PRIVACY + SECURITY TRAINING PROGRAM CATALOG

Similar documents
[Company Name] HIPAA Security Awareness and Workforce Training Program Manual

HIPAA Privacy & Security Rules

HIPAA and Health Information Privacy and Security

Network Security & Privacy Landscape

CSR Breach Reporting Service Frequently Asked Questions

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Privacy Law Basics and Best Practices

Security Is Everyone s Concern:

Data Breach and Senior Living Communities May 29, 2015

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

plantemoran.com What School Personnel Administrators Need to know

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Privacy and Information Security Management Briefing

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

HIPAA: Privacy/Info Security

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

OCR UPDATE Breach Notification Rule & Business Associates (BA)

INFORMATION SECURITY FOR YOUR AGENCY

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

COMPLIANCE ALERT 10-12

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June TIA 2012: INSIDE THE NETWORK Dallas TX

HIPAA Security Rule Compliance

Montclair State University. HIPAA Security Policy

Overview of the HIPAA Security Rule

The Practical Guide to HIPAA Privacy and Security Compliance

2014 Core Training 1

Protecting personally identifiable information: What data is at risk and what you can do about it

SANS Securing The Human

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

Online Lead Generation: Data Security Best Practices

Annual Compliance Training. HITECH/HIPAA Refresher

Health Information Privacy Refresher Training. March 2013

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Audit Risk Assessment - Risk Factors

HIPAA Compliance: Are you prepared for the new regulatory changes?

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM

When HHS Calls, Will Your Plan Be HIPAA Compliant?

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

HIPAA Compliance Annual Mandatory Education

Taking a Data-Centric Approach to Security in the Cloud

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Secure File Sharing for HIPAA Compliance: Protecting PHI

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

HIPAA Compliance Evaluation Report

New HIPAA regulations require action. Are you in compliance?

Dissecting New HIPAA Rules and What Compliance Means For You

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

SECURITY RISK ASSESSMENT SUMMARY

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v , rev

HIPAA and Mental Health Privacy:

Privacy & Information Security Training. For Health Science Workforce Members

Privacy Compliance Health Occupations Students

Transcription:

PRIVACY + SECURITY TRAINING PROGRAM CATALOG

TeachPrivacy 261 Old York Rd., Suite 518 P.O. Box 706 Jenkintown, PA 19046 Phone: Fax: (215) 886-1909 DATA

ABOUT TEACHPRIVACY The TeachPrivacy Advantage Expertise Our training is created by Professor Daniel Solove, an internationallyknown expert in privacy and security. Interactive SCORM-compliant modules have interactive quizzes and activities. Topical We cover more than 50 topics, including HIPAA, FERPA, GLBA, phishing, passwords, portable devices, social media, and much more. Engaging Your workforce will want to take our training and they ll remember it. Short and Modular We have comprehensive courses and short individual modules on particular topics. Customizable We can customize anything TeachPrivacy was founded by Professor Daniel J. Solove, the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also a Senior Policy Advisor at the law firm of Hogan Lovells. One of the world s leading experts in privacy law, Solove has authored nine books and more than forty articles. He is the lead author of the most widely-used textbook on information privacy law. He has given lectures around the world, testified before Congress, spoken at the Department of Homeland Security, U.S. Dep t of Education, FCC, FTC, the Library of Congress, and countless universities. Professor Solove has been interviewed and featured in several hundred media broadcasts and articles, including the New York Times, Wall Street Journal, Washington Post, Chicago Tribune, USA Today, AP, Time, Reader s Digest, ABC, CBS, NBC, CNN, and NPR.

