BSHSI Security Awareness Training

Size: px
Start display at page:

Download "BSHSI Security Awareness Training"

Transcription

1 BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1

2 What is Security? A requirement under the Health Insurance Portability and Accountability Act (HIPAA) Regulations (HIPAA Security Rule went into effect 4/21/05) Webster s definition: measures taken to guard against espionage, sabotage, crime, attack or escape. Our goal today: discuss what you can do to make sure that sensitive data stays protected and is not sabotaged, attacked, or allowed to escape 2

3 What is Sensitive Data? Sensitive Data = Electronic Protected Health Information (EPHI), business sensitive data, staff sensitive data, or any other non-public data. 3

4 Protected Health Information is: Health or medical information that could be identified or linked to a specific individual; information about a patient s: Identity Medical condition Treatment Status as a patient Physiological data Medications 4

5 EPHI: Protected Health Information on your computer is known as EPHI Electronic Protected Health Information. EPHI: PHI that our organization creates, receives, maintains, and/or transmits electronically. EPHI is stored on computers, clinical equipment, and computer disks. 5

6 Business Sensitive Data is: Business Sensitive Data = Information that pertains to the business activities of BSHSI including financial and investment activities, margins, projects, etc and that provide competitive advantage. 6

7 Staff Sensitive Data is: Staff Sensitive Data = Personal information on staff members of BSHSI or the members of business associates including contact details, salary, qualifications, performance, etc. 7

8 Any other non-public data is: Other Non-public Data = Information that has been duly classified and does not fall under the previous categories. 8

9 What regulations apply? HIPAA (Health Information Portability and Accountability Act) JCAHO (Joint Commission on Accreditation of Healthcare Organizations) Gramm Leach Bliley Act of 1999 (Financial) Various State and Federal laws and regulations 9

10 Workshop Goals By the end of the session, participants will: 1. Understand the importance of protecting sensitive data including EPHI. 2. Understand how information security can be compromised. 3. Understand steps to better protect sensitive data including EPHI. 4. Be motivated to follow security procedures. 10

11 Main Security Issues Confidentiality Protected records are to be kept private (HIPAA Privacy). Integrity Records aren t changed without authorization. Availability Records can be accessed when needed. 11

12 What are the consequences of a Security failure / breach? 12

13 What are the consequences of a security failure / breach? Patient safety/medical care is compromised. Negative publicity. Increased costs. Identity theft: - Patients or employees can become targets of con artists. - Employee reputation and career damaged. Legal liability/lawsuits. 13

14 Who s responsible? The health system is responsible for all electronic information in our system: We are able to and we will be auditing and monitoring how people use the system: What records you access without a need to know What you download and where you web surf If we find breaches or violations of policy, we will take action 14

15 How can security fail/be breached? 15

16 How can security fail/be breached? Intentional attack.. or unintentional carelessness.. They all have the same negative consequences 16

17 What is an intentional attack? Malicious software ( malware ). Password stolen or code broken. Imposter asking for sensitive information. PDA or laptop stolen. Employees accessing records they have no legitimate need to see. 17

18 Employee carelessness Leaving your computer logged on and unattended Letting others know your password Downloading unauthorized software Misdirected / faxes 18

19 Here s what IT is doing to protect the system Anti-virus scanning. Restrict downloads. Restrict attachments in from outside the system. Firewalls to help keep out hackers. Require user ID and passwords. Restrict and update access as employee status changes. Install and continually update stable software. Encryption. Regular back up of data. 19

20 What YOU can do General Issues Password Protection Patient Information Internet Security Workstation Protocol 20

21 General Issues General issues: Follow all approved security policies and procedures Only use approved software Maintain heightened vigilance Report to IT / ask questions if anything looks unusual Know who you re dealing with. If in doubt, check it out 21

