1 / 23

New Uses for ROCKET: HIPAA Compliant Workspaces and Other Developments

New Uses for ROCKET: HIPAA Compliant Workspaces and Other Developments. Tara Helmer Research Services Consultant July 12, 2013.

laasya
Download Presentation

New Uses for ROCKET: HIPAA Compliant Workspaces and Other Developments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. New Uses for ROCKET: HIPAA Compliant Workspaces and Other Developments Tara Helmer Research Services Consultant July 12, 2013

  2. ROCKET is a web-based tool for sharing information and documents, allowing members of a workspace to collaborate by building and sharing web pages. ROCKET workspaces are meant to be dynamic and user-friendly, allowing for two-way sharing of information between members. ROCKET is also self-serving in that the members can edit and maintain the workspace per the needs of the group. • Starting with a blank slate, members can add and organize • files and images • headers, text, dividers, and lists (bulleted, numbered, and checklists) • tables • as well as additional pages

  3. Anyone! • Any member of the Vanderbilt and Meharry communities (with a valid VUNet ID and password) can access ROCKET and create a workspace on StarBRITE. • External users can access a workspace if they are added as a member by a Vanderbilt or Meharry workspace owner/admin. External users cannot create their own workspaces.

  4. Access to Workspaces • Anyone can access ROCKET and Anyone with a VUNet ID can create new Workspaces • Access to Workspaces is managed in Workspace Membership • Admins/Creators of a space can add new members and give them specific rights. The different user rights include: • Admin – Manage users on the workspace; has all user privileges(Create/Read/Write/Delete/Sort), Can Lock pages, Can create Short URLs, Delete a Workspace for all users • Creators of a Workspace are an Admin by default • Only other Admins can remove an Admin’s user rights • Create - Add/create pages • Read (default) –Read-only view • Write – Create content on the pages; Can Clone workspaces to new workspaces, send Notifications to Workspace Members • Delete - Delete pages within the workspace • Sort - Sort pages in your workspace Table of Contents

  5. New PHI Safe Workspaces Receive and Manage notices from your Workspaces Manage Workspaces Your Dashboard provides a place to Create New, Search Workspaces, Organize Workspace, and receive Notifications. Note, notifications are messages sent from Workspaces. To guarantee you also receive these via email, check the “Send emails” option over your Notifications.

  6. Public (green) & Private (blue) Workspaces Workspace Tools

  7. ROCKET is built so that creating, accessing, and sharing content can occur easily and efficiently. New HIPAA Workspaces now allow for users to apply this in sharing content in a way that PHI content is protected. The HIPAA Security Rule requires that workforce members adhere to controls and safeguards to ensure Integrityof information – the medical record must be accurate Confidentiality – The medical record should only be seen by those with a need to know and all uses of that data should be knowable by the individual. Availability – The medical record must be available, in essence, no reasonably avoidable downtime   For additional information on VUMC information security policies and practices, visit the Info Security Page.

  8. What does HIPAA cover? HIPAA covers the Privacy, Security and Enforcement rules of PHI. The Privacy and Security rules contain information on how one must treat PHI (whether it’s electronic or not). The enforcement rules specify what happens if you don’t (the penalties). • Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI). • Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption. • Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations. • Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact. • Network, or transmission, securityis the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

  9. Only invited users can access PHI Protected Workspaces, and thus download or access an information on the site. • Numerous warning at various points in the space to remind users of their obligation to protect patient data • ROCKET application only allows unique user IDs and includes measures for an emergency access procedure, automatic log off and encryption and decryption. • Tracking logs exist in the application to best monitor behavior in the workspaces • ROCKET team is easily able to recover any information placed on the Workspaces • Additional measures within ROCKET prevent users from shared data on ROCKET to unauthorized users. Usual features such as exporting pages to email and making pages public have been deactivated

  10. Project teams are not physically located in the same place. • Needing a single location to access information related to work as well as reviewed MRNs or Patient data relevant to the study/project • Needing members to have immediate and returned access to the data, but also the need to expire access after a particular point(ROCKET allows admins to give access up to a specified expiration date if need be) • Minimizing number of steps to access and the dispose of current available data for the work.

  11. New PHI Safe Workspaces Note, only Workspace Admins can make a workspace PHI Safe. Select “Settings” in the tool icon pop up.

  12. By selecting the checkbox for PHI Protection, your workspace will be HIPAA compliant. Please note, this action can not be undone. Once you have selected the Workspace to be PHI protected, all pages in the workspace will be made private. You are given the option to move all public pages in the workspace to a new non-PHI space if you would like.

  13. Features not Available in HIPAA Compliant Workspaces: • Copying Pages into Non-PHI protected workspaces • Exporting content to email • Public Pages

  14. Sharing Study Data across Multiple Institutions • Multiple department collaborations • PHI protected workspaces may be useful for teams for reason other than sharing PHI data. • …

  15. Fostering Multi-Institution Projects • Grant Submission Collaboration • Manuscript Development • Committee Operations Planning • Course Development and Communication • Program/Project Management • ….

  16. One example of putting more than one image in block, is by placing more than one image in a file block you can illustrate instructions using screenshots.

  17. Sticky Notes and How They Add in Editing Information

  18. Manuscript Development • Collect all the information in a quick and easy display for all Authors • Can use creative ways to move/structure your pages to organize what content to consider

  19. REDCap on ROCKET • Templates • … • ROCKET has evolved greatly in the past six months and this is largely due to suggestions and needs from its users. Please let us know using the Provide Feedback link what YOU would like in ROCKET so that ROCKET can continue to evolve.

  20. In your ROCKET workspaces, there is a “Provide Feedback” and “Report a Bug” which will allow you to immediate let someone on the team know of any issues, questions, or suggestions you might have for the resource • Or feel free to contact me at Jacqueline.Kirby@Vanderbilt.edu

More Related