Privacy & Information Security Tackling Trends & Threats - - PDF document

privacy information security tackling trends threats
SMART_READER_LITE
LIVE PREVIEW

Privacy & Information Security Tackling Trends & Threats - - PDF document

Mar 25, 2024 22 likes •106 views

Privacy & Information Security Tackling Trends & Threats December 12, 2014 Norma A. Chitvanni RHIT, CHPS nchitvan@bidmc.harvard.edu Agenda Omnibus Rule Pay Out of Pocket 2013 Mobile clinical equipment Email security

slide-1
SLIDE 1

1

Privacy & Information Security Tackling Trends & Threats

December 12, 2014

Norma A. Chitvanni RHIT, CHPS

nchitvan@bidmc.harvard.edu

Agenda

 Omnibus Rule Pay Out of Pocket 2013  Mobile clinical equipment  Email security  Training & Education  Keep Information Private (KIP)  Phishing  Business Associates  OCR Audits  Information Security and Privacy committee  You Know Me Video

slide-2
SLIDE 2

2

Omnibus-Pay out of Pocket

 Restriction for pay out of pocket for services  Challenging process  May be for partial services  Different from self pay  Ensure no release to insurance company  Payment, at time of service or later  Request each time

Mobile Clinical Equipment

 Stolen ultrasound machine  Patients notified  Locator device  Patient information stored on the machine  Reported breach to OCR  Formed a task force  Policy development  Education

slide-3
SLIDE 3

3

Secure Transmission of Email

 Send Secure-encryption of emails Use # Secure before subject  Proof Point system  Monitoring of emails  Feedback to staff  Friendly encryption message-PFAC  Transport Layer Security Connection  Secure File Transfer for large files

Training & Education

Information Security & Privacy

 Annual Mandatory education  Includes test and attestation  New Employee Orientation, IS&P training  Learning Management System (LMS)  Monitoring of completion of training  Corrective Action modules  Keep Information Private (KIP) Annual Awareness Campaign

slide-4
SLIDE 4

4

KIP Awareness Campaign

 Posters  Tent Cards for cafeteria tables  Labels on food containers  Handouts  Plasma screen displays  Focus on Phishing  Logo

slide-5
SLIDE 5

5

slide-6
SLIDE 6

6

Phishing

 Focus on Phishing

Used props during the campaign to boost awareness

 Handouts-Phishing –FAQ’s  Bowl of Swedish Fish & Gold Fish  Raffle/ drawing for box of Swedish Fish  Fishing rods-Melissa and Doug  Campaign video

Business Associate Agreements

 New Omnibus Requirements

Effective date March 26, 2013 Compliance date September 23, 2013

 Existing BAAs could continue to operate for a one year period from the compliance date (September 22, 2014)  Perform BAA audits/ reviews

slide-7
SLIDE 7

7

OCR Audit

169 Items 78 Security 81 Privacy 10 Breach Performed mock audit on the Privacy and Breach items. Readiness Binder and electronic folder Annual review / check the OCR website

Information Security & Privacy Committee (IS&P)

 Consists of 32 members  Meets Monthly  Addresses IS&P issues  Approves Policies  Discuss Breaches  Creates Policies  Identifies issues, creates task force  Reports back to IS&P  Reports to Management Compliance Audit & Risk Com.  Reports to Board Compliance Audit and Risk Com.

slide-8
SLIDE 8

8

“You Know Me” Video

 Patient Family Advisory Committee  Sent to all workforce  Included in our New Employee Orientation  Introduced our Information Security and Privacy Intranet site  Award winning-MaHIMA-Team Excellence Award 2013  New England Society for Healthcare communications-Silver Lamplighter Award  Video