22 Password management and Password Risks Password Management and Password Risks 1. Your password is stolen or the code is broken: Your log-in/electronic signature is used maliciously: Negative messages are sent out in your name Sensitive data and/or EPHI is released under your log-in A hacker gains access to your system 2. A computer is stolen and without strong password protection sensitive data can be easily accessed. 22

23 Password management What is a password? A string of characters, to verify users identity Characters can include: Alphabetic characters (case sensitive A differs from a) Numeric 0 to 9 Special Characters ~ # $ % ^ & * ( ) + = [ ] { } /? < >, ; : \ `. 23

24 Use a strong password A strong password should be: Seven characters or longer. Not a word or name in any language. A mix of uppercase and lowercase letters + numbers and special characters. Does NOT use public information about you or your family or friends. Is NOT a variation of your user ID. 24

25 Examples of strong passwords 4s&7yaAL 2Bon2Bti? How to remember these complex passwords? 25

26 Pass-phrase Take a phrase that is easy to remember and convert it into characters Four score and seven years ago Abraham Lincoln Four Score And Seven Years Ago (Abraham Lincoln) Converts to 4s&7yaAL How about 2Bon2Bti? 26

27 Anyone remember my complex passwords? 4 s & 7 y a A L 2 B o n 2 B t i? 27

28 Time it takes to crack a password Time it takes to crack various types of 8 character passwords: (times are getting continually faster) Type of character set English words 8 letters or longer Lowercase letters only Lowercase with one uppercase All letters Letters and numbers All printable characters Length of time to crack Less than one second 9 hours 3 days 96 days One year Thirty-three years 28

29 Password Reminders Remember: Never share your password with anyone! Sharing your password is a violation of our policy. If you want someone to access your e- mail or computer, ask IT. Don t let someone watch when you enter your password. Don t write your password where others can see it memorize it! 29

30 Password Reminders (continued) Remember: Treat your password and your smart card as you would treat a PIN number or a credit card. Change your password every 120 days. If someone knows your password, change it right away and notify the IS Support Center. 30

31 Don t give out information without proper authorization Watch out for spoofing/phishing. Be suspicious of unusual requests even if it appears to be from someone you know. Con artists appear knowledgeable and gain your trust. You are responsible for taking reasonable precautions. 31

32 Internet security Risks: 1. Malicious software 2. carelessness 3. Instant Messaging/Chats 32

33 Malicious software aka: Malware 33

34 Malicious software (aka malware ) Follow all virus scanning procedures. Don t download ANYTHING form the internet without IS approval. If you have any doubt about an attachment delete it or ask IS to check it out. Don t click on links or go to web sites if you have any doubts about their legitimacy. Don t use your BSHSI network password at any website. Don t unsubscribe from spam. If your computer acts at all strangely ask IS to check it out. If virus protection software finds a virus, do not use the computer until IS has cleaned it. 34

35 Rules for ing: 1) Don t send sensitive data outside the facility s internal network unless encrypted (ask IS for help doing this.) 2) To prevent misdirected Proof all s before sending Use an address book to limit typos Be careful where you click Be careful with use of Reply All 3) Forwarded tails: Scroll to the end of all s before sending to ensure sensitive data is not being sent forward. 35

36 Workstation Protocol Always keep protected information in a secure place. If you walk away secure the workstation. In public areas, protect the monitor from prying eyes. Secure all removable media. Dispose of all computer equipment and media by returning it to Bio-med or IS. Verify with IS that your data is being Backed-Up. 36

37 Review - Risky Situations Someone goes surfing on the web on their lunch break what s the risk? You notice you have some returned (undeliverable) that you never sent what might this mean? Sending reminders from home to your office computer (or vice versa) with EPHI in it what s the risk? 37

38 Review - Risky Situations (cont.) Taking work home on a laptop what s the risk? Sending out an without proofing it fully what s the risk? Leaving your work station (in a non-public area) for a second to answer a coworker s ringing phone that is nearby, but out of sight of your computer what s the risk? 38

