580 likes | 723 Vues
2. This presentation focuses on two types of confidential electronic information:. ePHI = Electronic Protected Health InformationMedical record number, account number or SSNPatient demographic data, e.g., address, date of birth, date of death, sex, e-mail / web addressDates of service, e.g., date
E N D
1. 1 Information Security Awareness Training: Good Computing Practices for Confidential Electronic Information Information Security Training
for all Workforce Members who use computers.
UCSD Health Sciences
Privacy / Security Office
Issued: 3/15/2005
Updated: 4/22/2005
2. 2 This presentation focuses on two types of confidential electronic information: ePHI = Electronic Protected Health Information
Medical record number, account number or SSN
Patient demographic data, e.g., address, date of birth, date of death, sex, e-mail / web address
Dates of service, e.g., date of admission, discharge
Medical records, reports, test results, appointment dates
PII = Personally Identified Information
Individuals name + SSN number + Drivers License # and financial credit card account numbers
3. 3 Definition of ePHI ePHI or electronic Protected Health Information is patient health information which is computer based, e.g., created, received, stored or maintained, processed and/or transmitted in electronic media.
Electronic media includes computers, laptops, disks, memory stick, PDAs, servers, networks, dial-modems, E-Mail, web-sites, etc.
Federal Laws: HIPAA Privacy & Security Laws mandate protection and safeguards for access, use and disclosure of PHI and/or ePHI with sanctions for violations.
4. 4 Definition of PII Personal information Unencrypted computerized information that includes an individuals name in combination with any one or more of the following: Social Security Number, Drivers license number, or California ID card #, credit / debit in combination with their access / security code or password
State Law: SB-1386 California, Privacy of Personal Information to Prevent Identity Theft. SB-1386 requires mandatory notice to the subject of an unauthorized, unencrypted electronic disclosure of personal information.
5. 5 What are the Information Security Standards for Protection of ePHI? Information Security means to ensure the confidentiality, integrity, and availability of information through safeguards. Confidentiality that information will not be disclosed to unauthorized individuals or processes [164.304] Integrity the condition of data or information that has not been altered or destroyed in an unauthorized manner. Data from one system is consistently and accurately transferred to other systems. Availability the property that data or information is accessible and useable upon demand by an authorized person.