OUR TRAINING 2 OUR TRAINING PHILOSOPHY I founded TeachPrivacy to create a new and fresh approach to training. Far too often, training is boring and obligatory, a check-the-box exercise like watching an airplane safety video. My goal is to make training engaging. Training should use the time-tested tools of effective education: stories, examples, and interactivity. Training should stimulate the senses. It should be fun, lively, and memorable. I am involved in all facets of the creation of our training. I believe people will learn more effectively when I can impart on them a genuine passion for the material. Professor Daniel J. Solove Professor Solove s knowledge of domestic and global privacy issues, including the often dynamic regulatory environments in Asia and Europe, is unmatched. Furthermore, his ability to take complex privacy issues and reduce them to simple, teachable concepts is exceptional. It is good to be working with the best in the privacy field! Steve Worster Chief Compliance Officer and HIPAA Privacy Officer StoneGate Senior Living, LLC In short, easily understood sessions, Professor Solove personally explains the concepts of information security and privacy in plain language. The excellent content combined with Solove s well-earned reputation make the TeachPrivacy series an essential part of an effective information security awareness program in any organization. Dennis Devlin Chief Information Security Officer, Chief Privacy Officer, and Senior VP of Privacy Practice, Savanture

Global Privacy and Data Protection Module ~ 25 mins Overview of privacy and data protection for the global organization. PRIVACY GLOBAL PRIVACY AND DATA PROTECTION COURSE OUTLINE THE PURPOSE OF THIS TRAINING People Care About Privacy Privacy and Security Your Role 3 Masterful synthesis of various privacy principles from regulation around the world covers the common core concepts and accounts for variation in approaches. Easy to customize. Anything can readily be changed, added, or removed. Easy to translate. All spoken text is written in the module, so translation can be without a voice track if desired to save on translation cost. WHY WE PROTECT PERSONAL DATA Respect Prevent Harm Individual Empowerment Trust Reputation Legal Compliance Contractual Compliance WHAT IS PERSONAL DATA? Identifying Personal Data or PII Sensitive Data DATA COLLECTION Lawful Data Collection Data Collection Limitation DATA DATA HANDLING AND PROCESSING Data Quality Limited Access Confidentiality Security Safeguards Data Retention USE OF PERSONAL DATA Minimum Necessary Use Purpose Specification INDIVIDUAL KNOWLEDGE AND PARTICIPATION Notice Access and Correction Consent TRANSFER AND SHARING OF DATA International Transfers of Data Sharing Data with Third Parties Sharing Data Internally ACCOUNTABILITY Accountability Personal Data Refers to Real People Privacy by Design Ask the Privacy Office

PRIVACY 4 Privacy Awareness Our general privacy awareness program, consisting of the following segments: Privacy Principles Nothing to Hide: Why Does Privacy Matter? The Relationship Between Privacy and Security 10 quiz questions ~ 15 mins European Union Privacy Law EU Data Protection Directive and the differences between EU and US privacy law (~ 9.5 mins) (abridged version ~ 6.5 mins) United States Privacy Law Types of US privacy law and common requirements (~ 6 mins) Global Privacy Law OECD Privacy Guidelines and the APEC Privacy Framework (~ 5.5 mins) The Safe Harbor Arrangement Derived from the EU Privacy Law program, this program provides a short introduction to the US-EU Safe Harbor Arrangement (~ 2 mins) Privacy by Design Advanced training for engineers, designers of programs/services, and policymakers. Identifies many privacy issues that should be considered (~ 15 mins)

PRIVACY 5 Privacy Principles Overview of the Fair Information Practice Principles (~ 6 mins) Nothing to Hide? Why Privacy Matters Why employees should care about protecting personal data (~ 6 mins) The Relationship Between Privacy and Security How data breaches are often caused by humans (~ 3 mins) The App from Hell Cartoon about the importance of privacy by design (~ 2 mins) The Data Misuse Nightmare Cartoon about harms caused by misusing data (~ 4 mins) What Is Personal Data? Defining personally identifiable information and data stewardship (~ 5.5 mins)

DATA SECURITY 6 Data Security Awareness Multi-topic course including: Data Security Overview 20-minute version Encryption available - all topics Passwords covered, but with Social Engineering abridged videos. Websites and Software 15 quiz questions. Email Data Disposal Physical Access Portable Devices and Remote Access Five Key Points for Data Security This course discusses five key points for data security: (1) data security involves you; (2) create powerful passwords; (3) click with caution; (4) keep data where it belongs; and (5) be vigilant (~ 7 mins) This program can be used for refresher training or data security awareness campaigns. It can also be used as a succinct introduction to a general data security training program. 15 quiz questions ~30 mins