39 Review Security: Measures taken to guard against espionage or sabotage, crime, or attack Security can be breached through intentional attack or unintentional carelessness 39

40 Review Security Goal: Ensure confidentiality, integrity, and availability of all sensitive data This only works if everyone follows our security and acceptable use policies and stays aware. Report any and all security concerns or questions to the IS Support Center. 40

41 Ten Key action steps to take every day / daily reminders: 1. Don t give anyone your password 2. Choose a strong password and change it regularly 3. Don t download any software without IS approval 4. Don t go to unknown web sites 5. Virus scan all files before accessing 41

42 Ten Key action steps to take every day / daily reminders: (cont.) 6. Don t send sensitive data in s going outside BSHSI or in instant message of any kind. 7. When ing watch out for tails! 8. Don t leave your workstation without first locking your computer and securing all media. 9. Don t give out patient information without proper authorization Maintain a proper vigilance. 42

43 Conclusion: Only PEOPLE can prevent security breaches 43

44 BSHSI Information Security Policies Information Security Audit Controls Policy Information Security Authorization and Access Policy Information Security Automatic Logoff Policy Information Security Awareness Training Policy Information Security Change Management Policy Information Security Data Backup Policy Information Security Data Integrity Control Policy Information Security Device and Media Controls Policy Information Security Disaster Recovery Policy Information Security Use Policy Information Security Encryption and Decryption Policy 44

45 BSHSI Information Security Policies Information Security Incident Handling Policy Information Security Information Risk Management Policy Information Security Internet Use Information Security Intrusion Detection Policy Information Security Management Policy Information Security Network Security Information Security Password Management Information Security Physical Security Information Security Protection from Malicious Software Information Security Workstation Security 45

46 FEEDBACK / REACTIONS FOR SELECTED GROUPS ONLY 46

47 Mobile equipment PDA, laptop: If it has sensitive data on it, keep it in your sight or locked up Password protect it (strong password) in case lost or stolen Don t save your user ID and password on the laptop or PDA Keep anti-virus, security patches and a firewall up to date 47

48 Remote access: Protect your home computers as you would your regular workstation: keep sensitive data locked up and protected by a strong password be aware of who might be looking at the screen while you work properly dispose of media that had sensitive data on it back up important files 48

49 Wireless access: Unless set up properly, wireless access can have serious security holes. A wireless system that s been compromised can release malicious software into our network. Proper set up includes a wireless system with: encryption a firewall anti-virus software up to date security and operating system patches Have someone in IT review the security set up. 49

50 Supervisor/Manager 50

51 Additional Learning Goals: Understand at a higher level the importance of protecting sensitive data (liability issues). Increase awareness of the supervisor s role in monitoring sensitive data security issues on the job. Understand steps supervisors can take to make sure their staff better protect sensitive data. 51

52 Key security roles for the supervisor/manager Monitor access and report changes in status Monitor usage for legitimate business purposes? Monitor physical security of the work site work station protocols If you have any questions or concerns about security, report them to IS 52

53 Supervisor s reasonable steps to monitor security in their work area 1. Key things to do/look for: Physical Security Sensitive data is locked up when no one is present Members of the public and staff from other areas have limited view of monitors and no access to computers or electronic media (disks) Electronic security Access is properly restricted Only authorized software is in use 53

54 Supervisor is expected to take additional steps (cont.) 2. Encourage staff to follow security procedures: Be sure new staff are trained in IS security and proper use policies Periodically remind staff of key security procedures Do spot audits of workstations 54

55 Supervisor is expected to take additional steps (cont.) 3. Monitor access / use Continuously audit/ report status changes (transfers, terminations, other changes) Make sure access levels are appropriate Know who is doing what with sensitive data 4. Make sure all computers and electronic media is sent to Bio-med or IS for proper disposal 5. Report any concerns to IS 55

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Information Security Training 2012

Information Security Training 2012 Information Security Training 2012 Authored by: Gwinnett Medical Center Information Security Department Modified for affiliated schools students & instructors by: Linda Horst, RN, BSN, BC Objectives After

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

Procedure Title: TennDent HIPAA Security Awareness and Training

Procedure Title: TennDent HIPAA Security Awareness and Training Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary

More information

Network Security for End Users in Health Care

Network Security for End Users in Health Care Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...

