The CDA Information Security Office Presents…

Slides:



Advertisements
Similar presentations
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
Advertisements

HIPAA AWARENESS TRAINING
606 CMR 14.00: Background Record Checks What you need to know!
FERPA - Sharing Student Information
FERPA: Family Educational Rights and Privacy Act
Federal Tort Claims Act (FTCA) Free Clinics Program Technical Assistance Call Department of Health and Human Services Health Resources and Services Administration.
January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.
2009 Data Protection Seminar
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.
Minimum Necessary Standard Version 1.0
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Overview of the Privacy Act
Department of Highway Safety and Motor Vehicles Driver Privacy Protection Act.
VOTER REGISTRATION AND IDENTIFICATION
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Data Protection.
Family Educational Rights and Privacy Act What you need to know...
FERPA: Family Educational Rights and Privacy Act.
Data Classification & Privacy Inventory Workshop
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Health Insurance Portability and Accountability Act (HIPAA)
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
CONFIDENTIALITY TRAINING FOR CALLOWAY COUNTY SCHOOLS VOLUNTEERS SCHOOL YEAR
Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Incident Security & Confidentiality Integrity Availability.
When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.
Indiana’s Access to Public Records Act Heather Willis Neal Public Access Counselor Brownsburg Police Department Brownsburg Police Department February 26,
CONFIDENTIALITY TRAINING FOR CALLOWAY COUNTY SCHOOLS VOLUNTEERS SCHOOL YEAR
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
“Kids First, New Mexico Wins!” NMPED Data Conference Spring 2016 Dan Hill General Counsel, Public Education Department Randi Johnson General Counsel, State.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
Enrollment and Degree Verification Form Revised 06/2016 Process The University of Oklahoma Health Sciences Center Office of Admissions and Records Robert.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
The CDA Information Security Office Presents…
Nassau Association of School Technologists
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
Privacy principles Individual written policies
Providing Access to Your Data: Handling sensitive data
Compliance Surveys July 2016.
The CDA Information Security Office Presents…
PERSONAL DATA PROTECTION ACT 2010
Red Flags Rule An Introduction County College of Morris
Disability Services Agencies Briefing On HIPAA
Security Awareness Training
The Health Insurance Portability and Accountability Act
HIPAA & PHI TRAINING & AWARENESS
Move this to online module slides 11-56
Colorado “Protections For Consumer Data Privacy” Law
The Health Insurance Portability and Accountability Act
Presentation transcript:

The CDA Information Security Office Presents… Security Awareness Training California Department of Aging (CDA), 1300 National Drive, Suite 200, Sacramento, CA 95834 www.aging.ca.gov Revised December 2007

Security Awareness Training References CA Public Records Act - Government Code §6250 CA Information Practices Act - Civil Code §1798 et seq California Computer Fraud Act - Penal Code §502 State Agency Privacy Policies - Government Code §11019.9 State Administrative Manual, Management Memo, MM 06-12 CA Department of Finance, Budget Letter, 05-08 Office of Management and Budget, M-07-16 Page 1

Training Objectives To enable CDA Affiliates to: Understand information security responsibilities and the consequences of infractions, and Integrate information security practices into daily work. Page 2

CDA Security Awareness Training Policy All CDA Affiliates must complete security awareness training annually by viewing this presentation within the timeframe and terms specified in the Affiliate’s contract with CDA. Page 3

Who are CDA Affiliates? CONTRACTORS: Area Agencies on Aging, Counties, Cities, Private Non-profit Agencies, etc. receiving funding from CDA. VENDORS: Businesses providing goods/services directly to CDA and/or CDA contractors receiving funding from CDA. SUBCONTRACTORS: Contractors providing goods/services to CDA contractors receiving funding from CDA. STAFF: Employees and volunteers of CDA contractors and subcontractors. This training module is designed for you if you are staff of a CDA Affiliate and you access, collect or store information for CDA. Page 4

Terms and Acronyms Access Affiliates CA CDA Data Subject Disclosure This training module’s underlined terms display a definition by holding your cursor over the word. Access Obtain and/or use CDA information assets. Affiliates CDA contractors, vendors, subcontractors, volunteers, and their staff. CA California CDA California Department of Aging Data Subject An individual to whom personal data relates e.g. program clients. Disclosure Releasing protected information. Information Assets (1) All categories of information, including (but not limited to) records, files, and data bases; and (2) information technology facilities, equipment (e.g. personal computers, laptops, PDAs), and software owned or leased by state agencies. PDA Personal Digital Assistant PRA California Public Records Act Redact Remove confidential, sensitive, or personal information from an information asset. Security Incident Instances when information assets are modified, destroyed, disclosed, lost, stolen or accessed without proper authorization. Third Party Authorized legal representative, relative or friend, business associate, financial company or business authorized by the data subject. Page 5

As a CDA Affiliate, you are responsible for adopting operational policies, procedures, and practices to protect CDA information assets. Page 6

(but are not limited to): CDA Information Assets include (but are not limited to): Information collected and/or accessed in the administration of CDA programs and services. Information stored in any media form, paper or electronic. Page 7

CDA information assets for work-related purposes only. You may access CDA information assets for work-related purposes only. DO NOT MAKE COPIES (photocopies, scans, photo images, etc.) of CDA’s confidential, sensitive and/or personal information for personal use. DO NOT REMOVE confidential and/or sensitive information from the work premises without authorization. DO NOT MODIFY OR DESTROY confidential and/or sensitive information without authorization. Page 8

