The document provides an overview of GBMC's HIPAA compliance program and training. It discusses the HIPAA privacy rule's requirements regarding protected health information, patient rights, notice of privacy practices, privacy policies, and the privacy officer. It also covers the HIPAA security rule and topics that will be addressed in the training, including electronic protected health information, user identity, password management, security policies, and the security officer.
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
PowerPoint presentation from the Human Subjects Research Committee at the University of North Alabama,
in Florence, AL, concerning HIPAA policies and procedures.
HIPAA applies to “PHI” (Protected Health Information).
PHI Information’s are those information that identifies who the health-related information belongs to. I.e. names, email addresses, phone numbers, medical record numbers, photos, driver’s license numbers, etc.
For an example if you have something that can identify a user together with health information of any kind (from an appointment, to a list of prescriptions, to test results, to a list of doctors) you have PHI that needs to be protected as per HIPAA regulations.
While this presentation offers a rudimentary understanding of HIPAA as it relates to PHRs, its primary objective is to highlight key aspects of PHR privacy policies provided by non-covered entities (Microsoft & Google) and argue that HIPAA, after significant amendments, should be extended to them.
The Health Insurance Portability and Accountability Act (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage – such as portability and the coverage of individuals with pre-existing conditions.
https://www.hipaajournal.com/hipaa-training-requirements/
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
The majority of changes to HIPAA have been introduced and strengthened by the recent passage of the HITECH and Omni-bus rules.
ControlCase HIPAA Compliance as a Service (CaaS)
is an Integration of services, software and compliance management and reporting for HIPAA, PCI, ISO 27001/2, SSAE16 and SAP through our cloud-based GRC.
PowerPoint presentation from the Human Subjects Research Committee at the University of North Alabama,
in Florence, AL, concerning HIPAA policies and procedures.
HIPAA applies to “PHI” (Protected Health Information).
PHI Information’s are those information that identifies who the health-related information belongs to. I.e. names, email addresses, phone numbers, medical record numbers, photos, driver’s license numbers, etc.
For an example if you have something that can identify a user together with health information of any kind (from an appointment, to a list of prescriptions, to test results, to a list of doctors) you have PHI that needs to be protected as per HIPAA regulations.
While this presentation offers a rudimentary understanding of HIPAA as it relates to PHRs, its primary objective is to highlight key aspects of PHR privacy policies provided by non-covered entities (Microsoft & Google) and argue that HIPAA, after significant amendments, should be extended to them.
The Health Insurance Portability and Accountability Act (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage – such as portability and the coverage of individuals with pre-existing conditions.
https://www.hipaajournal.com/hipaa-training-requirements/
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
The majority of changes to HIPAA have been introduced and strengthened by the recent passage of the HITECH and Omni-bus rules.
ControlCase HIPAA Compliance as a Service (CaaS)
is an Integration of services, software and compliance management and reporting for HIPAA, PCI, ISO 27001/2, SSAE16 and SAP through our cloud-based GRC.
What exactly is HIPPA Compliance, and why is it important in app development? Things to think about, and how to get your own app ,a comprehensive guide to follow Checkout the presentation to know more
This presentation provides information on the importance of Confidentiality in Health Care. Protecting patient information should be the number one priority in hospitals and independent doctor's office. The health care leadership should make sure that staff are trained on ethics in health care in regards to HIPPA.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
2. Back
Menu
Next
HIPAA Requires
Standards for Electronic Transactions and Code Sets
-Compliance
-Enforced
Date: October 16, 2003
by: Centers for Medicare and Medicaid (CMS)
Standards for Privacy of Individually Identifiable
Health Information
-Compliance
-Enforced
Date: April 14, 2003
by: Office of Civil Rights (OCR)
Standards for Security of Electronic Protected Health
Information
-Compliance
-Enforced
Date: April 20, 2005
by: Centers for Medicare and Medicaid (CMS)
2
4. Back
Menu
Next
Training Focus
The training that you are receiving today will focus on learning what responsibilities
you have in order to ensure GBMC complies with HIPAA Privacy and HIPAA
Security Regulations. The following topics will be covered:
HIPAA PRIVACY
HIPAA SECURITY
Protected Health Information
Protected Health Information
Electronic Protected Health Information
Electronic Protected Health Information
Minimum Necessary
Minimum Necessary
User Identity
User Identity
Patient Rights
Patient Rights
Password Management
Password Management
Notice of Privacy Practices
Notice of Privacy Practices
Appropriate Use of Computing Devices
Appropriate Use of Computing Devices
Privacy Policies
Privacy Policies
Security Policies
Security Policies
Privacy Officer
Privacy Officer
Security Officer
Security Officer
Reporting Privacy Concerns
Reporting Privacy Concerns
Reporting Security Concerns
Reporting Security Concerns
4
5. Back
Menu
Next
HIPAA Privacy
The Privacy Rule
Protects information known as
PROTECTED HEALTH
INFORMATION (PHI) that
exists in written, oral, and
electronic formats.
