Crowdsurf - HIPAA & FERPA Data Privacy Training.pdf
axeneqer
13 views
11 slides
Oct 10, 2024
Slide 1 of 11
1
2
3
4
5
6
7
8
9
10
11
About This Presentation
Crowdsurf - HIPAA & FERPA Data Privacy Training
Slide Content
HIPAA & FERPA
DATA PRIVACY TRAINING
HIPAA and FERPA company, contractor
training on Data Privacy and Security
standards and rules of conduct.
DATA PRIVACY TRAINING
HIPAA and FERPA company, contractor
training on Data Privacy and Security
standards and rules of conduct.
The Health Insurance Portability and Accountability
Act (HIPAA) is federal legislation that addresses
issues ranging from health insurance coverage to
national standard identifiers for healthcare providers.
The portions that are important for our purposes are
those that deal with protecting the privacy
(confidentiality) and security (safeguarding) of health
data, which HIPAA calls Protected Health Information
or PHI.
What Is HIPAA?
Act (HIPAA) is federal legislation that addresses
issues ranging from health insurance coverage to
national standard identifiers for healthcare providers.
The portions that are important for our purposes are
those that deal with protecting the privacy
(confidentiality) and security (safeguarding) of health
data, which HIPAA calls Protected Health Information
or PHI.
What Is HIPAA?
The Family Educational Rights and Privacy Act
(FERPA) is a federal law that affords parents the right
to have access to their children’s education records,
the right to seek to have the records amended, and
the right to have some control over the disclosure of
personally identifiable information from the
education records.
When a student turns 18 years old, or enters a
postsecondary institution at any age, the rights under
FERPA transfer from the parents to the student
(“eligible student”).
What Is FERPA?
(FERPA) is a federal law that affords parents the right
to have access to their children’s education records,
the right to seek to have the records amended, and
the right to have some control over the disclosure of
personally identifiable information from the
education records.
When a student turns 18 years old, or enters a
postsecondary institution at any age, the rights under
FERPA transfer from the parents to the student
(“eligible student”).
What Is FERPA?
• Any information, transmitted or maintained in any
medium, including demographic information
• Created/received by a covered entity or business
associate
• Relates to/describes past, present, or future
physical/ mental health, address, financial
information, age, social security or driver's license
information, etc.
Information that can be used to identify the person
What Is Protected Health Information? (PHI)?
medium, including demographic information
• Created/received by a covered entity or business
associate
• Relates to/describes past, present, or future
physical/ mental health, address, financial
information, age, social security or driver's license
information, etc.
Information that can be used to identify the person
What Is Protected Health Information? (PHI)?
• We are required before a covered entity can
contract with a third party individual or vendor
(subcontractor) to perform activities or functions
which may involve the use or disclosure of the
covered entity’s PHI.
What Is The
Business Associate
(BA) Agreement?
contract with a third party individual or vendor
(subcontractor) to perform activities or functions
which may involve the use or disclosure of the
covered entity’s PHI.
What Is The
Business Associate
(BA) Agreement?
• Breach is defined as the unauthorized acquisition,
access, use, or disclosure of unsecured PHI which
compromises the security or privacy of the
information.
• Impermissible use or disclosure is presumed to be a
breach unless the facility or business associate proves
that there is a low probability that PHI has been
compromised.
What Is A Breach?
access, use, or disclosure of unsecured PHI which
compromises the security or privacy of the
information.
• Impermissible use or disclosure is presumed to be a
breach unless the facility or business associate proves
that there is a low probability that PHI has been
compromised.
What Is A Breach?
1 2
What Constitutes a Breach?
A breach could result from many activities.
– Accessing more than the minimum necessary
– Failing to log off when leaving a workstation
– Unauthorized access to PHI
– Sharing confidential information, including passwords
– Having patient-related conversations in public
settings
– Improper disposal of confidential materials in any
form
– Copying or removing PHI from the appropriate area
Why?
