Presentation is loading. Please wait.

Presentation is loading. Please wait.

Online Course START Click to begin… Module 2 General Information Security.

Similar presentations


Presentation on theme: "Online Course START Click to begin… Module 2 General Information Security."— Presentation transcript:

1 Online Course START Click to begin… Module 2 General Information Security

2 Prev Introduction In this course, you will learn about UNC HCS’s information security policies and procedures. All UNC HCS workforce members must comply with our information security policies and procedures. PrevNext

3 Prev Information Security The purpose of Information Security is to protect the confidentiality, integrity, and availability of information. –Confidentiality means that data or information is not made available or disclosed to unauthorized persons or processes. –Integrity means that data or information has not been altered or destroyed in an unauthorized manner. –Availability means that data or information is accessible and useable upon demand by an authorized person. PrevNext

4 Prev Protected Information Protected Health Information (PHI) –Identifiable patient information Confidential Information may include: –personnel information –system financial and operational information (such as new business plans) –trade secrets of vendors and research sponsors –system access passwords Internal information may include: –personnel directories –internal policies and procedures –most internal electronic mail messages PrevNext

5 Prev Your Responsibilities Access information only in support of your job duties Report losses or misuse of UNC HCS information, or other security problems, promptly to your Information Security Officer Comply with all Security and Privacy policies Remember, YOU are responsible and will be held accountable for the security of protected information that you access or maintain. PrevNext

6 Prev Malicious Software Viruses, Worms, Spyware and Spam are examples of malicious software, sometimes known as “malware”. Most damage can be prevented by regular updates (patches) of your computer’s operating system and antivirus software. PrevNext

7 Prev Virus PrevNext Computer viruses are a major threat to information systems and your data. – –Viruses “infect” your computer by modifying how it operates and, in many cases, destroying data. – –Viruses spread to other machines by the actions of users, such as opening attachments.

8 Prev Worms Worms are programs that can: –run independently without user action –spread complete working versions of themselves onto other computers on a network within seconds –destroy computer resources such as hard drives PrevNext

9 Prev Spyware Spyware is software that is secretly loaded onto your computer, monitors your activities, and shares that information without your knowledge. Certain websites install spyware on every computer that visits those sites. PrevNext

10 Prev For Example: While online at work, Amanda sees a “pop up” ad for a free “atomic clock.” She clicks on the “I agree” button and her computer downloads and installs the atomic clock utility. After a few days she notices that her computer is running slower and calls the Help Desk. What did she do wrong? Next

11 Prev For Example: She installed software from an unknown source She didn’t read the fine print before clicking “I agree” Many “free” applications include a spyware utility that will cause performance problems and potentially release confidential information. PrevNext

12 Prev Spam Spam is unsolicited or "junk" electronic mail messages, regardless of content. Spam usually takes the form of bulk advertising and may contain viruses, spyware, inappropriate material or “scams”. Spam also clogs systems. PrevNext

13 Prev Safe Use Do not open attachments if the message looks the least bit suspicious, even if you recognize the sender. When in doubt, throw it out. Do not respond to “spam” – simply discard or delete it, even if it has an “unsubscribe” feature. containing protected information such as PHI being sent outside the HCS requires additional protection. Contact your entity’s Information Security Officer for more information. PrevNext

14 Prev For Example: Bill receives an unsolicited which, when he opens it, determines that it is “junk”. He “clicks” on the unsubscribe button at the bottom of the and then deletes the original message. What did he do wrong? PrevNext

15 Prev For Example: Once he identified the as “spam” he should have deleted the message He should not have “unsubscribed”; this confirms his address is valid and will result in additional “spam” PrevNext

16 Prev Password Control Most security breaches come from within the organization – and many of these occur because of bad password habits. Therefore: –Use strong passwords where possible (at least 6 characters, containing a combination of letters, numbers, special characters) –Change your passwords frequently (45-90 days) –Keep your passwords confidential! (Do not share them with ANYBODY.) –If you MUST write down your passwords: Store them in a secure location Do NOT store them under your keyboard, on a Post-it, etc!! PrevNext

