Post on 16-Jul-2015
PRIVACY & INFORMATION SECURITY AWARNESS
Ashford University
MHA 690: Health Care Capstone
Dr. Sherry Grover
May 23, 2013
Course Objectives Knowledge about the laws that governs the privacy and protection of identifiable health information
Recognize the types of information that must be kept private
Recognize your responsibilities to protect privacy when dealing with sensitive information
How to protect the privacy of identifiable health information
Examples of incidents to report
Knowledge of the process for reporting incidents and penalties of non-compliance
Laws and Regulations
Privacy Act of 1974 – Governs the collection, use and distribution of a person’s identifiable information kept in a system of record
Health Insurance Portability & Accountability Act (HIPPA)- law that protects the privacy of ones person’s personal health information
Federal Information Security Management Act (FISMA) – law that requires a risk assessment program, policies and procedures, evaluation of security controls, and provide training of information security to all employees
Health Information Technology for Economic and Clinical Health Act (HITECH) – requires patients to be notified of security breach, funds the adoption of health information technology for organizations, and enforces HIPPA violation penalties
What to Protect
Sensitive information includes both our organizational business information and patients’ private information. Violations can be accidental or purposefully. Do not disclose, modify, or destroy any sensitive information unless you are authorized to do so. Sensitive information includes:
Protected Health Information (PHI)
Personal Identifiable Information
Internal Business Information
Your Responsibilities to Protect It
Information security will be maintained when you ensure the following:
Integrity – information is secure and protected from being damaged or altered
Confidentiality – information is kept private and not disclosed to those who do not have permission to view it
Availability – access to information systems and networks are available to those who have been granted permission
How to Protect It
Follow the policies and procedures
Only access and view information that is needed for you to do your job
Use encrypted email
Do not place sensitive information in trash receptacles
Do not discuss sensitive information in public places
Examples of Incidents
Observing someone access records that he/she should not
Observing someone change or delete records without proper permission
Finding a device with sensitive information
Hearing a persons discussing sensitive information to an unauthorized person
Accessing mail or email that you should not access
Examples of Incidents
Observing someone access records that he/she should not
Observing someone change or delete records without proper permission
Finding a device with sensitive information
Hearing a persons discussing sensitive information to an unauthorized person
Accessing mail or email that you should not access
How to Report an Incident
Immediately notify your supervisor and ISO of:
Person (s) involved The time of the incidentWhat information was shared
If the incident is after hours or weekends, you can call the Helpdesk @ 800-877-4327.
Consequences
Suspension of access to information systems
Disciplinary actions in your personnel file
Suspension or job loss
Civil or criminal prosecution
Fines and/or imprisonment
Civil and Criminal Penalties
Destroy records without being authorized -$2000 in fines & 3 years in prison
Violation of the Privacy Act - $5000 & 1 year in prison per occurrence
Intentional incident - $250,000 fines & 10 years in prison