Information assets are often stored using: Personal computers, Laptops, Office and workstation file drawers, and Portable devices such as: thumb drives, discs, PDAs, etc. Page 9

Information assets must be classified Information assets must be classified. Classifying information enables you to: Assign appropriate protection levels, Apply standard information handling practices, and Adhere to disclosure policies. Page 10

Public, Confidential, Sensitive, and/or Personal. As a CDA Affiliate, you work with information assets classified as: Public, Confidential, Sensitive, and/or Personal. Page 11

Public Information Definition Examples Disclosure The California Public Records Act (PRA) defines public records as information relating to the conduct of the public’s business that is prepared, collected, or maintained by, or on behalf of, State agencies. There are certain statutory exemptions and privileges that allow agencies to withhold specific information from disclosure. Examples Correspondence, program memos, bulletins, e-mails, and organization charts. Portions of a public record may include sensitive or personal information. Disclosure Disclosure is required; however, all confidential or personal information must be redacted or blacked-out prior to disclosure. No identification from the requester is required. Page 12

Confidential Information Definition Information maintained, collected, accessed, or stored by a State agency or its Contractors/Vendors that is exempt from disclosure under the provisions of the PRA or other applicable State or federal laws. Examples Medical information, Medi-Cal provider and beneficiary personal identifiers, Treatment Authorization Requests (TARs), personnel records, social security numbers, legal opinions, and proprietary Information Technology (IT) information. Disclosure Disclosure is allowed to: individuals to whom the information pertains or an authorized legal representative upon his/her request (proper identification required); third parties with written consent from the Individual to whom the information pertains or an authorized legal representative; public agencies for the purpose of administering the program as authorized by law; fiscal intermediaries for payment for services; and government oversight agencies. Page 13

Sensitive Information Definition Information maintained, collected, accessed, or stored by State agencies or their Contractors/Vendors that may not be considered confidential pursuant to law but still requires special precautions to protect it from unauthorized access, use, disclosure, loss, modification or deletion. Examples Policy drafts, system operating manuals, network diagrams, contractual information, records of financial transactions, etc. Disclosure Disclosure is allowed to: individuals to whom the information pertains or an authorized legal representative upon his/her request; third parties with written consent from the individual to whom the information pertains or an authorized legal representative; public agencies for the purpose of administering the program as authorized by law; fiscal intermediaries for payment for services; and government oversight agencies. Page 14

Personal Information Definition Examples Disclosure Information which identifies or describes an individual that is maintained, collected, accessed, or stored by a State agency or its Contractors/Vendors. Examples Examples include name, social security number, home address and home phone number, driver’s license number, medical history, etc. Disclosure Disclosure is allowed to: individuals to whom the information pertains or an authorized legal representative upon his/her request (Note that an individual has a right to see, dispute, and correct his or her own personal information); third parties with written consent from the individual to whom the information pertains or an authorized legal representative; public agencies for the purpose of administering the program as authorized by law; fiscal intermediaries for payment for services; and government oversight agencies. Page 15

Written consent to access or release an individual’s personal information must include: Signature of the individual to whom the information pertains or an authorized legal representative; Date signed; and Description of the records that the individual agrees to release. Page 16

Disclosure Verification Guide Classification Request Verification Public In person, by mail, e-mail, fax or telephone No identification required. Confidential, Sensitive, and/or Personal In person Photo identification. (Examples: driver’s license, government identification, passport, etc.) By mail, e-mail, or fax Written consent by the data subject or an authorized legal representative and requester’s photo identification. Page 17

Confidential, Sensitive, and/or Personal Review Classification Disclosure Policy Public Disclosure is allowed. All sensitive, confidential, or personal information must be redacted. Notify the requester in writing when the information is not readily available. Confidential, Sensitive, and/or Personal Disclosure is only allowed to: verified data subjects or an authorized legal representative upon his/her request, third parties with written consent from the data subject/an authorized legal representative, public agencies as permitted by law. Page 18

When you follow proper information disclosure policies, you protect CDA information assets and avoid security incidents. Page 19

What is a security incident? How do you report a security incident? Complete and submit a Security Incident Report (CDA 1025) form to the CDA Information Security Officer within five (5) business days of date the incident occurred or was detected. What should you do in case of a security incident? Report all incidents to the CDA Program Manager and/or the CDA Affiliate immediately upon occurrence or detection. What is a security incident? A security incident occurs when information assets are modified, destroyed, disclosed, lost, stolen or accessed without proper authorization. Page 20

You may be sanctioned and/or held personally liable for the loss or unauthorized access, use, modification, destruction, or disclosure of CDA information assets. Page 21

CDA Affiliates may be sanctioned and/or held liable for the loss or unauthorized access, use, modification, destruction, or disclosure of CDA information assets. Page 22

You may be liable or sanctioned for: a security incident, or failure to report an incident. The following liabilities/sanctions may apply: Administrative (e.g. contract termination, personnel action) Criminal prosecution Civil liability Page 23

You have successfully completed Thank you for your cooperation! CDA Security Awareness Training. Click HERE to access, complete, and print the Certificate of Completion. Keep a copy on file with your employer. Thank you for your cooperation! Page 24

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.