LibraryWorld HIPPA Compliance

 What is HIPPA?

The Health Insurance Portability and Accountability Act of 1996 was passed by the U.S. Congress and signed into law by President Bill Clinton.

HIPAA laws were enacted primarily to:

• Modernize the flow of healthcare information.

• Stipulate how personally identifiable information (PII) maintained by the healthcare and health insurance industries should be protected from fraud and theft.

• 
  

HIPAA mandated national standards to protect sensitive patient health information from disclosure without patient knowledge or consent. The U.S. Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement this mandate.

Another key element of HIPAA compliance is the Security Rule, a subset of the Privacy Rule. This includes all individually identifiable health information that a covered entity creates, receives, maintains, or transmits electronically. 

Understanding which entities must comply with these regulations is crucial for maintaining data privacy and avoiding potential penalties. In general, there are two main categories of organizations that must be HIPAA-compliant:

• Covered Entities: Medical practitioners, Health plans, Healthcare clearinghouses.

• 
  

• Business Associates: Billing companies, Electronic health record (EHR) vendors, IT service providers,  Consultants and auditors.

How LibraryWorld Complies with HIPPA

About LibraryWorld Data:

First,  LibraryWorld is defined as a Business Associate. Second, it must be clear that LibraryWorld stores no health information at all.  It does store personal identifier information such as names, addresses, emails and phone numbers.  But many of those fields are optional.  They are simply used to identify who has a particular item (book) checked out.  

Security:

All LibraryWold data is stored in a ‘Level 3’ server farm with three levels of physical security including: keypad (front door), card reader (server room), and lock combination (cabinet) to access the servers.  The site is manned full time 24/7 with video surveillance.  There are also redundant power electrical systems in place. 

The data is stored on a set of primary and hot secondary servers.  Servers have RAID 5 SSD disk drives (all backed up all the time) and multiple power units.   

Backups:  All data is backed up nightly to rotational external disk drives for five nights.  Rotational weekly and monthly backups are also performed.   

Malware:  LibraryWorld is based on the LAMP stack (Linux, Apache, MySQL, PHP/Perl), which historically have been well suited for secure commercial Web sites.  Virus protection software is additionally used to scan and protect against any infections from the outside.  All unnecessary ports are closed.  

Cybersecurity insurance provides up to $5 million per incident and the insurance firm activity scans our servers for vulnerabilities. 

Privacy:

Access to servers can only be performed through Transport Layer Security (TLS) protocols (think modern SSL) providing data encryption from and to the servers from the clients. Data is also encrypted at rest in the databases.

Each Library database resides in its own MySQL database.  There is no sharing of data elements with any other library database. 

Each library is owned by a unique user_id that includes a username, password and a multi-factor-authentication process.   

Each server maintains activity logs that are reviewed daily for suspicious activity.  Logs are kept for six months. 

Policies and Procedures:

LibraryWorld performs risk analysis on a monthly basis to review security and privacy vulnerabilities.

All employees that handle personal information undergo training on best practices on handling sensitive personal  data.  Only employees with absolute need have access to personal information. 

Breach Notification Policy:

LibraryWorld’s Breach Policy is the following:  In case of any data breach involving personal information, all customers affected will be informed by email the nature and extent of the breach and what personal information that may have been disclosed. This action shall take place within 24 hours of the knowledge of  the breach occurring. 

Conclusion:

Even though LibraryWorld stores no health related information, we take our responsibility to secure and protect the customer’s information extremely seriously.

If you have any questions on LibraryWorld policies or procedures, please feel to call LibraryWorld at 1-800-852-2777.

New In-House Circulation Feature

To track items that have been used, but not formally checked out to a patron, you can now use the In-House button in the circulation module. A new In-house column has been added to the Circulation Activity Report to show the In-house use totals. The Weed report has a new option to ignore In-house data. Top Titles report automatically ignores In-house activity.

To use the feature, just gather up the material that has been used and scan them into the circulation module using the new In-House button. If an item was actually checked out, the process will automatically start the normal check in function.

New Maximum Holds Feature

LibraryWorld allows you to 'Hold' an item for a specific patron.  The Hold feature has become a very popular feature during these difficult times, where access to some libraries have been limited.   

