1 / 19

Security: 2014

Security: 2014. Personal Health Information Protection Act, 2004. this 5 min. course covers: changing landscape of electronic health records security threats & obligations protections for personal health information (PHI) . Connecting GTA – Coming in 2014.

gaille
Télécharger la présentation

Security: 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security: 2014

  2. Personal Health Information Protection Act, 2004 this 5 min. course covers: • changing landscape of electronic health records • security threats & obligations • protections for personal health information (PHI)

  3. Connecting GTA – Coming in 2014 • early adoption of cGTA builds on eCare’s success to further strengthen point of care access to electronic patient information • security: critical factor in whether patients consent to sharing personal health information (PHI) in cGTA

  4. cGTA changes the security landscape • health care organizations required to reinforce IT security • planned link (Cerner to cGTA) requires infrastructure incl. • active directory accounts for credentialed physicians • merging Cerner account/active directory account to create “single sign-on” from Cerner to cGTA • strong passwords, change management • Note: physicians without active directory account will be notified; Information Services will support transition

  5. We are in this together … • patients & families trust we have strong security policies & consistent practices to protect their personal health information (PHI)

  6. Threats to electronic PHI • weak passwords • inappropriate chart access • using another’s login/password • theft/loss of laptop, unencrypted USB key/removable storage media • PHI sent by unencrypted e-mail • texting personal identifiers

  7. Information security practices • physical, technical & administrative • work together to protect PHI and information systems

  8. Preventatives work strong passwords, access & change controls network security, secure remote access encrypted e-mail between NYGH sites training, personal accountability confidentiality agreements audit trails of access to technical systems photo ID serious consequences for inappropriate chart access, use or disclosure up to termination of employment, hospital privileges

  9. Strong login passwords mandatory • on desktops, laptops, mobile devices & removable storage media – do not share, write down or store on equipment • STRONG: combination of letters, numbers, symbols, minimum of 8 characters & • no dictionary words

  10. Protect yourself – never share login, password together they serve as your electronic signature everything done using it will be attributed to you until proven otherwise alwayslog off PowerChart

  11. Mobile devices, removable storage media don’t store PHI on laptops/mobile devices unless encrypted (Information & Privacy Commissioner/Ont.) encryption protects electronic info if lost/stolen whole disk encryption: on all NYGH laptops NYGH computers enforce encryptionif you download to a mobile device; password you choose will decrypt  

  12. Encrypting files Encrypt a copy, not the original file or else you will have to use a password to open it WORD Document Click “File”> “Protect Document”> “Encrypt with Password” PDF Click “File” > “Properties” > “Security”. Select “Password Security” from the “Security Methods” drop-down menu. Check off “Require a Password to Open the Document” Create a strong password and write it down before entering and saving. Send the file and password by separate emails. In the email sending the file, advise that the password will be sent separately.

  13. Secure email encrypted transmission between NYGH sites:  General, Branson, Senior's Health Centre  - if intercepted, it cannot be read without encryption: it's like sending a postcard  Never send personal health or confidential info from or to a personal email account e.g. hotmail, gmail or yahoo - transmission is not encrypted; can be intercepted & read

  14. Working out of NYGH don't take PHI or confidential info out of hospital unless absolutely necessary   instead, use secure remote access where possible

  15. What you can do minimize storage of PHI /confidential info on mobile devices, laptops, storage media back up files to network before leaving ensure encryption enabled on laptop/mobile device use secure storage for laptops, mobile devices, removable media, paper records or keep with you at all times

  16. If it doesn’t go as planned… just call me chief privacy officer 416-756-6448

  17. Security Summary combine physical, administrative & technical protections avoid “What’s the risk?” thinking Encryption protects patients and reputations … still a bargain Nevershare login & password

  18. Information & Privacy Commissioner/Ontario (IPC) • Provides oversight of compliance with the Personal Health Information Protection Act. In this role the Commissioner: • adjudicates access appeals, investigates privacy complaints and may issue public reports • may enter and inspect premises, records, information management practices and require evidence under oath, affirmation • has Order making power; may levy fines of up to $250,000.00 • IPC Contact: 416-326-3333 www.ipc.on.ca

  19. Thank-you For more information please contact Rita Reynolds, Chief Privacy Officer at ext. 6448.

More Related