BSHSI Security Awareness Training
|
|
- Warren Summers
- 8 years ago
- Views:
Transcription
1 BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1
2 What is Security? A requirement under the Health Insurance Portability and Accountability Act (HIPAA) Regulations (HIPAA Security Rule went into effect 4/21/05) Webster s definition: measures taken to guard against espionage, sabotage, crime, attack or escape. Our goal today: discuss what you can do to make sure that sensitive data stays protected and is not sabotaged, attacked, or allowed to escape 2
3 What is Sensitive Data? Sensitive Data = Electronic Protected Health Information (EPHI), business sensitive data, staff sensitive data, or any other non-public data. 3
4 Protected Health Information is: Health or medical information that could be identified or linked to a specific individual; information about a patient s: Identity Medical condition Treatment Status as a patient Physiological data Medications 4
5 EPHI: Protected Health Information on your computer is known as EPHI Electronic Protected Health Information. EPHI: PHI that our organization creates, receives, maintains, and/or transmits electronically. EPHI is stored on computers, clinical equipment, and computer disks. 5
6 Business Sensitive Data is: Business Sensitive Data = Information that pertains to the business activities of BSHSI including financial and investment activities, margins, projects, etc and that provide competitive advantage. 6
7 Staff Sensitive Data is: Staff Sensitive Data = Personal information on staff members of BSHSI or the members of business associates including contact details, salary, qualifications, performance, etc. 7
8 Any other non-public data is: Other Non-public Data = Information that has been duly classified and does not fall under the previous categories. 8
9 What regulations apply? HIPAA (Health Information Portability and Accountability Act) JCAHO (Joint Commission on Accreditation of Healthcare Organizations) Gramm Leach Bliley Act of 1999 (Financial) Various State and Federal laws and regulations 9
10 Workshop Goals By the end of the session, participants will: 1. Understand the importance of protecting sensitive data including EPHI. 2. Understand how information security can be compromised. 3. Understand steps to better protect sensitive data including EPHI. 4. Be motivated to follow security procedures. 10
11 Main Security Issues Confidentiality Protected records are to be kept private (HIPAA Privacy). Integrity Records aren t changed without authorization. Availability Records can be accessed when needed. 11
12 What are the consequences of a Security failure / breach? 12
13 What are the consequences of a security failure / breach? Patient safety/medical care is compromised. Negative publicity. Increased costs. Identity theft: - Patients or employees can become targets of con artists. - Employee reputation and career damaged. Legal liability/lawsuits. 13
14 Who s responsible? The health system is responsible for all electronic information in our system: We are able to and we will be auditing and monitoring how people use the system: What records you access without a need to know What you download and where you web surf If we find breaches or violations of policy, we will take action 14
15 How can security fail/be breached? 15
16 How can security fail/be breached? Intentional attack.. or unintentional carelessness.. They all have the same negative consequences 16
17 What is an intentional attack? Malicious software ( malware ). Password stolen or code broken. Imposter asking for sensitive information. PDA or laptop stolen. Employees accessing records they have no legitimate need to see. 17
18 Employee carelessness Leaving your computer logged on and unattended Letting others know your password Downloading unauthorized software Misdirected / faxes 18
19 Here s what IT is doing to protect the system Anti-virus scanning. Restrict downloads. Restrict attachments in from outside the system. Firewalls to help keep out hackers. Require user ID and passwords. Restrict and update access as employee status changes. Install and continually update stable software. Encryption. Regular back up of data. 19
20 What YOU can do General Issues Password Protection Patient Information Internet Security Workstation Protocol 20
21 General Issues General issues: Follow all approved security policies and procedures Only use approved software Maintain heightened vigilance Report to IT / ask questions if anything looks unusual Know who you re dealing with. If in doubt, check it out 21
22 Password management and Password Risks Password Management and Password Risks 1. Your password is stolen or the code is broken: Your log-in/electronic signature is used maliciously: Negative messages are sent out in your name Sensitive data and/or EPHI is released under your log-in A hacker gains access to your system 2. A computer is stolen and without strong password protection sensitive data can be easily accessed. 22
23 Password management What is a password? A string of characters, to verify users identity Characters can include: Alphabetic characters (case sensitive A differs from a) Numeric 0 to 9 Special Characters ~ # $ % ^ & * ( ) + = [ ] { } /? < >, ; : \ `. 23
24 Use a strong password A strong password should be: Seven characters or longer. Not a word or name in any language. A mix of uppercase and lowercase letters + numbers and special characters. Does NOT use public information about you or your family or friends. Is NOT a variation of your user ID. 24
25 Examples of strong passwords 4s&7yaAL 2Bon2Bti? How to remember these complex passwords? 25
26 Pass-phrase Take a phrase that is easy to remember and convert it into characters Four score and seven years ago Abraham Lincoln Four Score And Seven Years Ago (Abraham Lincoln) Converts to 4s&7yaAL How about 2Bon2Bti? 26