Protected Health Information
Protected Health Information
5
6. Back
Menu
Next
HIPAA Privacy
Examples of PHI
Name
Birth Date
Fax Number
Account Number
Web Universal Resource Locator
(URL)
Street Address
Admission Date
Electronic mail address
Certificate/License Number
License Plate Number
City
Discharge Date
Social Security Number
Protected Health Information
Protected Health Information
Vehicle and Serial Number
Device Identifier and Serial Number
Precinct
Date of Death
Medical Record Number
Internet Protocol Number
Full Face Photographic Images
Zip Code
Telephone Number
Health Plan Beneficiary Number
Biometrics Identifiers (i.e. finger
prints)
Any Other Unique Identifying
Number, Characteristic, or Code
6
7. Back
Menu
Next
HIPAA Privacy
The Privacy Rule
Limits the way in which members of the GBMC workforce may
use and disclose (release) PHI. GBMC workforce must
have a job-related reason to use and or disclose PHI.
Requires that all GBMC workforce use only the minimum
amount of PHI necessary to get the job done. This is what
HIPAA defines as the MINIMUM NECESSARY Standard.
“Workforce” means
employees, volunteers,
trainees, and other persons
who conduct work for GBMC
and are under the direct
control of GBMC, whether or
not they are paid by GBMC.
Minimum Necessary
Minimum Necessary
7
8. Back
Menu
Next
Annual Acknowledgment of the Minimum
Necessary Standard
Every year, employees affirm their commitment to this
standard by electronically signing the GBMC Code of
Business Ethics Acknowledgment, Confidentiality of
Information Agreement, and Appropriate Use Agreement.
Failure to comply with this standard will lead to disciplinary
action, up to and including termination.
Minimum Necessary
Minimum Necessary
8
9. Minimum Necessary Scenarios
A patient that I cared for in the ICU was transferred to a
medical unit. May I look in the patient’s record to see how
she is doing? May I call the unit and talk to the nurse who is
now caring for her?
As much as this may reflect your compassion and concern for
patients whom you have taken care of in the past, you may not
inquire into her status unless there is a job-related reason. For
example, if you have to complete a note in her record after she
has left your unit, you may access her record to complete your
note.
Minimum Necessary
Minimum Necessary
9
10. Minimum Necessary Scenarios
I am a unit clerk and while I was working night shift, a nurse
named Mary became very ill. Another nurse named Alice
transported Mary to the Emergency Dept (ED) & described
for the nursing staff in the ED what symptoms Mary had
complained of having. Alice was thanked for her assistance
& told that she could return to her floor. Later that evening, I
walked by Alice while she was on the computer & she called
me over. She had Mary’s lab results up on her screen. Can
she do this?
No, Alice should not look at this information. She has violated
the minimum necessary standard. Such violation is punishable
up to and including termination.
Minimum Necessary
Minimum Necessary
10
11. Back
Menu
Next
HIPAA Privacy
The Privacy Rule
Provides patients with certain rights - these rights are
commonly referred to as the PATIENT PRIVACY RIGHTS.
These rights are communicated to the patient in the Notice
of Privacy Practices.
If a patient wishes to exercise any of these Patient Privacy
Rights (which are outlined on the next slide), they must do
so in writing. You should contact Medical Records Correspondence Department (443-849-2274) for the correct
forms.
Patient Rights
Patient Rights
11
12. Back
Menu
Next
HIPAA Privacy
The Patient Privacy Rights
Right to access PHI
Right to request an amendment to PHI
Right to request restrictions on how PHI is used for
treatment, payment, and healthcare operations
Right to receive confidential communications
Right to request an accounting of disclosures
Right to complain to the Department of Health and Human
Services’ Office for Civil Rights
Patient Rights
Patient Rights
12
13. Back
Menu
Next
HIPAA Privacy
The Privacy Rule
Requires that GBMC provide all patients with a copy of its
NOTICE OF PRIVACY PRACTICES (NOPP).
Each patient must sign an acknowledgment after receiving
the NOPP unless the patient is unable to do so at the time of
registration.
Copies of the NOPP may be ordered from Purchasing.