DATA SECURITY 7 Condensed Version (~ 6 mins) We also offer a condensed version with abridged video content and 4 interactive quiz questions. Phishing Module ~12 mins Video Only ~ 8 mins Raises awareness about phishing and inform trainees about the dangers. Explains the warning signs to help trainees better spot phishing attempts, and it explains what people should do if they have any suspicions about an email or phone call. The full-length course takes approximately 12 minutes to complete and contains a series of 3 short videos interspersed with 8 interactive quiz questions. This course can stand alone or can be snapped together with other topic segments. The full-length course is divided into three parts: (1) What Is Phishing? Discusses the dangers and types of phishing, including spear phishing and vishing (phishing via phone). (2) How Do You Spot a Phishing Attempt? Discusses the various warning signs to look out for. (3) What Should You Do When Things Seem Phishy? Discusses what people should do when they have questions or suspicions.

DATA SECURITY 8 Data Security Overview Security threats and why security is everyone s responsibility (~ 5 mins) Websites and Software Unauthorized software; detecting malicious websites (~ 4.5 mins) Physical Access Securing workspaces and locking unattended computers (4.5 mins) Passwords Selecting strong passwords (~ 6 mins) Encryption How encryption protects data (~ 4.5 mins) Email How to identify dubious links and attachments (~ 5.5 mins)

DATA SECURITY 9 Social Engineering Phishing, spear phishing, pretexting, and baiting (~5.5 mins) Data Disposal Disposing electronic data and paper documents (~3 mins) Portable Devices Dangers of putting sensitive data on portable devices. (~4 mins) Threats and Vulnerabilities Threats to data security and risky practices that lead to incidents (~3.5 mins) The Costs of Violations Describes the human, reputational, and financial costs of privacy and security violations (~4 mins) The Laptop that Traveled the World Cartoon about putting unencrypted data on a portable device (~ 3 mins) The Email from the IT Department Interactive cartoon about an email from the IT department requesting a password (~ 3 mins) The Thumb Drive Discovery Interactive cartoon about finding an unknown USB drive (~ 3 mins)

HEALTHCARE DATA HIPAA HITECH 10 HIPAA Privacy for CEs Health Privacy Overview What Is PHI? Confidentiality and Snooping Minimum Necessary Rule Disclosures Personal Rights Authorizations Compliance Logs Enforcement 15 quiz questions ~40 mins or ~ 20 mins 20-minute version all topics covered, but with abridged videos, 10 quiz questions HIPAA Security for CEs and BAs Data Security Overview Encryption Passwords Websites and Software Email Data Disposal Physical Access Portable Devices Social Engineering Data Security Breach 15 quiz questions ~40 mins or ~ 20 mins 20-minute version all topics covered, but with abridged videos, 15 quiz questions HIPAA Overview Short basic overview of HIPAA. Contains a series of short videos with 8 interactive quiz questions mixed in. Topics: Scope PHI Responsibilities Use and Disclosure of PHI Patient Rights Security Enforcement Data Breach State Law 8 quiz questions ~ 15 mins A version for law firms is also available. HIPAA Privacy for BAs Health Privacy Overview What Is PHI? Business Associates Confidentiality and Snooping Minimum Necessary Rule Disclosures Compliance Logs Enforcement 15 quiz questions ~40 mins or ~ 20 mins 20-minute version all topics covered, but with abridged videos, 10 quiz questions

HEALTHCARE DATA HIPAA HITECH 11 Health Privacy: HIPAA and Beyond Basic overview of the privacy of healthcare data (~ 6 mins) What Is PHI? Definition of PHI (~ 6 mins) Confidentiality and Snooping The importance of not gossiping or snooping into PHI (~ 5 mins) Personal Rights HIPAA rights - notice, access, amendment, complaint (~ 4.5 mins) The Minimum Necessary Rule Overview of the rule and its exceptions (~ 6 mins) Compliance Logs Accounting for disclosures rule (~ 6 mins) Disclosure Mandatory disclosures and disclosures with and without authorization (~ 6.5 mins) Authorization Elements of a valid authorization (~4.5 mins) HIPAA Enforcement Penalties for violating HIPAA (~ 6mins)

