privacy and information security training 2006 07
Download
Skip this Video
Download Presentation
Privacy and Information Security Training (2006-07)

Loading in 2 Seconds...

play fullscreen
1 / 14

Privacy and Information Security Training (2006-07) - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

Privacy and Information Security Training (2006-07). VUMC Privacy Website www.mc.vanderbilt.edu/privacy . The Most Common Privacy/Security Incidents Reported . Unauthorized access or disclosure of patient information Sharing passwords, and electronic signatures Failure to secure workstations

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Privacy and Information Security Training (2006-07)' - onan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
privacy and information security training 2006 07

Privacy and InformationSecurity Training (2006-07)

VUMC Privacy Website

www.mc.vanderbilt.edu/privacy

the most common privacy security incidents reported
TheMost Common Privacy/Security Incidents Reported
  • Unauthorized access or disclosure of patient information
  • Sharing passwords, and electronic signatures
  • Failure to secure workstations
  • Failure to properly dispose of documents containing confidential information
  • Careless handling of personal or confidential information
unauthorized access or disclosure of patient information
Unauthorized Access or Disclosure of Patient Information

Patient information shall be accessed and disclosed

only as authorized, on a need-to-know basis,

or as required by law.

  • Have you been concerned about a co-worker in the hospital and looked up their medical record?
  • Have you looked up your spouse’s record without formal authorization?

These are considered Level III violations and will result in at least final written warning or Final PIC.

accessing and disclosing patient information things you need to know
Accessing and Disclosing Patient InformationThings You Need to Know

An “Authorization to Access Medical Records” form (MC1814)mustbe signed and placed into the patient’s record for you to have permission to access a record.

You can obtain this form in Star Panel, by going to e-docs, or calling the Privacy Office.

The Privacy Office conducts audits each month on the records of staff and faculty.

accessing and disclosing patient information things you need to know5
Accessing and Disclosing Patient InformationThings You Need to Know

Entering a patient’s room and proceeding to discuss information with the patient in front of family members/visitors has resulted in inappropriate disclosures.

Remember to ask family members/visitors to leave the room prior to discussing information. If the patient says it’s okay for them to stay then you can proceed with the discussion.

accessing and disclosing patient information things you need to know6
Accessing and Disclosing Patient InformationThings You Need to Know

The following behaviors are considered privacy breaches under the current sanctions policy?

  • Gossiping about a faculty/staff member’s health information resulting in a complaint being filed is considered a Level I violation.
  • Gossiping/sharing PHI secured through your role at VUMC is considered a Level III violation.

VUMC Sanctions Policy:http://vumcpolicies.mc.vanderbilt.edu/E-Manual/Hpolicy.nsf/AllDocs/F4FAEAD3EEB0D9C986256FE7006DE2A2

sharing passwords and electronic signatures
Sharing Passwords and Electronic Signatures

Individual user names and passwords,

as well as electronic signatures,

must be kept confidential and shall not be shared.

  • What if a manager shares the password to her email account with her Administrative Assistant?
  • What if a resident shares her SecurID token with another resident who is having problems with his own token?

Both of these are privacy/security violations and will result in disciplinary action.

sharing passwords and electronic signatures things you need to know
Sharing Passwords and Electronic SignaturesThings You Need to know

Sharing your VU-net user name and password with another person gives that person access to your personnel records.

You are able to delegate access to your email account to someone else without sharing your password. Contact your computer support person if you need help to give someone access to your email account.

iii failure to secure workstations
III.Failure to Secure Workstations

Things You Need to Know

  • Failure to lock the computer screen may result in others documenting in the electronic medical record under your user-id.
  • Failure to lock the computer screen when you walk away allows unauthorized individuals to view confidential information.

Be sure to lock the computer screen or log off

anytime you need to walk away from the computer to

protect confidentiality and data integrity.

iv failure to dispose of documents containing confidential information
IV. Failure to Dispose of Documents Containing Confidential Information

Medical records, reports or other documents or

information shall not be left unattended in a way

that exposes confidential information.

Things You Need to Know

  • Always dispose of confidential information in a shredder bin.
  • Be sure to clear your desk of any documents containing confidential information or remove them from view when leaving your desk for an extended period of time.
  • Photos of patients for treatment purposes must be stored in the patient’s record or in a secure database in accordance with the revised policy “Consent for Patient Photographs/Videos” OP 20-10.10.
v careless handling of personal or confidential information
V. Careless handling of personal or confidential information

Personal or confidential information misdirected

to the wrong person verbally or by fax or email

is considered a privacy breach.

Things You Need to Know

When faxing:

  • Always use a cover sheet
  • Confirm the fax number before you send
  • Double check to make sure you enter the correct fax number.
careless handling of personal or confidential information
Careless handling of personal or confidential information

Things You Need to Know

  • When sending electronic messages
    • Use MyHealthatVanderbilt.com (a secure web-based portal) to securely communicate with patients, as opposed to standard email
    • If you use email, confirm the address before sending and limit the personal information sent
  • When discussing confidential information
    • Avoid being overheard by others
    • Just leave a name and call back number in phone messages
conclusion
Conclusion
  • Some privacy/security breaches occur from individuals being careless while others occur from deliberate actions.
  • Follow the practices set forth in this training presentation and you will avoid committing the most frequent type of breaches that occur at VUMC.
  • If you have any questions or need to report a concern, please contact the Privacy Office @ 936-3594 or [email protected]
final instructions
Final Instructions
  • To complete the training you must print off the HIPAA Test and submit it to the manager in your department for filing in your personnel file.

Any questions related to this training may be submitted to the Privacy Office at [email protected] or call 936-3594.

ad