East Carolina University HIPAA Security Objectives HIPAA Security
East Carolina University HIPAA Security
Objectives • HIPAA Security Rule • Security Rule Principles • Basic Security Awareness Practices • Email & Wireless Guidelines • Portable Devices • Secure Messaging
Background • Health Insurance Portability and Accountability Act of 1996 • Federal standard for privacy and security of protected health information (PHI) • Security Rule: ensure confidentiality, integrity and availability of e. PHI (that a covered entity creates, receives or transmits) • Sets guidelines for protection against: Threats or hazards of integrity and security of e. PHI, unauthorized use and disclosures
Security Rule Principles • Administrative Safeguards - Policies & Procedures • Physical Safeguards - Controlling physical availability • Technical Safeguards - Controlling access and protecting electronic communications
Basic Security Awareness • Use strong passwords, per ECU policy • Lock your computer when not in use • Guard your display • Do not install personal or unauthorized software • Lock sensitive storage areas • Update anti-virus
Basic Security Awareness • Identify and report potential security incidents • Do not store e. PHI unless it is a University approved method • Maintain an inventory of systems, applications, devices that contain PHI. Communicate this to the ECU HIPAA Security Office • Follow ECU policies and procedures for purchasing and/or updating new health information systems, applications, or devices.
E-Mail and Wireless Guidelines • Do not send e. PHI over email unless it is encrypted: ECU Faculty and Staff email to ECU Faculty and Staff email is encrypted. Student email accounts are not encrypted and does not support the University’s encryption software. The student will require an ECU sponsored account from ITCS. ECU email to other entity is not encrypted and will require you to manually encrypt the email. Do not access or send e. PHI over a wireless network unless the data is encrypted prior to transmission.
Portable Device Security • Portable devices are NOT secure for storing e. PHI • Must be encrypted • Must have a passcode • Must always by physically and technically secured. • Turn wireless interfaces off until needed • Any loss, theft, or unauthorized use must be reported to ECU ITCS immediately
Secure Messaging Cortext • Currently ECU providers • Password required for access • Potential roll out to other staff
ECU HIPAA Security • HIPAA Security is everyone’s responsibility • No single security measure will provide total security • Everyone must be knowledgeable of policies and procedures. • https: //hipaa. ecu. edu/ • Security is an ongoing process
Notification of Security Incidents • Report incidents to the University Help Desk • The Help Desk can also provide information regarding purchasing, installing, and using software. • 252. 328. 9866 or http: //help. ecu. edu/
Contact Information ECU HIPAA Security Officer Michelle C. De. Ville, MPA, CHC, CHPC (252) 744 -5200 devillem 18@ecu. edu Assistant Director HIPAA Security Compliance Tim Smith smithti@ecu. edu HIPAA Compliance Specialist HIPAA Security Specialist Lauren Lumley perryl@ecu. edu Jarell Anderson andersonjar 19@ecu. edu HIPAASecurity@ecu. edu HEALTHCAREPRIVACY@ecu. edu
- Slides: 12