Uses and Disclosures
RETINAL CONSULTANTS OF ARIZONA, LTD. HIPAA NOTICE OF PRIVACY PRACTICES This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationCampus Health Your Information Your Rights Our Responsibilities
Notice of Privacy Practices Indiana University-Purdue University at Indianapolis Campus Health Your Information Your Rights Our Responsibilities This booklet describes how medical information about you
More informationHIPAA / HITECH Overview of Capabilities and Protected Health Information
HIPAA / HITECH Overview of Capabilities and Protected Health Information August 2017 Rev 1.8.9 2017 DragonFly Athletics, LLC 2017, DragonFly Athletics, LLC. or its affiliates. All rights reserved. Notices
More informationHIPAA 101: What All Doctors NEED To Know
HIPAA 101: What All Doctors NEED To Know 1 HIPAA Basics HIPAA: Health Insurance and Portability Accountability Act of 1996 Purpose: to protect confidential information through improved security and privacy
More informationHealthcare Privacy and Security:
Healthcare Privacy and Security: Breach prevention and mitigation/ Insuring for breach Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.securityprivacyandthelaw.com Boston Bar Association
More informationProtecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More information(10/17) PATIENT GUIDE
(10/17) PATIENT GUIDE Welcome to Parkview MyChart! mychart.parkview.com Welcome to your one story of care. As a patient of Parkview, you now have access to your health information from the convenience
More informationGUIDE FOR INDIVIDUALS WHO ARE THE SUBJECT OF DATA
GUIDE FOR INDIVIDUALS WHO ARE THE SUBJECT OF DATA This document explains the rights of individuals (meaning natural persons) who are the subject of MnDOT data and how those individuals can obtain public
More informationWHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty
WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationPhysician Office Name Ambulatory EHR Security Risk Analysis
Process is in place to verify access granted is appropriate (ie: Role Based access indicates that the biller has access to billing screens and the nurse has access to the patient medical information).
More information8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID
Billing & Reimbursement Revenue Cycle Management 8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID Billing and Reimbursement for Physician Offices, Ambulatory Surgery Centers and Hospitals Billings & Reimbursements
More informationHIPAA ( ) HIPAA 2017 Compliancy Group, LLC
855 85 HIPAA (855-854-4722) www.compliancygroup.com 1 Started in 2005 by HIPAA auditors & Compliance experts Market need for a total end client solution Created The Guard: cloud-based solution Compliance
More informationMobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services
Augusta University Medical Center Policy Library Mobile Device Policy Policy Owner: Information Technology Support and Services POLICY STATEMENT Augusta University Medical Center (AUMC) discourages the
More informationEffective as of May 4, 2018
Privacy Policies This document describes Wounded Warrior Project s ( WWP ) use of information regarding the warriors and families we serve, financial supporters of our mission, supporters under the age
More information3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/
Compliance Institute Session 501: Implementing a System-Wide Access Monitoring Program Brian D. Annulis Meade, Roach & Annulis, LLP Aegis Compliance & Ethics Center, LLP 4147 N. Ravenswood Avenue Suite
More informationWhat is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996.
HIPAA Training What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. It provides the ability to transfer and continue health insurance coverage for workers
More informationAUTHORIZATION TO RELEASE HEALTH INFORMATION
Request Completed Health Information Management AUTHORIZATION TO RELEASE HEALTH INFORMATION Completion of this form authorizes the use and/or disclosure (release) of individually identifiable health information,
More informationData Protection Policy
Page 1 of 6 General Statement The Local Governing Bodies of the academies have overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish
More informationDavid C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017
David C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017 Privacy and security of patient information held by health care providers remains a concern of the federal government. More resources
More informationLifeWays Operating Procedures
07-02.08 EMAIL GUIDELINES AND REQUIREMENTS I. PURPOSE To define the security, privacy and professional standards and considerations regarding electronic mail communication. II. SCOPE This procedure covers
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationBYOD (Bring Your Own Device): Employee-owned Technology in the Workplace
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org The information
More informationChange Healthcare CLAIMS Provider Information Form *This form is to ensure accuracy in updating the appropriate account
PAYER ID: SUBMITTER ID: 1 Provider Organization Practice/ Facility Name Change Healthcare CLAIMS Provider Information Form *This form is to ensure accuracy in updating the appropriate account Provider
More informationExercising Your Data Access Rights under the Personal Data (Privacy) Ordinance (Frequently Asked Questions and Answers)
Leaflet Exercising Your Data Access Rights under the Personal Data (Privacy) Ordinance (Frequently Asked Questions and Answers) Under the Personal Data (Privacy) Ordinance (the Ordinance ), an individual
More informationPresented by: Jason C. Gavejian Morristown Office
Presented by: Jason C. Gavejian Morristown Office jason.gavejian@jacksonlewis.com 973.538.6890 } Unauthorized use of, or access to, records or data containing personal information Personal Information
More informationBoerner Consulting, LLC Reinhart Boerner Van Deuren s.c.