Notice of Privacy
Practices
Effective April 14, 2003
Notice of Privacy
Practices
Effective April 14, 2003
Notice of Privacy
Practices
Effective April 14, 2003
Notice of Privacy
Practices
Effective April 14, 2003
GBMC includes Greater Baltimore
Medical Center, Gilchrist Hospice
Care and GBMC Foundation.
GBMC includes Greater Baltimore
Medical Center, Gilchrist Hospice
Care, and GBMC Foundation.
GBMC includes Greater Baltimore
Medical Center, Gilchrist Hospice
Care, and GBMC Foundation.
GBMC includes Greater Baltimore
Medical Center, Gilchrist Hospice
Care, and GBMC Foundation.
Notice of Privacy Practices
Notice of Privacy Practices
13
14. Back
Menu
Next
HIPAA Privacy
The Notice of Privacy
Practices
Notice of Privacy
Practices
Effective April 14, 2003
GBMC includes Greater Baltimore
Medical Center, Gilchrist Hospice
Care and GBMC Foundation.
Notice of Privacy Practices
Notice of Privacy Practices
The Notice is a useful tool not only
for you but also for the patient.
The NOPP:
describes how GBMC may use
a patient’s PHI
provides a clear and concise
description of the patient’s
rights
discusses how a patient may
opt-out of the facility directory
discusses how the medical
staff may interact with the
patient’s family
14
15. Back
Menu
Next
HIPAA Privacy
The Privacy Rule
Requires that GBMC create policies regarding how GBMC’s
workforce is allowed to use and disclose (release) PHI.
Also requires that GBMC make available to and educate its
workforce on those policies.
All of GBMC’s PRIVACY POLICIES are located on the
Compliance Page of the GBMC InfoWeb.
Hardcopies of the policies may be printed directly from the
InfoWeb or obtained from the Compliance Department.
Privacy Policies
Privacy Policies
15
16. Back
Menu
Next
HIPAA Privacy
THE GBMC Privacy
Policies
Examples of GBMC
Privacy Policies include:
Privacy Policies
Privacy Policies
#003.102 Minimum Necessary Use
and Disclosure of Protected
Health Information
#003.105 Uses and Disclosures for
Involvement in the Individual’s
Care and Notification Purposes
#003.114 Uses and Disclosures of
Protected Health Information for
Law Enforcement Purposes
16
17. Back
Menu
Next
HIPAA Privacy
The Privacy Rule
Requires that GBMC designate someone who is
responsible for
the development and implementation of the privacy
policies
privacy related training and education
investigating privacy related complaints
conducting routine audits to make sure that all of
GBMC’s workforce are complying with the privacy
policies
The PRIVACY OFFICER for GBMC is Tara Miller.
Privacy Officer
Privacy Officer
17
18. Back
Menu
Next
HIPAA Privacy
THE Privacy Rule
Requires that GBMC provide a way for patients and
workforce to REPORT PRIVACY CONCERNS or ask
privacy questions.
Tara Miller, GBMC Privacy
Officer
443-849-4327
HIPAA GroupWise Resource
To send an email, type HIPAA
in the “To” field
The Business EthicsLine is
now the Privacy Hotline too
1-800-299-7991
The Compliance Home Page
is your source for HIPAA
information.
GBMC Infoweb
Reporting Privacy Concerns
Reporting Privacy Concerns
18
19. Back
Menu
Next
HIPAA Privacy
Privacy Compliance Tips
Keep all PHI locked and secured when you are away from your
work area.
Do not include any patient identifiers in the subject line of an email.
Do not discuss PHI in public or common areas.
Make sure to check the fax number for accuracy before sending a
fax that contains PHI. All faxes must include a completed GBMC
standard fax cover sheet (see fax policy for limited exceptions).
If a fax is sent to the wrong recipient in error, you must complete
the Accounting of Disclosures log located on the Compliance page
of the InfoWeb and send it to Medical Records.
Sign-in sheets are allowed as long as we continue to follow the
standard protocols that have always been in place at GBMC. Sign
- in sheets should be limited to patient name and appointment
time.
19
20. Back
Menu
Next
HIPAA Security
The Security Rule
Requires administrative, physical, and technical
safeguards be implemented to address the
confidentiality, integrity, and availability of
ELECTRONIC PROTECTED HEALTH INFORMATION
(ePHI).
Security of patient information is EVERYONE’S job!
We owe it to our patients!
Electronic Protected Health Information
Electronic Protected Health Information
20
21. Back
Menu
Next
HIPAA Security
The Security Rule
Requires GBMC provide each computer system user with a
unique USER IDENTITY.