To help enhance the use this feature,  a new maximum number of holds per patron has been added.   This prevents a specific patron from having more holds than allowed.  

To set the value, go to Settings->Policies and Edit Default Policies.  Edit the Default Maximum Holds field. 

Dashboard and Print Buttons

The Main page of your library now contains a Dashboard panel, which includes a count of the total catalog titles, patron records, number of holdings that are In, Out, on Hold and Lost.   Clicking on the highlighted number does a quick  search for those items.

A new Print button has been added to the Catalog and Patron module pages.  The button contains  a drop down menu providing quick access to frequently used reports.   These reports contain records in the current search.   You no longer have to go to the Reports module to run these reports.

Last, we added to icons to the various navigation commands to help identify them. 

New Circulation Email Options

LibraryWorld allows you to automatically send email notices to patrons when checking items out, checking items in, renewing items and placing items on hold. An email is sent out for each transaction stating the title, transaction date and due date if appropriate.  

The circulation email options are turned off by default. To turn them on, go to Settings-Policies and access the Circulation Email Options panel. You can turn them all on or just the ones you require. 

For example, you may want to use the Email Statement button in the checkout process to send one email for all current checkouts. Then you can use individual automatic emails for check ins, renews and holds. Or, you may just be concerned with automatically letting users know that an item was placed on hold.  

Checking Items In and Out Using Titles

Most libraries use barcode labels and scanners to perform circulation, because they are quick and accurate.  Each copy of an item has a unique number with a barcode that can be quickly scanned.  Patron's can also have a unique number placed on a library card.   Patron barcodes are less popular in smaller libraries and schools  because  patrons usually forget or misplace their cards.  

LibraryWorld, has always allowed circulating using  patron barcode numbers or patron names.  To insure accuracy and speed, a barcode number was required for items being circulated.

As a new alternative, you can now enter the first few words of the title and a list will appear allowing you to confirm the title by selecting the barcode number.  This also works for check in,  hold, clear hold and reserve. 

To keep the user interface as simple as possible there is only one entry text field, which is  active by default (blinking cursor).   For check out,  enter the patron's barcode number or name.  Next, type or scan the barcode of the item, or the first few words of the title.  If a barcode is found, the prompt confirms and the title is displayed along with other transactions for the patron. If you enter a title, a list of copy records associated with that title (or similar titles starting with those words) will appear.  You then click on the correct barcode number to confirm the checkout. Continue entering titles or item barcodes until done with that patron.

To start the the process over for a new patron, just enter the patron name or number. The program checks those first and if found, the process starts again.  In extremely rare cases, a patron name and a title of the book may be exactly same (think 'Kennedy'), you can force title searching by using the string 't:kennedy'.  Otherwise the program might start checking out to the patron Kennedy.   To prevent that issue, you can also  use the first few words of the title.  Checking out by title requires you to confirm the item by clicking on the barcode number, at which time you can correct any issues.   

Smaller libraries that do not want to barcode their collection can now circulate now without doing so.  However, we always recommend putting barcodes on your holdings to increase accuracy and to handle multiple copies.  Although you can now circulate by title, you will still need to add a copy to each title to create the unique barcode number.   These numbers and records are used not only for circulation, but also for inventory control and collection management reports. The only times you should catalog without adding a barcode is when the item is not physical; such as a web site or eBook. 

Use these features on a 'safe' patron to become familiar with the process. 

We hope you enjoy this new feature.

The LibraryWorld Team

 

Clearing Fines

Many libraries charge fines when items are overdue.

A new feature now allows you to clear all fines for all patrons.  Because of our current environment caused by the pandemic, it maybe necessary in some cases to clear all fines for all patrons.

Clearing a specific fine is done when an item is checked in or by bringing up a patron and clearing a specific fine.  You can also use the 'Pay All Fines' button for that specific patron.

To clear all fines for all patrons, click on the Setting module and the Policies link.  Scroll to the bottom of the page and click on the Begin link for clearing all fines.

You will be prompted for your username and you will need click on the checkbox that declares that you understand that the action can not be undone.    Only users with permissions to access Settings can execute this command.