27 Anyone remember my complex passwords? 4 s & 7 y a A L 2 B o n 2 B t i? 27
28 Time it takes to crack a password Time it takes to crack various types of 8 character passwords: (times are getting continually faster) Type of character set English words 8 letters or longer Lowercase letters only Lowercase with one uppercase All letters Letters and numbers All printable characters Length of time to crack Less than one second 9 hours 3 days 96 days One year Thirty-three years 28
29 Password Reminders Remember: Never share your password with anyone! Sharing your password is a violation of our policy. If you want someone to access your e- mail or computer, ask IT. Don t let someone watch when you enter your password. Don t write your password where others can see it memorize it! 29
30 Password Reminders (continued) Remember: Treat your password and your smart card as you would treat a PIN number or a credit card. Change your password every 120 days. If someone knows your password, change it right away and notify the IS Support Center. 30
31 Don t give out information without proper authorization Watch out for spoofing/phishing. Be suspicious of unusual requests even if it appears to be from someone you know. Con artists appear knowledgeable and gain your trust. You are responsible for taking reasonable precautions. 31
32 Internet security Risks: 1. Malicious software 2. carelessness 3. Instant Messaging/Chats 32
33 Malicious software aka: Malware 33
34 Malicious software (aka malware ) Follow all virus scanning procedures. Don t download ANYTHING form the internet without IS approval. If you have any doubt about an attachment delete it or ask IS to check it out. Don t click on links or go to web sites if you have any doubts about their legitimacy. Don t use your BSHSI network password at any website. Don t unsubscribe from spam. If your computer acts at all strangely ask IS to check it out. If virus protection software finds a virus, do not use the computer until IS has cleaned it. 34
35 Rules for ing: 1) Don t send sensitive data outside the facility s internal network unless encrypted (ask IS for help doing this.) 2) To prevent misdirected Proof all s before sending Use an address book to limit typos Be careful where you click Be careful with use of Reply All 3) Forwarded tails: Scroll to the end of all s before sending to ensure sensitive data is not being sent forward. 35
36 Workstation Protocol Always keep protected information in a secure place. If you walk away secure the workstation. In public areas, protect the monitor from prying eyes. Secure all removable media. Dispose of all computer equipment and media by returning it to Bio-med or IS. Verify with IS that your data is being Backed-Up. 36
37 Review - Risky Situations Someone goes surfing on the web on their lunch break what s the risk? You notice you have some returned (undeliverable) that you never sent what might this mean? Sending reminders from home to your office computer (or vice versa) with EPHI in it what s the risk? 37
38 Review - Risky Situations (cont.) Taking work home on a laptop what s the risk? Sending out an without proofing it fully what s the risk? Leaving your work station (in a non-public area) for a second to answer a coworker s ringing phone that is nearby, but out of sight of your computer what s the risk? 38
39 Review Security: Measures taken to guard against espionage or sabotage, crime, or attack Security can be breached through intentional attack or unintentional carelessness 39
40 Review Security Goal: Ensure confidentiality, integrity, and availability of all sensitive data This only works if everyone follows our security and acceptable use policies and stays aware. Report any and all security concerns or questions to the IS Support Center. 40
41 Ten Key action steps to take every day / daily reminders: 1. Don t give anyone your password 2. Choose a strong password and change it regularly 3. Don t download any software without IS approval 4. Don t go to unknown web sites 5. Virus scan all files before accessing 41
42 Ten Key action steps to take every day / daily reminders: (cont.) 6. Don t send sensitive data in s going outside BSHSI or in instant message of any kind. 7. When ing watch out for tails! 8. Don t leave your workstation without first locking your computer and securing all media. 9. Don t give out patient information without proper authorization Maintain a proper vigilance. 42
43 Conclusion: Only PEOPLE can prevent security breaches 43
44 BSHSI Information Security Policies Information Security Audit Controls Policy Information Security Authorization and Access Policy Information Security Automatic Logoff Policy Information Security Awareness Training Policy Information Security Change Management Policy Information Security Data Backup Policy Information Security Data Integrity Control Policy Information Security Device and Media Controls Policy Information Security Disaster Recovery Policy Information Security Use Policy Information Security Encryption and Decryption Policy 44
45 BSHSI Information Security Policies Information Security Incident Handling Policy Information Security Information Risk Management Policy Information Security Internet Use Information Security Intrusion Detection Policy Information Security Management Policy Information Security Network Security Information Security Password Management Information Security Physical Security Information Security Protection from Malicious Software Information Security Workstation Security 45
46 FEEDBACK / REACTIONS FOR SELECTED GROUPS ONLY 46