HEALTHCARE DATA HIPAA HITECH 12 Business Associates Requirements for being a BA and how BAs are regulated (~ 6 mins) Research HIPAA and the Common Rule for research use of PHI (~ 7 mins) De-Identification Statistician and Safe Harbor methods (18 identifiers) (~5.5 mins) The HITECH Act Changes made to HIPAA by the HITECH Act/Omnibus Rule relevant to all employees (~ 4.5 mins) Texas Health Privacy Scope of Texas health law, access to records, enforcement, auditing, and breach notification (~ 5.5 mins) California Health Privacy Differences from HIPAA, access to records, enforcement, and data breach notification (~ 5.5 mins) Data Security Breach Threats to security and consequences of a breach (~ 5.5 mins)

HEALTHCARE DATA HIPAA HITECH 13 15 HIPAA Security Overview Security threats and why security is everyone s responsibility (~ 5 mins) Websites and Software Unauthorized software; detecting malicious websites (~ 4.5 mins) Physical Access Securing workspaces and locking unattended computers (4.5 mins) Passwords Selecting strong passwords (~ 6 mins) Encryption How encryption protects data (~ 4.5 mins) Email How to identify dubious links and attachments (~ 5.5 mins) Social Engineering Phishing, spear phishing, pretexting, and baiting. (~5.5 mins) Data Disposal Disposing electronic data and paper documents.(~3 mins) Portable Devices Dangers of putting sensitive data on portable devices. (~4 mins)

FINANCIAL DATA GLBA 14 Financial Privacy Overview Briefly introduces the GLBA, FCRA, state laws, and data breach notification laws. How to protect financial data (~ 3.5 mins) Gramm-Leach-Bliley Act Scope, notice, confidentiality, data sharing, and security (~6.5 mins) Red Flags Red flags to look out for under the FTC Red Flags Rule. Interactive quiz questions ask trainees to identify red flags in various scenarios (~ 9 mins) COURSE OUTLINE Payment Card Data PCI The special ways that payment card data must be protected under the Payment Card Industry Data Security Standards (PCI DSS). How to identify the various types of payment card data; what data can be collected; how various types of payment data can be stored; the consequences of failing to follow the PCI standards; and various security practices that should be followed. 1. INTRODUCTION 2. PCI OVERVIEW Identifying Payment Card Data Threats Costs and Penalties 3. COLLECTION AND STORAGE OF PAYMENT CARD DATA Minimizing Collection Data Storage Physical Security Data Disposal 4. PROTECTING PAYMENT CARD DATA Passwords Protecting the Network Checking for Tampering 5. CONCLUSION 8 quiz questions ~ 16 mins

SOCIAL MEDIA 15 Facebook and the Mysterious Blue Disease Cartoon about posting personal data on a social media site Online Social Media Social media website privacy settings, the myth of total anonymity, the importance of expressly distinguishing personal versus employer views, and the danger of revealing details about a person even if that person isn t identified (~15 or ~ 10 min version available) General version and healthcare version available (~ 3 mins) General version and healthcare version available

EDUCATION DATA FERPA 16 FERPA for Higher Education Overview of FERPA to train faculty, administrators, and staff. (~ 15 mins) COURSE OUTLINE Cloud Computing in Education This video discusses the benefits and risks of educational institutions using cloud computing providers. Provides advice for how educational institutions should choose cloud providers, establish a relationship with them, and maintain that relationship with the appropriate protections for privacy and data security. (~ 6 mins) 1. FERPA S SCOPE Introduction What Does It Cover? What Isn t Covered? 2. FERPA RIGHTS AND ENFORCEMENT Who Has FERPA Rights? What Rights Does FERPA Provide? How Is FERPA Enforced? 3. CONFIDENTIALITY AND DISCLOSURE Confidentiality Directory Information Emergency Parents Other Instances 4. EXAMPLES Harassment Police Student in Distress Grades 5. CONCLUSION

Please contact us for an evaluation of our programs

261 Old York Rd., Suite 518 P.O. Box 706 Jenkintown, PA 19046 Phone: Fax: (215) 886-1909

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information