Scribd Logo
Upload

Welcome to Scribd!

  • Hipaa Privacy & Security Quick Tips: Why Does Privacy & Security Matter? Our Patients' Trust Starts With You

    Uploaded by

    Harald Vogt
    22 views2 pages

    Original Title

    HIPAA_QuickTips

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views2 pages

    Hipaa Privacy & Security Quick Tips: Why Does Privacy & Security Matter? Our Patients' Trust Starts With You

    Uploaded by

    Harald Vogt

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    HIPAA PRIVACY & SECURITY QUICK TIPS

    Why Does Privacy & Security Matter? Our Patients’ Trust Starts With You
    Here at Texas Tech University Health Sciences Center El ONLY look at, discuss and/or use a patient’s PHI/e-PHI if
    Paso we value our patients’ rights regarding their privacy you immediately need it to perform your job duty
    and confidentiality.
    • Under HIPAA it is against the law to access PHI or
    Ensuring privacy and security of private health ask someone to access it for you - if you are not
    information, including electronic medical records (EMR) is authorized or have no business purpose to see PHI to
    a key component to building trust with our TTUHSC El directly perform your job duties
    Paso patients. – even if you are trying to be helpful!!
    If our patients lack trust in the physical or electronic If any other individual outside your department or
    exchange of their information, it may negatively affect that TTUHSC El Paso is requesting PHI, you must first obtain
    patient-provider relationship. a signed authorization from your patient (ROI) and keep it
    on file
    What exactly are we protecting?
    • Every employee here at TTUHSC El Paso does not
    • Protected Health Information (PHI) automatically have unrestricted access to all PHI
    across the board. Protect PHI from TTUHSC El Paso
    • Both Physical (PHI) and Electronic (e-PHI); and employees who are not authorized or do not have
    • Private Information (PI) or Electronic Private any need to see a patient’s PHI to perform their job
    Information (e-PI) duties
    • Be discreet in your conversations or when discussing
    Health Insurance Portability and PHI, especially in public areas.
    Accountability Act - HIPAA (HSCEP OP 52.02)
    • HIPAA ensures the protection of a patient’s health
    Privacy of PHI
    information and TTUHSC El Paso follows this federal • Don’t leave PHI where it is visible or accessible to
    law to ensure the privacy and security of this PHI or e- public or other individuals out in the open
    PHI
    • Use Confidentiality Disclaimer on any fax coversheet
    • PHI is at risk from YOU when you access this private
    information (PI) outside of your job duties, save • PHI/e-PHI is “unsecured” if it is NOT:
    unsecured/unencrypted PI onto portable devices, do 1. Encrypted (HSCEP OP 56.04) or 2. Destroyed
    not have updated McAfee Anti-Virus protection on all
    • Always lock your computer when you walk away from
    devices or leave a device unsecured in the open,
    it! No excuses!
    visible to anyone
    o Ctrl + Alt + Delete, then select “Lock
    Information Privacy and Security Computer

    There are Information Technology (IT) and o Windows Button + L, and the screen will lock
    Compliance/HIPAA Policies and Procedures that have • Keep offices and workstations secured at all times
    been implemented based on Federal and State laws and
    regulations to provide a common framework for adopting
    and deploying Privacy and Security resources within
    Password Security
    TTUHSC El Paso. • Do NOT ever share your passwords
    o No one inside or outside our TTUHSC El
    • Compliance Policies:
    Paso system should ask for it – don’t give it
    http://elpaso.ttuhsc.edu/compliance/
    out!
    • IT Security Policies: o Do NOT write your passwords down where
    http://elpaso.ttuhsc.edu/it/ they can be found!

    • HIPAA Policies: • Put password protection on all devices and computers


    http://elpaso.ttuhsc.edu/hipaa/ that can access PHI

    • HIPAA Violation Severity Levels and Corresponding • Make sure all PHI is stored only on Secured Servers
    Disciplinary Actions: HSCEP OP 52.14 • If your password has been compromised, change it
    immediately!

    Page 1 Revised 09/2019


    HIPAA PRIVACY & SECURITY QUICK TIPS
    • If anyone asks for your TTUHSC El Paso Unique User It is possible after a violation or breach that the IPO or ISO
    ID or password, report it to IT immediately @ may restrict all your access to our TTUHSC El Paso
    ELP.HelpDesk@ttuhsc.edu network to protect our institution.
    Anti-Virus Protection Financial Penalties for Non-Compliance
    • McAfee is available to all TTUHSC El Paso
    employees for FREE from our IT department • Can you afford the fines (up to $1,500,000) for a
    privacy and/or security violation? Fines are the same
    • Must be put onto all devices used from TTUHSC and at Federal and State level. See below for more details:
    all devices used to VPN into our network to protect
    against Viruses and Worms that can compromise our All Identical
    Violation Each
    TTUHSC network. Violations per
    Category Violation
    Calendar Year
    Email Security $100 -
    Did Not Know $1,500,000
    • Phishing – are emails that falsely claim to be from a $50,000
    legitimate organization with fraudulent intent Reasonable $1,000 -
    $1,500,000
    o If you receive a phishing email, do NOT Cause $50,000
    respond and forward the entire email to Willful Neglect- $10,000 -
    $1,500,000
    ELP.HelpDesk@ttuhsc.edu Corrected $50,000
    Willful Neglect-
    • Spam – is unsolicited, unwanted bulk or junk mail $50,000 $1,500,000
    Not Corrected
    o To reduce the amount of spam your TTUHSC
    El Paso inbox receives, restrict your use of
    How to Report Non-Compliance of
    this email account to business use ONLY
    HIPAA Privacy & Security Policy and
    • Email Encryption (HSCEP OP 56.04) Procedures (HSCEP OP 52.04)
    o When you transmit any PHI or private
    information (sensitive or confidential) to and/or • Report to your Direct Supervisor
    from a NON-TTUHSC El Paso email address, • TTUS Compliance Hotline (HSCEP OP 52.03)
    it MUST be manually encrypted  866-294-9352
     www.ethicspoint.com
    o Simply place the phrase “[Send Secure]” or
    “[SS]” into the beginning of the Subject Line • Contact your Privacy or Security Officers

    Institutional Compliance Officer (ICO)

    Andrew Conkovich, AVP


    andrew.conkovich@ttuhsc.edu (915) 215-6484

    Information Security Officer (ISO)

    Ron Graham
    Ron.Graham@ttuhsc.edu (915) 215-4040

    Institutional Privacy Officer (IPO)

    TTUHSC Owned Property and Equipment Obumneme Eze


    Your TTUHSC El Paso Computer and/or Laptops and obumneme.eze@ttuhsc.edu (915) 215-4459
    stored electronic data are state owned resources and are
    NOT for personal use. Using these resources for personal
    use can put our network at risk. Please don’t misuse
    these resources. Remember you are responsible for
    violations with your e-Raider ID.
    Missing, Lost, or Stolen TTUHSC El Paso computing
    devices must be reported immediately to either the
    Institutional Security Officer (ISO) and/or Institutional
    Privacy Officer (IPO)
    – AS SOON AS YOU KNOW ITS MISSING!
    (HSCEP OP 63.10)

    Page 2 Revised 09/2019

    You might also like