Importance of Privacy & Data Security Training in Healthcare

Slide Note
Embed
Share

Privacy and data security training in healthcare is crucial due to the interconnected nature of the industry, putting patient information at risk. Breaches have resulted in significant financial losses, emphasizing the need for mandatory training to safeguard patient privacy. Understanding responsibilities, policies, and procedures is essential to prevent breaches and maintain compliance with federal regulations.

tach645
tach645 Follow

Uploaded on Sep 14, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. HIPAA Privacy & Data Security Education 2017 Stanislaus Surgical Hospital 1

  2. Why do I need Privacy & Data Security Training? The healthcare industry is very interconnected. Stanislaus Surgical Hospital Medical Services Medical Records Hospital Medical Devices Patient privacy and data security are more at risk Stanislaus Surgical Hospital 2

  3. Privacy & Data Security Breaches in the news Parkview Health system (5/2014)- $800,000 PHI left on front doorstep of retired physician New York Presbyterian & Columbia University (5/2014)- $4.8 million Failure to safeguard and secure PHI on network Concentra Health Services and QCA Health Plan, Inc. (4/2014)- $1.9 million Theft of unencrypted laptops Skagit County, Washington (3/2014)- $215,000 County failure to adopt meaningful compliance progra U.S. Department of Health and Human Services, Office of Civil Rights, September 2014 Stanislaus Surgical Hospital 3

  4. Privacy and Data Security Training Mandatory Essential to the mission and values of SSH Federally mandated TRAINING REASONS: Privacy and confidentiality are expected by patients. Protecting confidential information and following data security protocols is a serious matter. Everyone can help prevent breaches by staying vigilant and reporting any concerns immediately. Stanislaus Surgical Hospital 4

  5. What is Your Responsibility? Read, understand and abide by all SSH Privacy and Data Security Policies and Procedures located on the Shared (G:) Drive. Understand SSH s network user responsibilities and do not assume that there is privacy on the network Understand the appropriate use of social media and smart devices Be aware of privacy or data security incident reporting requirements Understand non-compliance consequences Stanislaus Surgical Hospital 5

  6. What is Stanislaus Surgical Hospitals Leadership Role? Executives, managers and supervisors are responsible for: Ensuring staff compliance with privacy and data security policies, procedures, and regulations. Assisting the SSH Privacy Officer with the hospital s legal obligation to detect and investigate potential privacy or data security breaches. Investigating any identified risks disclosed by electronic audit log reviews. Reporting known or suspected incidences to the Privacy Officer immediately. Following through with sanctions or any disciplinary actions resulting from a breach. Stanislaus Surgical Hospital 6

  7. Privacy & Data Security Regulations Stanislaus Surgical Hospital 7

  8. HIPPA REGULATIONS The Health Insurance Portability & Accountability Act (HIPAA) was passed by Congress in 1996. Oversight is managed by the Office of Civil Rights (OCR) through the Department of Health and Human Services (HHS) Regulations include: o Controls for the use and disclosure of Protected Health Information (PHI) Health Insurance o When a covered entity like SSH uses PHI internally for Treatment, Payment or other Healthcare Operations, or (audits, training customer service, internal analysis, etc.). Portability & Accountability o Release, transfer or provide access to a patient s PHI physically, orally, or electronically, to someone like a physician, an attorney, another provider, insurance company, billing contractor, etc, outside of SSH. Act HIPPA allows for use and disclosure of PHI without a patient s authorization when used for TPO, Treatment, Payment or Healthcare Operations, as well as uses or disclosures required by law. Stanislaus Surgical Hospital 8

  9. HITECH Act - Expands HIPAA Health Effective January 1, 2009 Information Privacy and data security component of the American Recovery and Rehabilitation Act (ARRA). Technology for Enforced by the Office of Civil Rights (OCR) of the Department of Health & Human Services. Economic and Clinical Enforced through the state s Attorney General to enjoin actions and obtain damages on behalf of individuals. Health Applies HIPAA standards and penalties to Business Associates. Makes individuals subject to penalties. Stanislaus Surgical Hospital 9

  10. Protecting Patient Privacy Stanislaus Surgical Hospital 10

  11. What Information Must You Protect? Protected Health Information (PHI) consists of information about an individual or data elements that can be used directly or indirectly to identify an individual. Examples: Name Date of Birth Address Phone Number Social Security Number Medical Record Number Date of Death Photographs Etc. Protected means that only people who need the information should have access to it and they should only have the minimum amount of information they need to do their job. Stanislaus Surgical Hospital 11

  12. PHI is not Just in the Patients Medical Record PHI includes any information that can be used to identify an individual. Paper records of all types Documents and forms Labels on patient care items Photos and graphics Insurance cards Faxes Electronic records Computer based records Biomedical equipment Portable storage media Video records (dictation) Verbal/Oral communications Observation Stanislaus Surgical Hospital 12

  13. Minimum Necessary Standards Policy Disclose/release only the minimum amount of PHI data elements necessary to accomplish the intended purpose. Access the minimum necessary information to complete job responsibilities. Apply minimum necessary standards when PHI must be disclosed or provided to someone outside of SSH. (example: an attorney, contractor, business associate, auditor, etc.) Stanislaus Surgical Hospital 13

  14. Safeguarding PHI & Sensitive Information Policy Do not leave documents containing PHI or confidential information unattended in fax machines, printers or copiers. Turn over or cover all PHI/confidential information when you leave your desk. from the facility without the appropriate authorization. Never remove PHI/confidential information contains PHI/confidential information in a locked room, desk or cabinet. Store portable media that into patient areas with PHI or other sensitive information without authorization. Do not allow friends, relatives or visitors Stanislaus Surgical Hospital 14

  15. Safeguarding Faxes and U.S. Mail Misdirected faxes are the #1 reported privacy incident across Healthcare. Everyone must use Stanislaus Surgical Hospital s fax coversheet when faxing PHI or other confidential information. sending, including preprogrammed numbers Always verify the recipient s fax number before Report to the Privacy Officer any misdirected faxes or U.S. mail that contains or pertains to the following: Requests for or copies of medical records Billing documents, checks or other documents with PHI Privacy related complaints Documents with PHI or sensitive information Office of Civil Rights (OCR) letters Complaints about SSH. Stanislaus Surgical Hospital 15

  16. Safe Disposal of PHI and Confidential Information Never dispose of paper, film, or copies containing PHI or other sensitive information in a garbage or recycle container. It must be shredded or put into a locked shredder bin. Documents with PHI should be disposed of in a manner that the PHI cannot be read or reconstructed and is rendered unusable, unreadable, or indecipherable. Stanislaus Surgical Hospital 16

  17. Social Media Guidelines Stanislaus Surgical Hospital s guidelines for us of Social Media include: Never post confidential or sensitive information or photos , even though the patient s name is absent from the post. The patient s occupation/place of employment are enough to ID a patient. Never discuss or reveal sensitive or confidential information in public forums, chat or newsgroups. Inappropriate posting of information or photographs can damage Stanislaus Surgical Hospital s reputation and/or result in individual liability for the person responsible. THINK before you post. Stanislaus Surgical Hospital 17

  18. Data Security Stanislaus Surgical Hospital 18

  19. Data Security SSH is required by law to monitor and detect any potential privacy or data security breach including regularly monitoring user network activity. The HIPAA Security Rule: establishes standards to protect PHI and electronic PHI (ePHI) from unauthorized access or disclosure. requires that all covered entities have certain types of safeguards in place to protect ePHI: Administrative= Develop hospital-wide P&P s regarding PHI protection and periodically review PHI risk analysis Physical= Inventory of devices that contain ePHI, back up for power failure and P&P regarding locked doors, cameras, etc. Technical= Unique user ID, ePHI backup, ability to monitor system to see who has accessed a patient s PHI and terminal automatic logoffs Stanislaus Surgical Hospital 19

  20. Inappropriate Access & Snooping PHI may not be accessed by any employee, contractor or physician without a legitimate business purpose (treatment, payment or healthcare operations). Every employee has the legal right to access their own medical records by following the same authorization process as other patients. It is a violation of SSH s policy for an employee to use their network credentials to access their own PHI, or the PHI of any family member, without completing the proper authorization procedures. according to Policy IS.010. Inappropriate access of PHI will result in disciplinary action Protecting PHI is everyone s job. PHI is not everyone s business. Stanislaus Surgical Hospital 20

  21. Network User Policy - NUP Network access is a privilege that is granted to users to facilitate the performance of SSH s business. User activity is regularly monitored. The contents and history of a user s network activity are Stanislaus Surgical Hospital s property. Any content a user creates or receives via the network is not private nor personal. This includes: Web browsing Email and Instant Messages Application activity. Stanislaus Surgical Hospital 21

  22. Mobile Device Security Only SSH approved smart phones and PDA models may be used to access the SSH network. Encryption is required for all devices that access the network. Consult SSH IT, your user manual or the vendor s website for encryption instructions. Password protection is NOT the same as encryption. Always follow Stanislaus Surgical Hospital IT guidelines when using an Iphone, Ipad or other electronic device that connects to the SSH network. Stanislaus Surgical Hospital 22

  23. Portable Device & Media Security shall follow all SSH data security policies. All users of portable computers and portable media owned or issued by SSH Information systems store data on a wide variety of storage media including: o Internal and external hard drives o Internal memory o Tapes o Other Media devices These devices and tools are especially vulnerable: o Laptops and home-based personal computers o Floppy or ZIP disks and other backup media o Optical storage using CDs and DVDs o PDAs and Smart Phones o Hotel, library or other public workstations o Wireless Access Points (WAPs) o Flash memory cards and USB flash drives o Remote Access Devices including security hardware Stanislaus Surgical Hospital 23

  24. Lost or Stolen Removable Media If you discover your laptop, iPhone, CD or other portable media containing PHI or sensitive information missing, call (209)232-2510 immediately to report it. Stanislaus Surgical Hospital 24

  25. Sending Secure Email Any PHI or confidential information sent outside of the SSH network requires encryption. You must use the Encrypt Message button which is available in your Outlook version. A confidentiality statement will automatically be included at the bottom of the email. The required language for the confidentiality statement is located in the SSH email Policy IS.0008. Report incidences of unsecured email to you Privacy Officer. Stanislaus Surgical Hospital 25

  26. Reporting Requirements Stanislaus Surgical Hospital 26

  27. Investigation Response and Notification Anyone with authorized access to SSH s records or Network shall immediately report any known or suspected privacy or data security incident. Reporting options: Contact your immediate supervisor who in turn will report the incident to the Privacy Officer. Contact to the Privacy Officer directly Email debbiem@stanislaussurgical.com Call the SSH Compliance Officer at (209)232-2602 Stanislaus Surgical Hospital 27

Related


Understanding the Privacy Paradox: Attitudes vs. Behaviors

Understanding the Privacy Paradox: Attitudes vs. Behaviors

clai_evi
Understanding Privacy in Information Security Training

Understanding Privacy in Information Security Training

lillia
Privacy Considerations in Data Management for Data Science Lecture

Privacy Considerations in Data Management for Data Science Lecture

maen728
NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

haley
Privacy-Preserving Analysis of Graph Structures

Privacy-Preserving Analysis of Graph Structures

bilal
Understanding Data Privacy Laws and Regulations in Saudi Arabia

Understanding Data Privacy Laws and Regulations in Saudi Arabia

twyla
FMCSA Privacy Awareness Training Overview for 2022

FMCSA Privacy Awareness Training Overview for 2022

natan
Powering the Digital Economy: Regulatory Approaches to Securing Consumer Privacy, Trust, and Security

Powering the Digital Economy: Regulatory Approaches to Securing Consumer Privacy, Trust, and Security

arkady
Data Privacy in Sharing Sensitive Information

Data Privacy in Sharing Sensitive Information

vaid_955
Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

lillia
Kansas Student Data Privacy Legislation Overview

Kansas Student Data Privacy Legislation Overview

herme
Understanding Data Governance and Data Privacy in Grade XII Data Science

Understanding Data Governance and Data Privacy in Grade XII Data Science

lillie
Privacy and Data Protection in the Digital Age

Privacy and Data Protection in the Digital Age

smer
Integrated Healthcare Waste Management and WASH in Healthcare Facilities

Integrated Healthcare Waste Management and WASH in Healthcare Facilities

faithanns
Understanding Big Data and Privacy Issues in Today's Society

Understanding Big Data and Privacy Issues in Today's Society

mpaul
Understanding Breach of Confidence and Privacy Rights in English Law

Understanding Breach of Confidence and Privacy Rights in English Law

teodor
Understanding Data Anonymization in Data Privacy

Understanding Data Anonymization in Data Privacy

mmich
Protecting User Privacy in Web-Based Applications through Traffic Padding

Protecting User Privacy in Web-Based Applications through Traffic Padding

eviemae
Security and Privacy in 3G/4G/5G Networks: The AKA Protocol

Security and Privacy in 3G/4G/5G Networks: The AKA Protocol

muey769
Understanding IoT Privacy and Security in Addis Ababa Workshop 2019

Understanding IoT Privacy and Security in Addis Ababa Workshop 2019

kye
Cyber Security and Data Privacy Recommendations in Autonomous Vehicles

Cyber Security and Data Privacy Recommendations in Autonomous Vehicles

cayh
Safeguarding Student Privacy in Educational Technology: A Comprehensive Guide

Safeguarding Student Privacy in Educational Technology: A Comprehensive Guide

huey
Privacy and Registered Training Organisations: Lessons and Insights

Privacy and Registered Training Organisations: Lessons and Insights

isabela
Enhancing Privacy and Anonymous Communications with Technology

Enhancing Privacy and Anonymous Communications with Technology

brooklynr

More Related Content

Privacy-Preserving Surveillance: Design and Implementation
Privacy-Preserving Surveillance: Design and Implementation
Understanding Data Privacy in Emerging Technologies
Understanding Data Privacy in Emerging Technologies
Understanding Data Collection and Analysis for Businesses
Understanding Data Collection and Analysis for Businesses
Secure Multiparty Computation: Enhancing Privacy in Data Sharing
Secure Multiparty Computation: Enhancing Privacy in Data Sharing
Understanding Big Data: Privacy Implications and Social Impact
Understanding Big Data: Privacy Implications and Social Impact
Privacy Training Workshop on Media and Freedom of Expression Law
Privacy Training Workshop on Media and Freedom of Expression Law
Understanding VA Privacy Issues and Sensitive Information
Understanding VA Privacy Issues and Sensitive Information
Privacy-Aware Smart Buildings: Ensuring Privacy Policies and Preferences
Privacy-Aware Smart Buildings: Ensuring Privacy Policies and Preferences
Exploring Computer Ethics and Privacy Principles
Exploring Computer Ethics and Privacy Principles
The Economics of Privacy: Evolution and Implications
The Economics of Privacy: Evolution and Implications
Understanding AI, Privacy, and Data in Cybersecurity
Understanding AI, Privacy, and Data in Cybersecurity
Exploring Privacy Features with Hyperledger Besu in Ethereum Development
Exploring Privacy Features with Hyperledger Besu in Ethereum Development
Privacy-Preserving Prediction and Learning in Machine Learning Research
Privacy-Preserving Prediction and Learning in Machine Learning Research
Social Networks, Privacy, and Freedom of Association in the Digital Age
Social Networks, Privacy, and Freedom of Association in the Digital Age
Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks
Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks
Real-time Monitoring and Detection of Android Privacy Leakage
Real-time Monitoring and Detection of Android Privacy Leakage
Understanding the Risks and Privacy Challenges in the Internet of Things
Understanding the Risks and Privacy Challenges in the Internet of Things
Safeguarding Personal Information at DHS
Safeguarding Personal Information at DHS
Introduction to WISEdata Portal and Data Privacy Guidelines
Introduction to WISEdata Portal and Data Privacy Guidelines
Understanding Blockchain Data Structures and Hyperledger Implementation
Understanding Blockchain Data Structures and Hyperledger Implementation
Understanding the Role of Security Champions in Organizations
Understanding the Role of Security Champions in Organizations
Overview of Personal Data Protection Bill, 2018
Overview of Personal Data Protection Bill, 2018
Ensuring Client Privacy and Ethics in Antiretroviral Therapy Distribution
Ensuring Client Privacy and Ethics in Antiretroviral Therapy Distribution
Ensuring Client Privacy and Confidentiality in Antiretroviral Therapy Distribution
Ensuring Client Privacy and Confidentiality in Antiretroviral Therapy Distribution