1 / 13

Implementing HIPAA Compliance: Effective Strategies for Acquiring and Saving MEG Data

This guide outlines essential HIPAA compliance methods for acquiring and saving MEG data, focusing on systematic approaches to secure data handling. Each group will receive unique login credentials, and patient data accessibility will be restricted to authorized groups. It details a step-by-step process, including managing user IDs, naming directories, and saving data files appropriately. Compliance responsibilities emphasis the proper retention of consent and authorization forms and the necessity of maintaining records of privacy acknowledgments. Implement these methods to protect sensitive data and ensure adherence to HIPAA regulations.

dore
Télécharger la présentation

Implementing HIPAA Compliance: Effective Strategies for Acquiring and Saving MEG Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MEG Users Meeting 4/11/03 HIPAA Compliance: Acquiring and Saving MEG Data

  2. Main problem

  3. Saving data: main problems

  4. HIPAA methods: Step 1 • Each group will now have its own login name and pswd for sinuhe • Group names are created as: acqxxxx • e.g. megclin, meghalg, megmbar, etc • The same group will also be created on the linux side—this group will own your data files

  5. HIPAA methods: Step 2 • Subject Type: • Default is Volunteers, instead select Patients • Registered and MEG data will now be available only to your group

  6. Accessible to group: Change to your lab’s group name, e.g. acqwest HIPAA methods: Step 3

  7. HIPAA methods: Step 4 HIS ID: west001 • HIS ID can be any code of your choosing… • Use unique names • e.g. west001 vs 001 • Directories will now be named as: • /subj_<HIS>/<date>/

  8. HIPAA methods: Step 5 • Data files should be saved with this code as well (rather than initials)

  9. HIPAA methods: Step 6 • In addition to logging out of the Acquisition program, you also need to log off the computer • Simply hit Exit on the task bar at the bottom of any window

  10. PI’s responsibility: To do list http://www.healthcare.partners.org/phsirb/hipaa2do.htm

  11. Approved/ongoing protocols (prior to 4/14) • Subjects enrolled prior to 4/14 • Authorizations not required (unless subject re-consented after 4/14) • Subjects enrolled on or after 4/14 • Subject must sign both a consent form and an authorization form • Must be given a copy of the Privacy Notice, and obtain written acknowledgement of receipt

  12. Authorization form • Downloadable from website • Fulfills specific elements of Privacy Rule without requiring you to rewrite/resubmit existing consent form • Must provide a copy to the Human Research Office to document compliance with the Privacy Rule • Authorization will not be reviewed by the PHRC - you are responsible for the accuracy of the information in the document • Signed Authorization should be kept with signed consent form • Free-standing Authorization should be used until your PHRC-approved consent form includes the authorization language (ie, merge consent with Authorization)

  13. Privacy Notice • Privacy Notice can be downloaded from previously mentioned site, and does not need to be “approved” by Human Research Office • Signed acknowledgement forms must be returned to the Privacy Officer at your institution • Although not required, recommended that you keep a copy of the signed receipt of Privacy Notice for your records

More Related