More information

NC DPH: Computer Security Basic Awareness Training

NC DPH: Computer Security Basic Awareness Training NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects

More information

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The

More information

Advanced HIPAA Security Training Module

Advanced HIPAA Security Training Module Advanced HIPAA Security Training Module The Security of Electronic Information Copyright 2008 The Regents of the University of California All Rights Reserved The Regents of the University of California

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security. assistance with implementation of the. security standards. This series aims to HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

SHS Annual Information Security Training

SHS Annual Information Security Training SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility

More information

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific

More information

2014 Core Training 1

2014 Core Training 1 2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

HIPAA and Health Information Privacy and Security

HIPAA and Health Information Privacy and Security HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient

More information

HIPAA Security Training Manual

HIPAA Security Training Manual HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,

More information

Policy Title: HIPAA Security Awareness and Training

Policy Title: HIPAA Security Awareness and Training Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:

More information

Telemedicine HIPAA/HITECH Privacy and Security

Telemedicine HIPAA/HITECH Privacy and Security Telemedicine HIPAA/HITECH Privacy and Security 1 Access Control Role Based Access The organization shall provide secure rolebased account management. Privileges granted utilizing the principle of least

More information

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance

More information

For All HIPAA Workforce Members Revised April 2013

For All HIPAA Workforce Members Revised April 2013 For All HIPAA Workforce Members Revised April 2013 1 } ephi = Electronic Protected Health Information Medical record number, account number or SSN Patient demographic data, e.g., address, date of birth,

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014 HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

Network and Workstation Acceptable Use Policy

Network and Workstation Acceptable Use Policy CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

ENISA s ten security awareness good practices July 09

ENISA s ten security awareness good practices July 09 July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European

More information

Identity Theft Protection

Identity Theft Protection Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

General Security Best Practices

General Security Best Practices General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking

More information

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc. Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information

More information

(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY. 2001. Melissa Guenther, LLC. All rights reserved.

(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY. 2001. Melissa Guenther, LLC. All rights reserved. (Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY Company Policies Security Awareness Program Purposes Integrate Define Feedback Activities Elicit Implement Employees

More information

Learn to protect yourself from Identity Theft. First National Bank can help.

Learn to protect yourself from Identity Theft. First National Bank can help. Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone

More information

HIPAA Security Education. Updated May 2016

HIPAA Security Education. Updated May 2016 HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

Information Security Training. Jason Belford Jimmy Lummis

Information Security Training. Jason Belford Jimmy Lummis Information Security Training Jason Belford Jimmy Lummis Presenters Who are these guys? Jason Belford Principal Information Security Engineer Jimmy Lummis Information Security Policy and Compliance Manager

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Cyber Security Best Practices

Cyber Security Best Practices Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and

More information

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity

More information

Topics. What are privacy and security all about? How can I protect confidential information? What should I do if I see a problem?

Topics. What are privacy and security all about? How can I protect confidential information? What should I do if I see a problem? Federal: Privacy And Security 1 Topics What are privacy and security all about? What s confidential here? How can I protect confidential information? What should I do if I see a problem? How can I get

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

HIPAA Security Rule Compliance and Health Care Information Protection

HIPAA Security Rule Compliance and Health Care Information Protection HIPAA Security Rule Compliance and Health Care Information Protection How SEA s Solution Suite Ensures HIPAA Security Rule Compliance Legal Notice: This document reflects the understanding of Software

