1 / 19

Welcome to UF

Welcome to UF. We’re from the Privacy Office and we’re here to help you… HIPAA Orientation – College of Nursing August 22,2014 Cheryl Webber, MS, RHIA University of Florida Privacy Manager, Jacksonville. HIPAA Training Requirements.

berne
Télécharger la présentation

Welcome to UF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to UF We’re from the Privacy Officeand we’re here to help you… HIPAA Orientation – College of Nursing August 22,2014 Cheryl Webber, MS, RHIA University of Florida Privacy Manager, Jacksonville

  2. HIPAA Training Requirements. • To help you understand your obligation to preserve the privacy and confidentiality of restricted information. • To educate you about the RISKS of using a Mobile Device and the SAFEGUARDS you must use to minimize those risks. • To make you aware of how to report lost or stolen devices. Goals Of this Orientation

  3. This orientation is not your HIPAA and Privacy training for the year! • You must: • Complete UF’s Online HIPAA & Privacy Training • Sign UF’s Online Confidentiality Agreement • Additional training modules for Shands and the VA (if you see patients there). Privacy Orientation

  4. Complete: • General Awareness Training – if you will not be involved in any research OR • HIPAA for Researchers – if you will be doing human subject research. (This training counts for both Research and General Awareness.) • Note: Have you already completed one of the modules within MyUFL? HIPAA Training

  5. Privacy Training is renewed annually. • Failure to complete the training on time is a Level II HIPAA violation and will result in disciplinary action. • Be sure you are included in your college or department’s email list. Training and Re-training….

  6. Unauthorized disclosures • Be aware of your surroundings when discussing patients. • Use extra caution with privileged information. • Improper use of portable devices • Recording (and sharing) unauthorized pix and videos • Failure to use encryption • Losing or misplacing equipment • Downloading unnecessary PHI • Removing PHI or health records from UF premises. Common HIPAA Violations

  7. UF Sanctions • Loss of student privileges, computer access • Verbal counseling up to termination • Suspension or expulsion • Reporting to professional licensing or credentialing boards • Sanctions for HIPAA violations are serious: • Fines • Jail-time Privacy Sanctions

  8. So, a breach involving PHI for 10 individuals could cost youanywhere from $100 to $50,000 per disclosure New Penalties

  9. Mobile Device Management

  10. Before you use a Mobile Device to: • Create • Access • Transmit • Receive • Store • You are required to educate yourself about the RISKS of using a Mobile Device and the SAFEGUARDS you must use to minimize those risks. PHI Know the RISKS and SAFEGUARDS

  11. If you’re using your Mobile Device for patient care, do you know what to do if: • Your device is Lost or Stolen? • Your device is infected by a virus or other malware? • Are you aware that you should never: • Share your personal mobile device with anyone? • Use your device on an unsecured network? Mobile Device Risks

  12. Use Proper Authentication • Use strong password that meets or exceeds UF Health’s password requirements. • Set an inactivity timeout of no more than 10 minutes – require a password to re-enter. • Never share your password and change it often. • Use and Maintain Approved Software • Install only approved software. • Enable approved encryption software. • Enable and maintain anti-virus and -malware protection. • Disable file-sharing applications. Required Device SAFEGUARDS

  13. Maintain Physical Control • Keep your device with you or locked up. • Enable approved tracking or recovery software. • Do not allow others to use your device (children, spouse, friends, etc.). • Do not leave your device in a parked vehicle. • Use Secure Networks • Use adequate security over Wi-Fi networks. • Do not forward e-mail to outside accounts. • Ensure Proper Disposal Required Device SAFEGUARDS

  14. Report the loss or theft of your device immediately! • Notify your immediate supervisor. • Also Notify: • IT Security Office • Privacy Office • UF Police Department REPORT Lost or Stolen Devices

  15. Direct patient care during emergencies or disasters. • Share PHI only with co-workers involved in patient care. • Create and/or share photos/videos only for making immediate health care decisions. • Remember, all communications and/or images used for healthcare decision making or for treatment become part of the patient’s health record. Appropriate Use

  16. AMCOM – enterprise communication software that offers HIPAA-compliant texting. • Haiku – software for smartphones (iPhones) intended to securely connect to the electronic health record. • Canto – like “Haiku for iPads,” securely connects to the electronic health record. • Citrix Receiver – application for smartphones and personal data assistants, runs Epic Hyperspace application. • VMWare Horizon Client – application that allows users to securely access a virtual desktop. • E-mail from and to a recipient with a “ufl.edu” e-mail address when both sender/receiver have a professional need to know the information shared. • Epic Hand-held Software (that may come available). Approved Software

  17. Acceptable Uses: • A resident physician photographs a patient’s wound and sends the image (using HAIKU) to attending physician for the immediate delivery of care. • A nurse “texts” stat lab results (using AMCOM) to the ordering physician. • A clinician photographs the placement of a healthcare device, excluding any patient identifiers, and sends the image to the device manufacturer for advice. • Unacceptable Uses: • Recording patient images out of curiosity or under the auspices of “general medical education.” • Taking a picture with a patient, at the patient’s request, in a patient care area and then forwarding the picture to the patient or posting the picture on Facebook. • Auto-forwarding e-mail to any e-mail system outside the ufl.edu domain, such as G-mail, Yahoo, AOL, or similar external e-mail systems. Examples

  18. Watch what you say and where you say it • Protect health records in all formats and all locations • Safeguard personal computing devices; • Employ encryption and other security measures whenever possible. • Follow the rules! • Report theft of devices Wrap-Up

  19. UF Privacy Office • (352) 273-1212 • http://privacy.health.ufl.edu • AHC IT Security • (352) 265-8317 • Security@shands.ufl.edu • UF Police Department • (352) 392-1111 Non-emergency • UPDinfo@admin.ufl.edu Resources

More Related