HIPAA and Social Media and other PHI Safeguards. Presented by the UAMS HIPAA Office August 2016 William Dobbins

Similar documents
Preventing Breaches When Using , Telephone and Fax Machines

HIPAA Federal Security Rule H I P A A

Banner Health Information Security and Privacy Training Team. Morgan Raimo Paul Lockwood

HIPAA and Research Contracts JILL RAINES, ASSISTANT GENERAL COUNSEL AND UNIVERSITY PRIVACY OFFICIAL

HIPAA and HIPAA Compliance with PHI/PII in Research

Compliance & HIPAA Annual Education

HMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING. Created By:

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA 101: What All Doctors NEED To Know

Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD

HIPAA: Health Insurance Portability & Accountability Act. Presented by the UAMS HIPAA Office August 2015

HIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996

Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

University of Mississippi Medical Center Data Use Agreement Protected Health Information

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

Attachment B Newtopia Wellness Program and Genetic Testing. The Health Risk Assessment also invites individuals to undergo genetic testing.

ENCRYPTED . Copyright UT Health 1

HIPAA FOR BROKERS. revised 10/17

Security Overview. Joseph Balberde North Country Community Mental Health Information Technology Director

POLICY. Create a governance process to manage requests to extract de- identified data from the Information Exchange (IE).

HIPAA Privacy and Security Training Program

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

Universal Patient Key

2017_Privacy and Information Security_English_Content

EXAMPLE 2-JOINT PRIVACY AND SECURITY CHECKLIST

EXAMPLE 3-JOINT PRIVACY AND SECURITY CHECKLIST

NMHC HIPAA Security Training Version

What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996.

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

The Relationship Between HIPAA Compliance and Business Associates

HIPAA ( ) HIPAA 2017 Compliancy Group, LLC

WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Red Flag Regulations

Information Privacy and Security Training Authored by: Office of HIPAA Administration

Information Technology Update

Mobile security: Tips and tricks for securing your iphone, Android and other mobile devices

Information Privacy and Security Training 2016 for Instructors and Students. Authored by: Office of HIPAA Administration

Putting It All Together:

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

HIPAA UPDATE. Michael L. Brody, DPM

HIPAA For Assisted Living WALA iii

Introduction/Instructions

SFDPH Annual Privacy and Data Security Training Module

Security and Privacy Breach Notification

Your Virtual Assets. Designated Agent. Instructions

Beam Technologies Inc. Privacy Policy

Information Classification & Protection Policy

TITLE: HIE System Audit

Castle View Primary School Data Protection Policy

Departmental Reports: Posted 48 Hours After the Report Reaches a Signed Status

Social Media and Texting: A Growing Concern

Privacy and Security for the Medical Student. HIPAA Compliance Audit and Compliance Services Mount Sinai Health System

The West End Community Trust Privacy Policy

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

s, Texts and Social Media: What Physicians Need to Know

HIPAA Security and Privacy Policies & Procedures

Cyber Smarts Using Social Media Wisely

POLICY BURLINGTON TOWNSHIP BOARD OF EDUCATION. PROGRAM 2361/page 1 of 8 Acceptable Use of Computer Network/Computers and Resources M

RelayHealth Legal Notices

The Lee Wiggins Childcare Centre E-SAFETY, PHOTOGRAPHY and VIDEO POLICY

8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID

Policy and Procedure: SDM Guidance for HIPAA Business Associates

VoIP Telephone Features & Voic Unity Voice Mail Training Manual

LifeWays Operating Procedures

FERPA & Student Data Communication Systems

Data Governance & Classification Policy A Data Classification and Data Types

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

SHS Annual Information Privacy and Security Training

Mobile Application Privacy Policy

(10/17) PATIENT GUIDE

Session Booklet Social Media & Facebook

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

PayThankYou LLC Privacy Policy

facebook a guide to social networking for massage therapists

Healthcare Privacy and Security:

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

Vodafone Location Services. Privacy Management Code of Practice. Issued Version V1.0

Advanced Internet Features

Privacy & Information Security Protocol: Breach Notification & Mitigation

Learning and Development. UWE Staff Profiles (USP) User Guide

Electronic Communication of Personal Health Information

HIPAA/HITECH Privacy & Security Checklist Assessment HIPAA PRIVACY RULE

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

Freedom of Information and Protection of Privacy (FOIPOP)

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

AUTHORIZATION TO RELEASE HEALTH INFORMATION

North Carolina Health Information Exchange Authority. User Access Policy for NC HealthConnex

UTAH VALLEY UNIVERSITY Policies and Procedures

Employee Security Awareness Training Program

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

HIPAA & RESEARCH DATA SECURITY FOR BU RESEARCHERS CHARLES RIVER CAMPUS. November 14, 2017

Vision Services Application Overview

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy Rule.