More information

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts

More information

Session 46 Information Security Creating Awareness, Educating Staff, and Protecting Information

Session 46 Information Security Creating Awareness, Educating Staff, and Protecting Information Session 46 Information Security Creating Awareness, Educating Staff, and Protecting Information Chris Aidan, CISSP Information Security Manager Pearson Topics Covered Data Privacy Spyware & Adware SPAM

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH HIPAA Security Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH What is this? Federal Regulations August 21, 1996 HIPAA Became Law October 16, 2003 Transaction Codes and Identifiers

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

HELPFUL TIPS: MOBILE DEVICE SECURITY

HELPFUL TIPS: MOBILE DEVICE SECURITY HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information

More information

Stable and Secure Network Infrastructure Benchmarks

Stable and Secure Network Infrastructure Benchmarks Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

More information

Annual HIPAA Security & Information Security Competency

Annual HIPAA Security & Information Security Competency Annual HIPAA Security & Information Security Competency 1 General Information FISO- What is a FISO? Facility Information Security Officer Responsible for the physical protection and recovery of all electronic

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

HIPAA Privacy & Security Health Insurance Portability and Accountability Act

HIPAA Privacy & Security Health Insurance Portability and Accountability Act HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would

More information

How to stay safe online

How to stay safe online How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

Austin Peay State University

Austin Peay State University 1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade

More information

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE Checklist for taking personally identifiable information (PII) out of the workplace: q Does your organization s policy permit the removal of PII from the office?

More information

Protection from Fraud and Identity Theft

Protection from Fraud and Identity Theft Table of Contents Protection from Fraud & Identity Theft... 1 Simple Steps to Secure Your Devices... 1 Setting Up Your Computer and/or Mobile Device... 2 Adding Security Software... 2 Internet Safety Tips...

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

TIME SYSTEM SECURITY AWARENESS HANDOUT

TIME SYSTEM SECURITY AWARENESS HANDOUT WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer

More information

Information Technology Acceptable Use Policies

Information Technology Acceptable Use Policies White Paper: Information Technology Acceptable Use Policies A practical guide for protecting IT assets from the largest single IT Security threat inappropriate use of IT services, including desktops, email,

More information

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of

More information

HIPAA Security Overview of the Regulations

HIPAA Security Overview of the Regulations HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

HIPPA Goes HITECH. Data Protection for Agents

HIPPA Goes HITECH. Data Protection for Agents HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec. The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million

More information

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College

More information

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health

More information

University of Northern Colorado. Data Security Policy for Research Projects

University of Northern Colorado. Data Security Policy for Research Projects University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...

More information

Welcome to Information Security Training

Welcome to Information Security Training Welcome to Information Security Training Welcome to Georgia Perimeter College s Information Security Training. Information security consists of processes, measures, and technologies employed to protect

More information

HIPAA ephi Security Guidance for Researchers

HIPAA ephi Security Guidance for Researchers What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

HIPAA Privacy & Security Rules

HIPAA Privacy & Security Rules HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to

More information

On-Site Computer Solutions values these technologies as part of an overall security plan:

On-Site Computer Solutions values these technologies as part of an overall security plan: Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Identity Theft Prevention Program Compliance Model

Identity Theft Prevention Program Compliance Model September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All

More information

For All Workforce Members UCSC Student Health Services Revised April 2009

For All Workforce Members UCSC Student Health Services Revised April 2009 For All Workforce Members UCSC Student Health Services Revised April 2009 Click the arrow to start the audio. Note: Once the audio is playing, navigate through the presentation by first clicking on this

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information

HIPAA Audit Risk Assessment - Risk Factors

HIPAA Audit Risk Assessment - Risk Factors I II Compliance Compliance I Compliance II SECTION ONE COVERED ENTITY RESPONSIBILITIES AREA ONE Notice of Privacy Practices 1 Is your full notice of privacy practices given to every new patient in your

More information

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft

More information