140 likes | 303 Views
HIPAA. Security. Please review this presentation on HIPAA Security. When you are finished you will receive a sign-off sheet with instructions on returning it. If you have any questions, please contact Sheila Kline at 585-719-3160 or skline@depaul.org. HIPAA Security Presentation. Four
E N D
HIPAA Security
Please review this presentation on HIPAA Security. When you are finished you will receive a sign-off sheet with instructions on returning it. If you have any questions, please contact Sheila Kline at 585-719-3160 or skline@depaul.org HIPAA Security Presentation
Four Major Requirements Under HIPAA
1. Develop Administrative Procedures • Write Policies & procedures related to security of our systems • Implement a Disaster recovery plans
2. Ensure Physical Safeguards • Keep Servers in a secure location • Keep Offices and file cabinets locked
3. Implement Technical Security Services • Control Access – who are the users & security levels • Audit – who can access data & who did access data
4. Institute Technical Security Mechanisms • User accounts and passwords • Virus protection • Firewalls • Data transfer protocols, file encryption • Secure, monitored servers (MIS department responsibilities)
What Are Electronic Files? Information stored on • Computers • Laptops • PDA’s • Floppies • CD’s • DVD’s • Zip Disks • Flash Drives Reasonable measures need to occur to keep these items secure. Laptops, CDs, DVD’s, Floppies and Flash drives need to be stored in a locked area if they contain PHI.
Employee Security Rules • E-mail • Do not use e-mail to communicate confidential information • Depaul.org email is NOT secure • AWARDS messaging is HIPPA Compliant • FAX Transmissions • Use cover sheet with the DePaul disclaimer • Know who you are faxing • Dial the correct number or use speed-dial when possible • Verify receipt of fax • Keep fax machines in private areas • Conversations in public places • Be aware of where you are and who can hear you
Employee Security Rules • Be aware of who can hear your Voicemail messages or conversations on Speaker Phone • Written Correspondence • Keep confidential and secure • Do not leave PHI out in the open on your desk • Ensure that doors, desks and cabinets are locked • If you do not have a locked area to keep PHI contact your supervisor • Be aware of who can observe data you are entering or displayed on your monitor • Do not leave confidential information on your computer screen • Lock your computer before leaving your workspace for any length of time (ctrl+alt+delete)
Employee Security Rules • Do not install or download any software on your computer • All software on DePaul computers must be authorized by the MIS Dept. • File transfer programs can create security loop holes • Data Minor programs installed inadvertently while surfing the internet can search for data on your computer. • Phones • Do not use speaker phone when listening to voicemail when PHI could be discussed • Be aware of who can hear speakerphone or conference call conversations.
Employee Security Rules • Passwords • Never give your passwords to another user • Change often (every 3 months or sooner) • Be creative when thinking of a password. • do not store passwords near your computer. • Never login and allow other staff to access databases under your user name and password. • If a new staff person needs rights to a database – they need to contact the MIS Department. • If a staff person does not have all the rights they need to complete their job in a database – they need to contact the MIS Department – not use another staff’s database credentials.
If you have any questions regarding HIPAA Security, please contact Sheila Kline 585-719-3160 or skline@depaul.org Click here to access the sign-off sheet.