RE: HIPAA & Job Shadowing
Heidi, You are very wise to treat the shadow students as part of their workforce (i.e., volunteers) and educate them accordingly. (It has been our experience that from time to time the shadow students often may be asked to use the PHI in carrying out responsibilities in ways that may often exceed an organization's original intention.) However, depending upon your State statutes, another important matter may need to be considered: shadow students are often under 17 years of age, and consequently may NOT be allowed to be members of your workforce. Under those circumstances, your organization may actually need to have patients sign an authorization for the disclosure of PHI to the shadow students. I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: Heidi Gosho [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 6:12 PM To: WEDI SNIP Privacy Workgroup List Subject: HIPAA & Job Shadowing Hello All, The standard advice with regard to high school student job shadowing in hospitals is to have the students sign confidentiality agreements and to require them to participate in the same HIPAA training as for volunteers or other employees. I would appreciate hearing about any other policies/practices that might facilitate job shadowing. Thanks! Heidi Gosho Project Director Alaska State Hospital & Nursing Home Association 907-586-1790 907-463-3573 Fax This message is intended for the sole use of the individual to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same
HIPAA & Job Shadowing
Hello All, The standard advice with regard to high school student job shadowing in hospitals is to have the students sign confidentiality agreements and to require them to participate in the same HIPAA training as for volunteers or other employees. I would appreciate hearing about any other policies/practices that might facilitate job shadowing. Thanks! Heidi Gosho Project Director Alaska State Hospital & Nursing Home Association 907-586-1790 907-463-3573 Fax This message is intended for the sole use of the individual to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Raise the HIPAA antennae - new NIST security publication
HITsters, GIVESsters, and WEDI Privacy colleagues: As you know, DHHS in the final HIPAA Security Rule cited approvingly several NIST security standards and recommended that covered entities keep abreast of NIST activities. Well, NIST on 11.03.03 issued a new publication: "Computer scientists at the Commerce Department's National Institute of Standards and Technology (NIST) today released an initial public draft of NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems (NIST SP 800-53), which explains recommended security controls for computer systems. The publication, which details controls that will become mandatory for most federal systems in 2005, is expected to have a wide audience beyond the federal government...". See: http://www.nist.gov/public_affairs/releases/compsecurityguide.htm John C. Cody, Esq. NYS Central HIPAA Coordination Project NYS Office for Technology http://www.oft.state.ny.us/hipaa/index.htm [The opinions expressed herein are my own and do not necessarily reflect the policies, practices or opinions of my employer or anyone else. Nothing herein constitutes legal advice - if you need legal advice, please consult your own attorney.] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Raise the HIPAA antennae - new NIST security publication
I personally have found this draft very helpful as a guide. I have used it already in some of my planning and policy writing. There are several references within the document to other NIST articles that are also helpful. I would recommend this document to anyone who is involved with security of Information. Make it a great day! Cathy Skinkis ISO St. Mary's Hospital Green Bay, WI -Original Message- From: Cody, John (OFT) [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:38 AM To: WEDI SNIP Privacy Workgroup List Subject: Raise the HIPAA antennae - new NIST security publication HITsters, GIVESsters, and WEDI Privacy colleagues: As you know, DHHS in the final HIPAA Security Rule cited approvingly several NIST security standards and recommended that covered entities keep abreast of NIST activities. Well, NIST on 11.03.03 issued a new publication: "Computer scientists at the Commerce Department's National Institute of Standards and Technology (NIST) today released an initial public draft of NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems (NIST SP 800-53), which explains recommended security controls for computer systems. The publication, which details controls that will become mandatory for most federal systems in 2005, is expected to have a wide audience beyond the federal government...". See: http://www.nist.gov/public_affairs/releases/compsecurityguide.htm John C. Cody, Esq. NYS Central HIPAA Coordination Project NYS Office for Technology http://www.oft.state.ny.us/hipaa/index.htm [The opinions expressed herein are my own and do not necessarily reflect the policies, practices or opinions of my employer or anyone else. Nothing herein constitutes legal advice - if you need legal advice, please consult your own attorney.] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Device and Media Controls examples ?
Does anyone have some good examples I can use in my documentation regarding Device and Media Controls? Device and Media Controls Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility. Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored. Best Regards, John Bercik Systems Programmer --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