– Curiosity, about a person or entity
– Laziness, shared sign-on to tech systems
– Compassion, the desire to help someone
– Greed or malicious intent for personal gain
What Constitutes a Breach?
A breach could result from many activities.
– Accessing more than the minimum necessary
– Failing to log off when leaving a workstation
– Unauthorized access to PHI
– Sharing confidential information, including passwords
– Having patient-related conversations in public
settings
– Improper disposal of confidential materials in any
form
– Copying or removing PHI from the appropriate area
Why?
– Curiosity, about a person or entity
– Laziness, shared sign-on to tech systems
– Compassion, the desire to help someone
– Greed or malicious intent for personal gain
• When receiving a privacy complaint, learning of a
suspected breach in privacy or security, or noticing
something is “just not right,” we must work together.
• If you notice, hear, see, or witness any activity that
you think might be a breach of privacy or security,
please let your organization’s privacy and/or security
officer know immediately.
• It is much better to investigate and discover no
breach than to wait and later discover that
something did happen.
Responsibility to Report Promptly
suspected breach in privacy or security, or noticing
something is “just not right,” we must work together.
• If you notice, hear, see, or witness any activity that
you think might be a breach of privacy or security,
please let your organization’s privacy and/or security
officer know immediately.
• It is much better to investigate and discover no
breach than to wait and later discover that
something did happen.
Responsibility to Report Promptly
08
• Notify your Security Officer of any unusual or
suspicious incident
– Lucy Johnson
– Contact: [email protected]
• Security incidents include the following:
– Theft of or damage to equipment
– Unauthorized use of a password
– Unauthorized use of a system
– Violations of standards or policy
– Computer hacking attempts
– Malicious software
– Security weaknesses
– Breaches to patient, employee, or student privacy
How to Report A
Breach
• Notify your Security Officer of any unusual or
suspicious incident
– Lucy Johnson
– Contact: [email protected]
• Security incidents include the following:
– Theft of or damage to equipment
– Unauthorized use of a password
– Unauthorized use of a system
– Violations of standards or policy
– Computer hacking attempts
– Malicious software
– Security weaknesses
– Breaches to patient, employee, or student privacy
How to Report A
Breach
Do not allow unauthorized
persons into restricted
programs with access to
PHI
Arrange computer
screens so they are not
visible to unauthorized
persons
Log in with a password, log
off prior to leaving the work
area, and do not leave the
computer unattended
Do not duplicate, transmit,
or store PHI without
appropriate authorization
Storage of PHI on
unencrypted removable
devices is prohibited without
prior authorization.
Close files not in use/turn
over paperwork containing
PHI
1 2 3
4 5 6
Security Standards & General Rules
persons into restricted
programs with access to
PHI
Arrange computer
screens so they are not
visible to unauthorized
persons
Log in with a password, log
off prior to leaving the work
area, and do not leave the
computer unattended
Do not duplicate, transmit,
or store PHI without
appropriate authorization
Storage of PHI on
unencrypted removable
devices is prohibited without
prior authorization.
Close files not in use/turn
over paperwork containing
PHI
1 2 3
4 5 6
Security Standards & General Rules
Both HiPAA and FERPA were
designed to protect privacy
Privacy Protection
Any information, transmitted
or maintained in any medium,
Data Included
Relates to physical/mental
health, address, financial, Etc
What Data
Notify your Security Officer
of any unusual incidents
Report
Follow the standards outlined
in this training
Standard
Have questions?
ADD EMAIL
Contact
Summary
1 2
3 4
5 6
designed to protect privacy
Privacy Protection
Any information, transmitted
or maintained in any medium,
Data Included
Relates to physical/mental
health, address, financial, Etc
What Data
Notify your Security Officer
of any unusual incidents
Report
Follow the standards outlined
in this training
Standard
Have questions?
ADD EMAIL
Contact
Summary
1 2
3 4
5 6
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 13
- Slides 11
- Age 422 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
51 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
39 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
38 views
21
Know for Certain
DaveSinNM
24 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views