47 Mobile equipment PDA, laptop: If it has sensitive data on it, keep it in your sight or locked up Password protect it (strong password) in case lost or stolen Don t save your user ID and password on the laptop or PDA Keep anti-virus, security patches and a firewall up to date 47
48 Remote access: Protect your home computers as you would your regular workstation: keep sensitive data locked up and protected by a strong password be aware of who might be looking at the screen while you work properly dispose of media that had sensitive data on it back up important files 48
49 Wireless access: Unless set up properly, wireless access can have serious security holes. A wireless system that s been compromised can release malicious software into our network. Proper set up includes a wireless system with: encryption a firewall anti-virus software up to date security and operating system patches Have someone in IT review the security set up. 49
50 Supervisor/Manager 50
51 Additional Learning Goals: Understand at a higher level the importance of protecting sensitive data (liability issues). Increase awareness of the supervisor s role in monitoring sensitive data security issues on the job. Understand steps supervisors can take to make sure their staff better protect sensitive data. 51
52 Key security roles for the supervisor/manager Monitor access and report changes in status Monitor usage for legitimate business purposes? Monitor physical security of the work site work station protocols If you have any questions or concerns about security, report them to IS 52
53 Supervisor s reasonable steps to monitor security in their work area 1. Key things to do/look for: Physical Security Sensitive data is locked up when no one is present Members of the public and staff from other areas have limited view of monitors and no access to computers or electronic media (disks) Electronic security Access is properly restricted Only authorized software is in use 53
54 Supervisor is expected to take additional steps (cont.) 2. Encourage staff to follow security procedures: Be sure new staff are trained in IS security and proper use policies Periodically remind staff of key security procedures Do spot audits of workstations 54
55 Supervisor is expected to take additional steps (cont.) 3. Monitor access / use Continuously audit/ report status changes (transfers, terminations, other changes) Make sure access levels are appropriate Know who is doing what with sensitive data 4. Make sure all computers and electronic media is sent to Bio-med or IS for proper disposal 5. Report any concerns to IS 55
National Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationInformation Security Training 2012
Information Security Training 2012 Authored by: Gwinnett Medical Center Information Security Department Modified for affiliated schools students & instructors by: Linda Horst, RN, BSN, BC Objectives After
More informationProcedure Title: TennDent HIPAA Security Awareness and Training
Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationWelcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security
Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The
More informationNC DPH: Computer Security Basic Awareness Training
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
More informationNetwork Security for End Users in Health Care
Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationAdvanced HIPAA Security Training Module
Advanced HIPAA Security Training Module The Security of Electronic Information Copyright 2008 The Regents of the University of California All Rights Reserved The Regents of the University of California
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationSHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More informationMust score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationPolicy Title: HIPAA Security Awareness and Training
Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationHIPAA Security. assistance with implementation of the. security standards. This series aims to
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationTelemedicine HIPAA/HITECH Privacy and Security
Telemedicine HIPAA/HITECH Privacy and Security 1 Access Control Role Based Access The organization shall provide secure rolebased account management. Privileges granted utilizing the principle of least
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationFor All HIPAA Workforce Members Revised April 2013
For All HIPAA Workforce Members Revised April 2013 1 } ephi = Electronic Protected Health Information Medical record number, account number or SSN Patient demographic data, e.g., address, date of birth,
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More informationIdentity Theft Protection
Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationHIPAA Security Training Manual
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationHIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE
HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation
More informationGeneral Security Best Practices
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationHow To Maintain A Security Awareness Program
(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY Company Policies Security Awareness Program Purposes Integrate Define Feedback Activities Elicit Implement Employees
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationInformation Security Training. Jason Belford Jimmy Lummis
Information Security Training Jason Belford Jimmy Lummis Presenters Who are these guys? Jason Belford Principal Information Security Engineer Jimmy Lummis Information Security Policy and Compliance Manager
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationCyber Security Best Practices
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationInformation Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.
Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information
More informationSession 46 Information Security Creating Awareness, Educating Staff, and Protecting Information
Session 46 Information Security Creating Awareness, Educating Staff, and Protecting Information Chris Aidan, CISSP Information Security Manager Pearson Topics Covered Data Privacy Spyware & Adware SPAM
More informationHIPAA Security Education. Updated May 2016
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
More informationHELPFUL TIPS: MOBILE DEVICE SECURITY
HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationHow to stay safe online
How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware
More informationTopics. What are privacy and security all about? How can I protect confidential information? What should I do if I see a problem?
Federal: Privacy And Security 1 Topics What are privacy and security all about? What s confidential here? How can I protect confidential information? What should I do if I see a problem? How can I get
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationAustin Peay State University
1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More informationHIPPA Goes HITECH. Data Protection for Agents
HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able
More informationHow To Protect The Time System From Being Hacked
WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer
More informationProtection from Fraud and Identity Theft
Table of Contents Protection from Fraud & Identity Theft... 1 Simple Steps to Secure Your Devices... 1 Setting Up Your Computer and/or Mobile Device... 2 Adding Security Software... 2 Internet Safety Tips...
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationAnnual HIPAA Security & Information Security Competency
Annual HIPAA Security & Information Security Competency 1 General Information FISO- What is a FISO? Facility Information Security Officer Responsible for the physical protection and recovery of all electronic
More informationHIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH
HIPAA Security Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH What is this? Federal Regulations August 21, 1996 HIPAA Became Law October 16, 2003 Transaction Codes and Identifiers
More informationSecuring the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer
Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationIdentity Theft Prevention Program Compliance Model
September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All
More informationCertified Secure Computer User
Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More information+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains
Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationINFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College
More informationInfocomm Sec rity is incomplete without U Be aware,
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
More informationKeeping you and your computer safe in the digital world.
Keeping you and your computer safe in the digital world. After completing this class, you should be able to: Explain the terms security and privacy as applied to the digital world Identify digital threats
More informationOn-Site Computer Solutions values these technologies as part of an overall security plan:
Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and
More informationSAFEGUARDING PRIVACY IN A MOBILE WORKPLACE
SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE Checklist for taking personally identifiable information (PII) out of the workplace: q Does your organization s policy permit the removal of PII from the office?
More informationHIPAA Security Rule Compliance and Health Care Information Protection
HIPAA Security Rule Compliance and Health Care Information Protection How SEA s Solution Suite Ensures HIPAA Security Rule Compliance Legal Notice: This document reflects the understanding of Software
More informationGeneral Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information
General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information The following rules of behavior apply to all Department of Homeland Security
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationSafe Practices for Online Banking
November 2012 Follow these guidelines to help protect your information while banking online. At First Entertainment Credit Union, our goal is to provide you with the best all around banking experience.
More informationA Guide to Information Technology Security in Trinity College Dublin
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationDSHS CA Security For Providers
DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public
More informationHIPAA Security Overview of the Regulations
HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More informationHow To Protect Your Information From Being Hacked By A Hacker
DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationHow To Protect Research Data From Being Compromised
University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationPeace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users
Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency
More informationIT Security DO s and DON Ts
For more advice contact: IT Service Centre T: (01332) 59 1234 E: ITServiceCentre@derby.ac.uk Online: http://itservicecentre.derby.ac.uk Version: February 2014 www.derby.ac.uk/its IT Security DO s and DON
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationFor All Workforce Members UCSC Student Health Services Revised April 2009
For All Workforce Members UCSC Student Health Services Revised April 2009 Click the arrow to start the audio. Note: Once the audio is playing, navigate through the presentation by first clicking on this
More informationAn Introduction on How to Better Protect Your Computer and Sensitive Data
An Introduction on How to Better Protect Your Computer and Sensitive Data Common Security Problems Computer users who fail to use strong passwords Constant attacks by viruses, worms, key loggers and bots
More information