Confidentiality and the Code (including HIPAA and PII Focus)
While the myriad of issues related to confidentiality are addressed in our Code of Conduct – Reading the Signs of Compliance and e-mail courses, organizations with sensitive and proprietary materials often require a more in-depth analysis of confidentiality concerns. From Non-Disclosure Agreements to Non-Compete Clauses to HIPAA and PII Policies to general confidentiality agreements, this course utilizes your organization’s pertinent policies to emphasize the importance of keeping critical information safe, as well as educating employees as to what information should be protected. The course highlights how certain verbal, written and electronic communications, including e-mails and stored data may conflict with an organization’s confidentiality and privacy rules and what type of information can properly be discussed with third parties, including customers, vendors, government officials and others.
From a HIPAA perspective, we can cover:
• What is PHI/Who is Covered?
• Individual Rights and Compliance/Enforcement.
• The Business Associate Exception.
• Minimum Necessary Standard.
• How Do We Prevent and Handle Breaches?
• Integrate key messages from the company’s HIPAA/HITECH policies and any manuals.
From a PII perspective, we can cover:
• What constitutes PII? In what form might it exist? (e.g. hard copy virtual, portable storage devices, off-site locations/access)
• Whose PII are we concerned about? (employees, applicants, independent contractors, vendors, clients/customers)
• What are our requirements for the security and protection of PII? (What rules apply to PII access, retention and destruction?)
• When can we transmit PII to a vendor/others?
• How do we prevent and handle breaches?
