No Slide Title

Children’s HospitalRequirements forRemote Access

Children’s Hospital is committed toprotecting the privacy of patient healthinformation and securing access fromunauthorized users.

As part of our commitment, Children’sHospital has developed this training for allindividuals with remote access to hospitalinformation systems.

Responsibility to ProtectResponsibility to Protect

Advancing technologies have resulted ingreater accessibility to electronic patienthealth information (EPHI). This in turnrequires Children’s Hospital to continuallyimprove our systems to ensure privacyand security of patient information.

WHY?WHY?

Spot Light on EPHI

Nationally, healthcare is becoming:

More automated, which increases the need to share patientinformation in an electronic format

More mobile as staff begin to utilize portable devices, both withinthe hospital and remotely for care purposes

As usage increases, regulatory and accrediting organizations aredeveloping security standards for healthcare organizations.

All Remote Access UsersAll Remote Access Users

• Hospital Employees

oAll hospital employees who have remoteaccess. For example, employees with remoteaccess and home-based employees.

o All hospital employees who utilize portabledevices (ie. including lap tops, smart phones,and PDAs) to access EPHI remotely.

• Non-Hospital Employees

oIndividuals and entities provided remoteaccess to EPHI, including vendors,physicians, residents, business partners, andbusiness associates.

WHO?WHO?

All Users Must Be ResponsibleAll Users Must Be Responsible

All users must:

 Access only EPHI to which they areentitled

 Report any known or suspected misuse ofaccess to the IT Service Desk

 Report any lost or stolen portable mediadevice to the IT Service Desk

 Not share passwords

 Contact the IT Department Service Desk at353-7300 immediately if you no longer needremote access.

HOW?HOW?

Offsite Portable Device UsersOffsite Portable Device Users

•Children’s laptops have system settings that protect thesecurity of the device.

•All returned laptops will be examined for systemsettings tampering. Disciplinary action can be taken ifthe system settings have been changed.

•Do not leave portable devices in unattended vehicles orpublic thoroughfares.

•Do not download EPHI to portable devices.

•Prior to returning portable devices, you should searchand delete files intentionally or unintentionally saved tothe devices.

HOW?HOW?

Remote Access UsersRemote Access Users

•Do not download Children’s Hospital’s EPHI ontoyour remote system or device.

•Children’s Hospital employees must use SAFE ITwhen transmitting EPHI through e-mail.

•Only print records containing EPHI if you areauthorized to do so. Properly shred and disposeof printed EPHI per HIPAA guidelines.

•IF EPHI is displayed on your computer monitor,do not leave your computer unattended. Othersshould not be able to view the EPHI in yourabsence.

HOW?HOW?

In ReviewIn Review

Why… to insure privacy and security of electronic patient healthinformation.Who… hospital employees with remote access or remote devicesaccessing EPHI; and non-hospital employees with remote access.

How…

• only access authorized data

• report misuse, loss or lack of need for remote access or devices

• do not tamper with portable device system settings

• appropriately transmit, download, and print EPHI.

If you have any questions, send an e-mail to Kirk Larson, VP & Chief Information Officer