Your user identity is the combination of your user id and your
password – do not share or write down your password where
it can be easily retrieved by someone other than you.
Your user identity is what is used to monitor your activity on
the system(s).
Do not leave yourself signed onto a computer and then walk
away without signing off. You are responsible for any activity
that occurs under your user identity. Your user identity
appears on audit reports which are frequently monitored.
User Identity
User Identity
21
22. Back
Menu
Next
HIPAA Security
Protecting Your Password
In order to protect against unauthorized access to our
computers, GBMC has taken appropriate steps to monitor all
activity on the network to ensure that people are not trying to
break-in to those systems.
However, as a user of a GBMC system, it is important that
you also take measures to ensure that people cannot access
GBMC systems – this is partly accomplished through
PASSWORD MANAGEMENT.
Password management includes selecting a strong
password, protecting your password, as well as frequently
changing your password.
“A password should be like a toothbrush.
Use it every day; change it regularly and
DON’T share it with friends” - Usenet
Password Management
Password Management
22
23. Back
Menu
Next
HIPAA Security
Examples of How to Create a Strong Password
1. Mix upper and lowercase
characters
3bLINdmice
5gOLDenrings
4cALLingbirdS
3. Combine two words by
using a special character
Roof^Top
Sugar$Daddy
B@tterup!
2. Replace letters with
numbers
Replace “E” with “3”
“Sp3cial” or “3l3gant”
4. Use the first letter from each
word of a phrase from a
song
“Oops! I did it again”
becomes “O!idia”
In general, passwords should have a minimum length of 6 characters but each
application may have other requirements/limitations.
Password Management
Password Management
23
24. Back
Menu
Next
HIPAA Security
The Security Rule
Requires that GBMC train its workforce on appropriate computer
security and APPROPRIATE USE OF COMPUTING DEVICES.
As a user of a GBMC system (including the Internet) you are
required to:
Use only your officially assigned user identity (e.g. user id and
password)
Save GBMC data only to the GBMC Network unless prior GBMC
approval has been granted
Notify your manager and the HIPAA Security Officer if your password
has been disclosed, or otherwise compromised, and immediately
change your password
Appropriate Use of Computing Devices
Appropriate Use of Computing Devices
24
25. Back
Menu
Next
HIPAA Security
The “Do Not’s” When Using GBMC Systems
As a user of a GBMC system (including the Internet) you
may not:
Install unauthorized software (e.g. screensavers, games, or
instant messenger programs)
Install any unlicensed software on a GBMC computer or device
Abuse your Internet or e-mail access privileges
Relocate any computer equipment without prior MIS approval
Bring into GBMC any personal computer equipment without
prior MIS approval (e.g. printer, burner, scanner, PDA, or digital
camera)
Appropriate Use of Computing Devices
Appropriate Use of Computing Devices
25
26. Back
Menu
Next
HIPAA Security
The Security Rule
Requires that GBMC create SECURITY POLICIES regarding
how GBMC will implement appropriate safeguards to ensure
the confidentiality, integrity, and availability of ePHI.
Examples of existing GBMC security policies are:
# 304 Email Policy
# 348 Information Security Policy
All GBMC policies are located on
the GBMC InfoWeb.
Security Policies
Security Policies
26
27. Back
Menu
Next
HIPAA Security
The Security Rule
Requires that GBMC designate someone who is responsible
for:
The development and implementation of information security
policies and procedures
Regular reviews of records of information system activity, such
as audit logs, access reports, and security incident tracking
reports
The development of awareness and training programs for all
members of its workforce
The SECURITY OFFICER for GBMC is Tara Miller.
Security Officer
Security Officer
27
28. Back
Menu
Next
HIPAA Security
The Security Rule
Requires that GBMC establish a way for all GBMC workforce to
REPORT SECURITY CONCERNS.
Report all risks you are currently aware of and as you see them,
such as:
Unauthorized or suspicious visitors
Logged-on but unattended workstations
Uncontrolled access to areas that house equipment and/or PHI
Passwords on Post-it™ notes
Staff accessing records without a need to know
Report all security concerns to Tara Miller.
Reporting Security Concerns
Reporting Security Concerns
28
29. Back
Menu
Next
HIPAA Privacy & Security
We hope this Computer-Based Learning course has
been both informative and helpful.
Feel free to review this course until you are confident
about your knowledge of the material presented.
Click the Take Test button on the left side when you are
ready to complete the requirements for this course.
Click on the My Records button to return to your CBL
Courses to Complete list.
Click the Exit button on the left to close the Student
Interface.
29
Editor's Notes
This is a diagram of HIPAA the statute and its various aspects.