[Company Name] HIPAA Security Awareness and Workforce Training Program Manual



Similar documents
[Insert Company Logo]

VENDOR MANAGEMENT. General Overview

I. U.S. Government Privacy Laws

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

Overview of the HIPAA Security Rule

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

My Docs Online HIPAA Compliance

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

HIPAA and HITECH Compliance for Cloud Applications

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Information Security Education and Awareness Training

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

BUSINESS ASSOCIATE AGREEMENT. Recitals

INFORMATION SECURITY FOR YOUR AGENCY

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

Business Associates Agreement

HIPAA Compliance Guide

SANS Securing The Human

HIPAA Security Rule Compliance

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Managing data security and privacy risk of third-party vendors

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

CHIS, Inc. Privacy General Guidelines

HIPAA ephi Security Guidance for Researchers

Information Security Manager Training


The Impact of HIPAA and HITECH

HIPAA in the Cloud How to Effectively Collaborate with Cloud Providers

PRIVACY + SECURITY TRAINING PROGRAM CATALOG

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR Court Reporters and HIPAA

Overview of Topics Covered

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS

BUSINESS ASSOCIATE AGREEMENT TERMS

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Impact of Legal and Regulatory Compliance on Higher Education Information Security Management. Dan Han Virginia Commonwealth University

The Basics of HIPAA Privacy and Security and HITECH

ITS Policy Library Device Encryption. Information Technologies & Services

HIPAA Compliance Guide

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

HIT Audit Workshop. Jeffrey W. Short.

BUSINESS ASSOCIATE AGREEMENT

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

Cyber Security An Exercise in Predicting the Future

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA Security Education. Updated May 2016

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

Law & Ethics, Policies & Guidelines, and Security Awareness

White Paper. HIPAA-Regulated Enterprises. Paper Title Here

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES

New HIPAA regulations require action. Are you in compliance?

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

plantemoran.com What School Personnel Administrators Need to know

How To Protect Your Health Care From Being Hacked

Can Your Diocese Afford to Fail a HIPAA Audit?

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

PII Personally Identifiable Information Training and Fraud Prevention

BUSINESS ASSOCIATE AGREEMENT HIPAA Omnibus Rule (Final Rule)

Network Security & Privacy Landscape

HIPAA and HITRUST - FAQ

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

OCR UPDATE Breach Notification Rule & Business Associates (BA)

Information Security Plan May 24, 2011

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles

Check In Systems. Software Usage Agreement

Cyber, Security and Privacy Questionnaire

2016 OCR AUDIT E-BOOK

Compromises in Healthcare Privacy due to Data Breaches

University of Pittsburgh Security Assessment Questionnaire (v1.5)

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

HIPAA Privacy & Security White Paper

OCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013

Policy Title: HIPAA Security Awareness and Training

HIPAA and Mental Health Privacy:

BUSINESS ASSOCIATE AGREEMENT

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

A LIST OF PRIVACY AND DATA SECURITY TRAINING REQUIREMENTS

2014 Core Training 1

The Evolving Threat Landscape: Protecting Your Mobile and Virtual Environment from Emerging Security Threats

The HIPAA Audit Program

Bridging the HIPAA/HITECH Compliance Gap

Nine Network Considerations in the New HIPAA Landscape

HIPAA Enforcement Training for State Attorneys General

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

Network Security & Privacy Landscape

Datto Compliance 101 1

Architecting Security to Address Compliance for Healthcare Providers

SAMPLE BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

Transcription:

[Company Name] HIPAA Security Awareness and Workforce Training Program Manual The Importance of Security Awareness Training 4 Data Security Breaches 5 What is Information Security? 6 Roles and Responsibilities 6 Information Security Solutions 9 Defense-in-Depth 10 Layered Security 10 Cyber Security 11 Cloud Computing 11 HIPAA Introduction 12 HITECH Introduction 13 HIPAA Security Awareness Training Requirements 14 HIPAA Security Rule 14 HIPAA Security 164.308 Administrative Safeguards 14 HIPAA Security 164.310 Physical Safeguards 15 HIPAA Security 164.312 Technical Safeguards 15 HIPAA Security Policies and Procedures 16 HIPAA Notification of Breaches As Amended by the Final Omnibus Ruling January, 2013 16 HIPAA Privacy Rules 17 HIPAA Privacy 164.500-164.534 18 HIPAA Privacy General Principles for Uses and Disclosures 19 HIPAA Privacy Permitted Uses and Disclosures 19 HIPAA Privacy Authorized Uses and Disclosures 20 HIPAA Privacy Individual Rights 21 HIPAA Privacy Administrative Requirements 21 HIPAA Privacy General Safeguards and Best Practices 23 Covered Entities 23 Business Associates 23 Final Omnibus Ruling (January, 2013) 24 Helpful HIPAA Resources 25 FERPA 25 FACTA 25 Red Flags Rules 26 PCI DSS 26 GLBA 27 Other Regulations 27 Security Awareness Topics 28 Account Security and Access Rights 28 Malware 28 Security Updates 29

Clean Desk Policy 29 Workstation Security 29 Laptop Security 31 Software Licensing and Usage 32 Internal Threats 33 Physical Security and Environmental Security 35 Incident Response 35 Personally Identifiable Information (PII) 36 Protected Health Information (PHI) HIPAA 36 Protecting Information (Hard-Copy) 37 Protecting Information (Electronic Format) 39 Data Retention 40 Identity Theft 41 Online Security and Mobile Computing 42 Shopping Online 43 Securing Your Home Network 44 Protecting your Children Online 45 Security Tips for Travelling 46 Other Important Security Awareness Considerations and Top Internet Scams 48 If you see something, say something Immediately 52 Top 20 Security Considerations for I.T. Personnel 52 Security Awareness Resources 58 [Company Name] HIPAA Security Awareness Training Program Version 1.0 2013 1