Texas Education Agency

Department of Public Health O F S A N F R A N C I S C O

Patient Right Access to PHI Understanding Recent OCR Guidance. Sondra Hornsey, CHC, CHPC HIPAA Privacy Officer, Washington University March 31, 2016

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

PEDs in the Workplace: It s a Mad, Mad BYOD World

Transcription:

HIPAA and Social Media and other PHI Safeguards Presented by the UAMS HIPAA Office August 2016 William Dobbins

Social Networking

Let s Talk Facebook More than 1 billion users (TNW, 2014) Half of all adult Facebook users have more than 200 friends. (Pew Research, 2014)

Facebook When can you discuss patient information on Facebook? Never. What about information that doesn t identify the patient? Never.

Twitter 645 million active users Almost half access Twitter via mobile devices (Huffington Post, 2014)

Blogs Over 156 million public blogs Healthcare blogs

UAMS Policy 2.1.23 Safeguarding PHI Social Networking: Electronic Public Displays of patient information without Patient Authorization are prohibited. This includes the posting of photographs, video or any information about a UAMS patient through electronic means including, but not limited to, social networking sites; blogs; pinning; pinging; and tweeting. The only exception is a posting in response to a UAMS patient that gives no further information about the patient.

Patient Identifiers There are 18 identifiers, and they apply to patients, relatives, employers or household members of the patients Name Address (street address, city, county, zip code (more than 3 digits) or other geographic codes) Dates directly related to patient Telephone Number Fax Number Email addresses Social Security Number Medical Record Number Health Plan Beneficiary Number Account Number Certificate/License Number Any vehicle or device serial number Web URL Internet Protocol (IP) Address Finger or voice prints Photographic images Any other unique identifying number, characteristic, or code (whether generally available in the public realm or not) Age greater than 89 (due to the 90 year old and over population is relatively small)

UAMS Policy 2.1.08 Reporting HIPAA Violations Any known or suspected violations of the HIPAA regulations or related UAMS policies and procedures must be reported in accordance with this Policy. UAMS workforce who report in good faith such known or suspected violations shall not be subjected to retaliation, intimidation, discrimination, coercion, or harassment as a result of their report. Violations of this policy, including failure to report, will be grounds for disciplinary action up to and including termination. Any sanctions that are applied will be documented.

What Should You Do? Keep patient related communications OFF the internet! Obtain written HIPAA compliant Authorizations from patients if you are going to put their information online (contact the HIPAA Office for assistance). If you see a posting online that violates UAMS policy, get screen shots and any other information that helps us mitigate and respond to the violation, and report to the HIPAA Office or your supervisor immediately.

Reasonable Safeguards 2.1.23 UAMS must take reasonable steps to make sure PHI is kept private Communicate Quietly Make it a habit always lower your voice when discussing patient information. Try to discuss patients privately. Stop the conversation if someone walks up while giving report or rounding. 11

Printed PHI Don t leave PHI lying around where others can see it. Don t put PHI, including patient stickers and medication labels, in the regular trash. Shred or place in the privacy bins. Obliterate patient information on IV bags or cover with the white labels from the Omnicel before placing in the regular trash. Do not remove PHI from UAMS 12

Electronic PHI Be aware of your computer screen Position your monitor or Computer on Wheels (COW) so the screen cannot easily be seen by passersby Minimize the screen if someone walks up Log off or lock your computer prior to stepping away from it Never share your password or use someone else s sign on information 13

Photography consent required Written patient consent is required for photos/video taken for the purpose of treatment, payment, and other health care operations such as teaching within UAMS. Written authorization is required for photos/video to be disclosed outside UAMS. Exception When a parent requests UAMS staff to make photographs solely for their personal use (such as a baby book), UAMS is not required to obtain written consent prior to taking the photograph. Do not take photos with personal digital devices.

Why would the HIPAA Office call me? Access to patient records is monitored If your name is on an audit report, and the appropriateness is not readily apparent to the auditors, you or your supervisor will be contacted This is routine follow up and is done for physicians, students and staff. 15

Why would the HIPAA Office call me? Access of patient records outside the performance of your job is prohibited This includes your own records and the records of: Family Friends and acquaintances Co workers Violations of UAMS HIPAA Policies are taken so seriously that your supervisor will be notified and must impose disciplinary action. 16

Your HIPAA Office ams.edu PA HIPAA Office: (501) 603 1379 HIPAA Hotline: (501) 614 2187 Email: hipaa@uams.edu Website: http://hipaa.uams.edu

Don t forget to take your online Required HIPAA Privacy and Security training http://hipaa.uams.edu/requiredhipaaps2013/requiredhipaaps 2013.htm

19

Questions? Harley HIPAA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback