• No results found

HIPAA SECURITY AWARENESS

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "HIPAA SECURITY AWARENESS"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

HIPAA SECURITY

AWARENESS

Department of Mental Health, Mental

Retardation, and Substance Abuse

Services

April, 2005

(2)

What is HIPAA?

HIPAA means Health Insurance Portability

and Accountability Act

It is a set of regulations issued by the United

States Department of Health and Human

Services to the help insure the privacy and

security of individual identifiable health

information.

(3)

So why do I need additional

awareness training?

HIPAA relates to the privacy of Protected

Health Information (PHI) – individually

identifiable health information that is

maintained or transmitted.

This security training deals specifically

with PHI that is in electronic format –

referred to as ePHI.

(4)

So, is it about PHI data

maintained in computers?

Yes. The security regulations cover many of

the procedures an organization must follow

in creating, receiving, maintaining or

transmitting ePHI.

(5)

But I am not responsible for

computer security. That’s what

our IT* people do. Right?

No.

Much of the security rule does deal with issues that IT people have to address.

But there are a number of safeguards that everyone who handles or is around ePHI must know and

procedures they must follow.

* Information Technology

(6)

An important theme …

The security rule is about making sure ePHI is protected from access by those who are not

authorized to have it and making sure ePHI is available to those who are authorized to have it.

(7)

Rule #1

Secure you computer when you leave your

area:

– Log off the application

– Lock you computer (Alt-Ctrl-Delete) – Turn off your computer

– Your computer should “automatically” go into sleep mode if you don‘t do anything for a

period of time.

(8)

Rule # 2

Protect your computer by not changing any

of the settings:

– Your workstation has been setup and

configured for your use and setting should not be changed.

– Changing settings can cause the workstation to become unstable.

(9)

Rule #3

Protect your passwords.

– Do not share your passwords with anyone.

– Change your password if you think someone else knows it.

– Do not post your passwords in your work area.

(10)

Rule #4

Follow

all guidelines (outlined later) regarding the transmission of PHI via electronic mail

(email).

(11)

Rule #5

Report any

security problems you encounter or

observe to your agency security officer.

(12)

Email Encryption

ePHI may be securely sent in email using encryption and decryption techniques.

Encryption is a method used “scramble” a message to make it unreadable.

Decryption is a method used to “unscramble” a

“scrambled” message to make it readable again.

The sender has a key that controls the scrambling which is shared with a trusted receiver so

messages can be unscrambled when received.

These keys are in digital certificates.

(13)

More on email …

Digital certificates are available

commercially or other agencies or

organizations may issue their own.

Unless both parties have digital certificates,

secured email cannot be exchanged.

(14)

I need to send PHI via email. So,

what do I do?

The first thing you need to do is to determine if the email recipient is able to receive encrypted email.

The potential recipient will probably have to

check with their IT organization to determine this.

If the recipient has the technical capability to

receive encrypted email, email encryption must be used.

(15)

I need to send PHI via email. So,

what do I do? (continued)

If the recipient has no technical capacity to receive encrypted email, you should use fax or a secure

surface mail, if possible. Regular email should be used only if there are no other choice.

The security rule specifies “reasonableness” – you cannot cease to do business because of the lack of technology on the part of the recipient.

You must also make every reasonable attempt to protect the PHI you transmit and encrypt it

whenever it can be encrypted.

(16)

The recipient has the technical

capability to encrypt email. What

should I do?

You must request a digital certificate

You must “share” your certificate information with the email recipient.

(17)

Several more things about email.

– Avoid sending unencrypted PHI data in email.

Use the fax or traditional mailing options.

– You can also use file passwords to achieve some security but they provide only minimal protection.

– Do not request a digital certificate until you need one (i.e., you have someone to exchange secure mail with).

(18)

Is that all on email?

Yes. Just remember, send PHI encrypted

whenever possible. If it is impossible and

you have no other practical choice, then

send it unencrypted. The responsibility for

making this determination is yours.

(19)

Anything else on security?

You are responsible for reporting any

security problems that you encounter or

observe to the agency security officer.

Complete the security awareness training

form and return it with your account

request.

(20)

Conclusion

Follow the security procedures outlined

here.

References

Download now ( PDF - 20 Page - 113.39 KB )

Related documents

If you want to read a

•The Maze Runner •The Missing Series •The Power of Six •Slated Series. •The Time Machine •A Wrinkle in Time Award

USE THIS FORM IF YOU ARE TRYING TO...

If an employee chooses not to continue the life insurance during an unpaid leave, upon their return to active, eligible employment, they will be required to complete a Life

If you have a problem or concern

– Member of the Canadian Investor Protection Fund, TD Waterhouse Private Investment Counsel Inc., TD Waterhouse Private Banking (offered by The Toronto-Dominion Bank) and

Understanding Culturally Competent Care in Occupational Therapy School to Providing Clinical Practice

Due to the increasing diversity found within the United States, and the lack of diversity found within the occupational therapy profession, are occupational therapists

How to Use Boston Private Bank s Secure Mail Service

When a Secure Mail encrypted email message is sent to you from Boston Private Bank, you will receive a separate email notification from the sender that will contain instructions

Cyber Warnings E-Magazine August 2015 Edition Copyright Cyber Defense Magazine, All rights reserved worldwide

With the increased use of mobile devices for business email, the need to secure communication from sender to recipient and within the corporate network has raised the awareness

Barracuda User Guide. Managing your Spam Quarantine

When you reply to the encrypted email message, the response will also be encrypted and the recipient (who may be the sender of your original encrypted message) will receive

Secure User Guide. Guidance for Recipients of Secure Messages from Lloyds Banking Group

When you are sent an encrypted email by Lloyds Banking Group for the first time you will receive a notification email asking you to register with a secure web portal to establish