HIPAA Security Awareness and Workforce Training Manual Program Overview Compliance with the Security, Privacy, breach notifications, and other important measures of the Health Insurance Portability and Accountability Act - commonly known as HIPAA - requires organizations to gain a strong understanding of various provisions within HIPAA and HITECH, along with becoming knowledgeable in regards to information security. This is best conducted by implementing a security awareness training program for all employees and other related third-party users for purposes of better understanding information security as a whole, and its applicability to HIPAA compliance. The use of information technology is extremely widespread in today's society, ushering in unprecedented levels of cost-effectiveness and efficiency. Yet with great benefits also come great challenges, particularly when it comes to ensuring the confidentiality, integrity, and availability (CIA) of critical system components storing, processing and/or transferring sensitive and confidential information, such as Personally Identifiable Information (PII), and other important assets. It's imperative that all employees within [company name] and other in-scope users have a strong understanding of information security, such as being aware of dangers and challenges, while also being responsive in helping combat such threats and challenges with appropriate measures. Security awareness is about effectively designing, developing, implementing, and maintaining an enterprisewide program for which all employees can benefit from, one that implements the core components of Awareness, Training, and Education. Specifically, "Awareness" in that numerous measures are initiated and implemented for keeping all employees knowledgeable regarding threats, responses and solutions to security issues affecting an organization. "Training" in that material is researched, developed and subsequently utilized for educating employees on all aspects of security awareness. And lastly, "Education, in that adequate measures are undertaken for ensuring continuing education on security awareness is provided to all employees on a routine basis whatever that may be quarterly, annually, etc. It must be stressed that security awareness training is dynamic in nature, changing as needed to meet the growing threats facing today s organizations. The subsequent documentation found herein is [company name]'s formal security awareness training program covering both general, best-of-breed practices for information security, along with specific measures relating to the safety and security of any PII, ephi data - or any subset thereof - being stored, processed, and transmitted. Users are required to read the entire document annually, keep an electronic or hard-copy form readily available for referencing, along with signing and returning the acknowledgement form on the last page to authorized personnel at [company name]. You ll hear the following phrase repeated a number of times throughout this document - if you see something, say something, which is the Department of Homeland Security's (DHS) motto for reporting suspicious activity a motto that you should strive to adhere to at all times. Goals There are many challenges when it comes to HIPAA security awareness training for today's organizations, such as time constraints, lack of interest by end-users, breaking from traditional practices, along with numerous other issues. As such, the [company name] security awareness training program seeks to successfully achieve the following goals: [Company Name] HIPAA Security Awareness Training Program Version 1.0 2013 2

Provide a comprehensive, yet easy-to-understand and engaging training program. Offer in-depth educational resources regarding many of today's most critically important HIPAA related security issues. Deliver a clear and concise messages as to the what security awareness is, why it's important, what it entails, and many other applicable issues. Enhance end-user skills, knowledge and overall awareness regarding information security. Encourage best practices for information security, while also fundamentally changing the way employees regard the need for security awareness provisions. Finally, making security awareness a true part of the organization's fabric, one that requires a commitment by ell employees for ultimately helping ensure the safety and security of [company name]'s critical system components. As stated earlier, HIPAA security awareness training for [company name] encompasses measures relating to best-of-breed practices for information security, while also ensuring the safety and security of any PII, ephi data - or any subset thereof - being stored, processed, and/or transmitted, along with other sensitive information. Moreover, the HIPAA security awareness training program is suitable for all employees, including senior management, I.T. personnel, along with all other end-users of [company name] system components. Topics covered within [company name] s security awareness training program include the following: The Importance of Security Awareness Training Data Security Breaches What is Information Security? Roles and Responsibilities Information Security Solutions Defense-in-Depth Layered Security Cyber Security Cloud Computing HIPAA Introduction HITECH Introduction HIPAA Security Awareness Training Requirements HIPAA Security Rule HIPAA Security 164.308 Administrative Safeguards HIPAA Security 164.310 Physical Safeguards HIPAA Security 164.312 Technical Safeguards HIPAA Security Policies and Procedures HIPAA Notification of Breaches As Amended by the Final Omnibus Ruling January, 2013 HIPAA Privacy Rule HIPAA Privacy 164.500-164.534 HIPAA Privacy General Principles for Uses and Disclosures HIPAA Privacy Permitted Uses and Disclosures HIPAA Privacy Authorized Uses and Disclosures HIPAA Privacy Individual Rights [Company Name] HIPAA Security Awareness Training Program Version 1.0 2013 3

HIPAA Privacy Administrative Requirements HIPAA Privacy General Safeguards and Best Practices Covered Entities Business Associates Final Omnibus Ruling (January, 2013) Helpful HIPAA Resources FERPA FACTA Red Flags Rule PCI DSS GLBA Other Regulations Security Awareness Topics Account Security and Access Rights Malware Security Updates Clean Desk Policy Workstation Security Laptop Security Software Licensing and Usage Internal Threats Physical Security and Environmental Security Incident Response Personally Identifiable Information (PII) Protected Health Information (PHI) Protecting Information (Hard-Copy) Protecting Information (Electronic Format) Data Retention Identity Theft Online Security and Mobile Computing Shopping Online Securing Your Home Network Protecting your Children Online Security Tips for Travelling Other Important Security Awareness Considerations and Top Internet Scams If you see something, say something - Immediately Top 20 Security Considerations for I.T. Personnel Security Awareness Resources [Company Name] HIPAA Security Awareness Training Program Version 1.0 2013 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information