Catherine M. Boerner, Boerner Consulting LLC Heather Fields, 1 Discuss any aggregate results of the desk audits Explore the Sample(s) Requested and Inquire of Management requests for the full on-site audits
More informationWhat is MyPalomarHealth and how will it benefit my health care? How do I access my health information on MyPalomarHealth?
MyPalomarHealth FAQs Enrollment Questions What is MyPalomarHealth and how will it benefit my health care? MyPalomarHealth offers patients personalized and secure on-line access to portions of their medical
More informationHIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER
HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER Researchers Must Ensure... Electronic Protected Health Information (ephi) in their possession or under their control is secured from unauthorized
More informationRevised January
Revised January 2017 1 Copyright and Trade Secret Warning All Rights Reserved. This training presentation contains confidential and proprietary trade secrets of and copyrights belonging to RadNet Management,
More informationRelayHealth Legal Notices
Page 1 of 7 RelayHealth Legal Notices PRIVACY POLICY Revised August 2010 This policy only applies to those RelayHealth services for which you also must accept RelayHealth s Terms of Use. RelayHealth respects
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationHIPAA Privacy, Security and Breach Notification 2018
HIPAA Privacy, Security and Breach Notification 2018 An Eagle Associates Presentation Eagle Associates, Inc. www.eagleassociates.net info@eagleassociates.net P.O. Box 1356 Ann Arbor, MI 48106 800-777-2337
More informationHIPAA Security Manual
2010 HIPAA Security Manual Revised with HITECH ACT Amendments Authored by J. Kevin West, Esq. 2010 HALL, FARLEY, OBERRECHT & BLANTON, P.A. DISCLAIMER This Manual is designed to set forth general policies
More informationSigning up for My Lahey Chart
Signing up for My Lahey Chart What is My Lahey Chart? My Lahey Chart is a helpful service that allows you to connect with your doctor and your health information online, anytime. Using your personal computer
More informationHOW THE SECURE PATIENT PORTAL WORKS
West Wichita Family Physicians, P.A. (WWFP) offers a secure patient portal as a service to patients who wish to view specific parts of their health information and communicate with our staff and physicians.
More informationThe ABCs of HIPAA Security
The ABCs of HIPAA Security Daniel F. Shay, Esq 24 th Annual Health Law Institute Pennsylvania Bar Institute March 13, 2018 c. 2018 Alice G. Gosfield and Associates PC 1 Daniel F. Shay, Esq. Alice G. Gosfield
More informationHIPAA COMPLIANCE AND DATA PROTECTION Page 1
HIPAA COMPLIANCE AND DATA PROTECTION info@resultstechnology.com 877.435.8877 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and RESULTS Cloud
More informationYour Information. Your Rights. Our Responsibilities.
Notice of Privacy Practices Your Information. Your Rights. Our Responsibilities. This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
More informationNMHC HIPAA Security Training Version
NMHC HIPAA Security Training 2017 Version HIPAA Data Security HIPAA Data Security is intended to provide the technical controls to ensure electronic Protected Health Information (PHI) is kept secure and
More informationPolicy. Policy Information. Purpose. Scope. Background
Background Congress enacted HIPAA Privacy & Security Compliance Policy Policy Information Policy Owner: (TBD Possibly HIPAA Privacy and Security Official or Executive Director of University Ethics and
More informationOverview of Presentation
A HIPAA Security Incident and Investigation. It Can Happen to You. Sandra a L. Sessoms, RN, CPHQ, CHC Interim Vice President, System Compliance West Penn Allegheny Health System Robert R. Michalski, CHC
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationHIPAA Privacy, Security and Breach Notification 2017
HIPAA Privacy, Security and Breach Notification 2017 An Eagle Associates Presentation Eagle Associates, Inc. www.eagleassociates.net info@eagleassociates.net P.O. Box 1356 Ann Arbor, MI 48106 800-777-2337
More informationCleveland State University General Policy for University Information and Technology Resources
Cleveland State University General Policy for University Information and Technology Resources 08/13/2007 1 Introduction As an institution of higher learning, Cleveland State University both uses information
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More information