Information Security. Annual Education Information Security Mission Health System, Inc.

Transcription

1 Annual Education 2014

2 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information security risks arise. In addition to patient information, we must also protect employee information. There is also business information that must be kept confidential.

3 Basics Your Responsibilities Mission uses many types of sophisticated computer technology and complex processes to protect electronic information, but the most effective security tool of all is... The best technology in the world cannot replace the value of observant staff.

4 Penalties for Non-Compliance Mission Health is committed to maintaining the security of its electronic information. Policy violations that also violate HIPAA could result in fines and criminal prosecution. Violations of -related policies will result in corrective action up to and including termination. (For additional information, see HR policy 1HR.HR.0016 "Corrective Action ).

5 UserIDs and Passwords Every Mission employee has a userid and password that provides access to one or more computer systems. In non-computer terms, think of your userid as your legal name and your password as your legal signature. Just like your signature, your password assures that you were present when signing in.

6 The Importance of Passwords When you log on to a computer with your userid and secret password - it is like signing a blank check. The check is not completely filled out and safe until you sign off the computer. Guard your password as carefully as you would your credit card or your ATM card and PIN NEVER let anyone else know your password. Sharing your personal passwords is prohibited on all Mission systems.

7 Password Creation Advice Create a password that you can remember without writing down. A phrase is generally the best. (e.g. thisismynewpassword ) Do not use your name, names of your family or pet names. Now take the password and add random Capital letters (e.g. thisismynewpassword ). Now take the password and add random special characters and numbers (e.g. thisi$myn3wp@ssw0rd ). You should never use the same password for multiple systems that contain personal information. You should consider changing your password at least every 90 days.

8 Protect Your Identity Question: If you are logged on to a computer and then walk away without logging off, what could happen? Answer: Someone could walk up and use that computer under your userid and password. If you were signed on to Lawson, that person could change your personnel record. If you were using a clinical system, that person could even do something to endanger a patient. And it is all under your identity!

9 Rules of the Password Road You are responsible for any activity that occurs under your personal userid Passwords are secret and should never be shared Never use anyone else s password Lock your computer when walking away by pressing <CTRL-ALT-DEL> and Enter If you let someone use your personal password or use a computer where you are still signed on, you are risking your reputation, your professional credentials, your job and potentially the lives of your patients if someone were to change the medical record.

10 Basics Did you know that deleting something from a computer doesn t really make it go away? Deleted computer files can be recovered using special software. To make sure that patient or other confidential information isn t left on computer media, follow these guidelines before you throw out that computer, diskette, data CD, or backup tape: Disposal of all Mission-owned computers will be handled by Information Technology. They have tools that can permanently erase Mission data from those computers so Mission s patient and business information stays safe. CDs, DVDs, and other portable electronic media can be safely and permanently erased or destroyed by Information Technology. Call the Service Desk at to make arrangements to get rid of those old items. Protect Mission by keeping confidential information out of the trash where it can fall into the wrong hands.

11 Viruses and Malware Computer viruses, in their many different forms, are among the greatest information security threats facing Mission Health System. Viruses can: Steal patient information, your passwords, and other confidential information. Damage your computer and cause it to stop working. Slow down or damage computers all over Mission to the point that no one can get to the information they need. Help prevent computer viruses by using and the Internet wisely.

12 and Internet and Internet access are business tools. That means that their primary use is to conduct Mission Health business. Occasional personal use is allowed only as described in the Internet Use and Reporting policy 2IM.ADM Mission limits personal use of these tools for several reasons. Three important reasons are: and the Internet are expensive tools. Personal use can significantly increase that cost. and the Internet are the two most common sources of computer viruses. Personal use increases the risk of virus. Personal Internet use can slow down the Internet for those using it for remote access and patient care.

13 Unacceptable Use of and the Internet Mission s and Internet connection should NEVER be used for: Anything that could be reasonably considered discriminatory, obscene, indecent, harassing, or offensive. Anything that would violate Mission s MERIT values. Anything that could be considered personal gain such as buying or selling merchandise or services or running a home business. Purchase or downloading of any computer software. Anything illegal or that violates Mission s policies.

14 Phishing and Other Scams Phishing is an attempt to get an user to visit a malicious website: Phishing will try to steal usernames and passwords Phishing will try to install malicious software on your machine Beware of any sent to you promising you sums of money. These are fraudulent and will steal money from your bank and credit cards if you get involved.

15 Security Tips containing patient information, social security numbers, or other confidential information must be encrypted before it is sent to any users outside of MSJ.ORG. To encrypt an , just put the word confidential somewhere in the subject line. For additional information or assistance using the encryption features, check Mission on Demand or call the IT Service Desk at extension Do not create, send, or forward chain letters. Do not open suspicious . Forward it to SPAMADMIN instead.

16 Internet Security Tips Do not use non-approved Cloud services (e.g. Dropbox, Carbonite.com) to share or transfer files that contain confidential data. Do not download anything without prior approval of Information Technology. Free stuff such as search tools or screensavers often have a huge cost in the form of viruses. Do not submit patient or confidential information on any website unless the project has been approved by the IT Steering Committee or Information Technology and. (See Administrative Policy 2IM.ADM.0028, "Internet Use and Reporting")

17 Just a Few More Things Reporting Problems, Questions & Concerns Information security problems, or potential problems, must be reported to the Officer. WHAT Should Be Reported? A lost or stolen password or any password that may have been learned by another person. policy violations. Any threat to Mission s electronic information. Questions or suggestions about programs or policies.

18 Just a Few More Things How do I Report an Concern? For passwords or other problems that may require immediate attention, call the Information Technology Service Desk at For problems or concerns that do not require an immediate response: Use the reporting form on the page on Mission on Demand (MOD) Call the Information Technology Service Desk at to be connected to the IT Security Team