Home | Glossary | Site Map
Search 
What's New Information Provider Manuals Self Help Training Contacts HIPAA
 
What's New
Information
Provider Manuals
Self Help
Training
Contacts
NYHIPAADESK
eMedNY Overview
NPI
Archived Items
Edit/Error Knowledgebase
Crosswalks
eMedNY Companion Guides and Sample Files
FAQ's
NEWS
DOH
CSC / eMedNY
Provider Training Material
Registration Information Trading Partner Resources
Useful External Links
Vendor Information
Issues Form
NYS Medicaid eMedNY Compliant Transactions
ePACES General Information and Enrollment
NYS Medicaid: POS Device
eMedNY Quick Reference
Other New York State Department of Health HIPAA Related Websites

 

Frequently Asked Questions

 
Q: Data Security - What steps should you take in securing your data?
A:

We take every step and measure to secure your data.

NYS Medicaid beneficiary data is confidential and is protected by HIPAA and other Federal law, as well as by State law. Non-disclosure of this information – even the fact of enrollment in Medicaid – except as permitted or required by applicable law is an essential component for compliance with Medicaid policy.

One important step to protect this data is to safeguard user IDs and passwords. Under no circumstances should login information to NYS Medicaid systems be shared, distributed, or recorded in a form and location accessible to any other than the assigned user.

All computer systems, internal and external media, and other repositories of patient data, including hardcopy stored in filing cabinets; or patient information in any form, including verbal communication, must be handled as confidential information.

The security of electronic transactions sent to and received from the eMedNY systems is encrypted when using one of the established transmission methods, such as FTP or eMedNY eXchange.

If troubleshooting transactions involves sending email to eMedNY support staff and the text of the email contains any patient-identifiable data the data MUST be thoroughly de-identified. Alternatively the email can be encrypted by use of a secure email server; or the patient data can be sent within an email attachment in the form of a password-protected, encrypted “zip” file archive. The password MUST NOT be sent in the email, rather, it should be conveyed to the support person verbally by telephone.

Any information that is reasonably likely to permit identification of the Medicaid beneficiary is confidential. Many data items are protected and should be de-identified as per 45 C.F.R. §164.514.

Warning: As per the Health Insurance Portability and Accountability Act (HIPAA), CSC is required to assign unique user ids and passwords for identifying and tracking each eMedNY user’s identity [Ref: § 164.312(a)(2)(i)]. Users that share their user id and password are in violation of the HIPAA Security Regulation. If this practice is detected, the user’s access will be revoked and other sanctions may apply.

 
Notes and Comments

Created:

November 5, 2003             

Last Modified:

September 4, 2009    

Last Modified:

Other    

 
New York State Department of Health Home | Glossary | Site Map
webmaster@emedny.org | Privacy Policy