17 Prev For Example: Charlotte has to pick a new password. So she can remember the password she decides to use one of the following passwords. ettolrahc (her name backwards) (her birth date) (based on her favorite book) Which password is the strongest? PrevNext

18 Prev For Example is the strongest password because: –It is six or more characters long –It contains upper and lower case letters –It contains a number –It contains special characters –It’s based on something memorable PrevNext

19 Prev Peer-to-Peer(P2P) File Sharing P2P file sharing programs such as Morpheus, Kazaa, etc. are commonly used to download unauthorized or illegal copies of copyrighted materials such as music or movies. P2P programs also frequently contain spyware, viruses, etc. Use of P2P programs on UNC HCS networks is prohibited. PrevNext

20 Prev Mobile Computing Devices If you use a Palm/Pocket PC (PDA) device or a laptop PC, you must employ the following security controls: –power-on passwords –automatic logoff –data encryption or a comparable approved safeguard to protect the data Never leave mobile computing devices unattended in unsecured areas. Immediately report the loss or theft of any mobile computing device to your entity’s Information Security Officer. PrevNext

21 Prev For Example: A physician leaves his PDA which contains PHI as well as personal information on the back seat of his vehicle. The PDA did not have a power-on password nor encryption. When he returns to the vehicle, the PDA is missing. What should the physician have done? What should the physician do now? Next

22 Prev For Example: The physician should have password protected the PDA and PHI should have been encrypted to prevent unauthorized access. He should now: –Contact his Privacy or Information Security Officer –Report the loss to his immediate supervisor Next

23 Prev Remote Access All computers used to connect to UNC HCS networks or systems from home or other off-site locations should meet the same minimum security standards that apply to your work PC. PrevNext

24 Prev External Storage Devices Protected Information stored on external storage devices (diskettes, cd-roms, portable storage, memory sticks, etc…) must be safeguarded to prevent theft and unauthorized access. Whenever possible, encrypt protected information on these devices. External storage devices should never be left unattended in unsecured areas. Immediately report the loss or theft of any external storage devices to your entity’s Information Security Officer. PrevNext

25 Prev Faxing Protected Information Fax protected information only when mail delivery is not fast enough to meet patient needs. Use a UNC HCS approved cover page that includes the confidentiality notice with all faxes. Ensure that you send the information to the correct fax number by using pre-programmed fax numbers whenever possible. Refer to the UNC HCS fax policy. PrevNext

26 Prev PHI Notes PHI, whether in electronic or paper format, should always be protected! Persons maintaining notes containing PHI are responsible for: –Using minimal identifiers –Appropriate security of the notes –Properly disposing of information when no longer needed. Information on paper should never be left unattended in unsecured areas PrevNext

27 Prev Appropriate Disposal of Data Protected Information should be disposed of appropriately. –Hard copy materials such as paper or microfiche must be properly shredded or placed in a secured bin for shredding later. –Magnetic media such as diskettes, tapes, or hard drives must be destroyed or “electronically shredded” using approved software and procedures. –CD ROM disks must be rendered unreadable by shredding, defacing the recording surface, or breaking. –No Protected Information should be placed in the regular trash! PrevNext

28 Prev Physical Security Equipment such as PCs, servers, mainframes, fax machines, and copiers must be physically protected. –Computer screens, copiers, and fax machines must be placed so that they cannot be accessed or viewed by unauthorized individuals. –Computers must use password-protected screen savers. –PCs that are used in open areas must be protected against theft or unauthorized access. –Servers and mainframes must be in a secure area where physical access is controlled. PrevNext

29 Prev Reporting Losses or Misuses of Information You should immediately report any losses or misuses of protected information to your Information Security Officer. The Security Incident Response Team (SIRT) will investigate any incidents. PrevNext

30 Prev Disciplinary Actions Individuals who violate the UNC HCS Information Security Policy will be subject to appropriate disciplinary action as outlined in the entity’s personnel policies, as well as possible criminal or civil penalties. PrevNext

31 Prev For more information: PrevNext

32 Prev You have now successfully completed the online HIPAA General Security Module - Click to end show - Prev


Download ppt "Online Course START Click to begin… Module 2 General Information Security."

Similar presentations


Ads by Google