Asheville Physical Therapy. Security Awareness Training Revision 2010. Outline. The purpose of security awareness training HIPPA PHI PII HITECH Act 2009 NC ITPA Sensitive Data Best Practices Documentation. Purpose. Why do I need to know this stuff?
Asheville Physical Therapy
Security Awareness Training
Why do I need to know this stuff?
What is HIPPA?
1. Electronic transactions and code sets standards requirements
2. Privacy requirements (PHI)
3. Security requirements (Technical & physical data safeguards)
4. National identifier requirements (NPI)
Where are we?
Are we a covered entity?
OK, I have to comply… So what is “reasonable diligence” ?
Are there penalties for non-compliance?
What is it?
What information is protected?
PHI includes information (even demographic data) that relates to:
1. The individual’s past, present or future physical or mental health
2. The provision of health care to the individual
3. Past, present, or future payments for the provision of health care
4. Information that identifies the individual
5. Information which can be reasonably used to identify the individual
What is it?
The U.S. General Services Administration says…
Health Information Technology for Economic and Clinical Health (HITECH) Act
What does it mean?
The HITECH Act gave HIPPA teeth!
What do you mean it gets worse?
Your burning me out with all this bad news!
The North Carolina Identity Theft Protection Act
What is sensitive data?
Sensitive data includes, but is not limited to;
What are we supposed to do?
The plan is
Training needs to be documented
Presentation prepared by