Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Training

Published byBerenice Foster Modified over 5 years ago

Similar presentations

Presentation on theme: "Information Security Training"— Presentation transcript:

1 Information Security Training
2018

2 Privacy & Security Compliance
RCHSD is Committed to Privacy & Security Compliance Our goals with this training module are to Assist you with meeting compliance obligations; Help you understand key elements of privacy and security compliance to protect patient privacy and honor our promise to patients, families and regulators to keep medical records and patient information confidential. Upon completing this module you will understand: How to help protect the privacy of patient information; Common risks to privacy and security; How to describe safeguards used to protect patient information and information assets; Your compliance obligation to prevent privacy breaches and report suspected breaches when they occur.

3 The Number of Breaches per year in Health Care is Increasing Exponentially

4 DHHS Reported Incidents
Our Information is Valuable DHHS Reported Incidents Marin Healthcare District – September, 2016 Ransomware infected systems operated by the covered entity’s business associate, Marin Medical Practice Concepts, Inc. During the restoration process, one of the backup systems failed, causing the loss of protected health information…… Medical College of Wisconsin – September, 2016 An unauthorized third-party comprised the protected health information found in an employee’s account for a period of three days. The compromised account contained the PHI of 3,225 individuals. The types of PHI involved in the breach included full names, home addresses, dates of birth, medical record numbers, diagnoses, and/or treatment information, and the social security numbers of two patients…

5 HIPAA and the Security Rule
Covered entities are required to adhere to U.S. Department of Health and Human Services (HHS) developed regulations protecting the security of certain health information These regulations form the security rule, which establish national standards to protect individuals’ electronic PHI Requires appropriate security controls to ensure the following is applied to all electronic PHI Confidentiality – Ensuring information is not improperly disclosed; Integrity – Ensuring data is accurate, complete and has not been altered in an unauthorized manner; Availability – Systems are accessible upon demand by those authorized to use them to help care for our patients.

6 Information Security Goals
The Security Rule and Information Security Goals The goal of RCHHC is safeguard our information and to comply with HIPAA Security Rule requirements by implementing administrative, physical and technical safeguards. RCHHC employees, contractors and affiliates have a personal responsibility to protect information and systems by: Adhering to and internet security principles Following best practices for computer access Reporting incidents

7 Protecting PHI & Other Sensitive Information in Email Correspondence
Consider whether the you’re sending to an address outside RCHSD contains PHI or other sensitive/confidential information. Remember, you should always ask yourself, “Should this type of information be leaving our organization?” or “Does the recipient have a need to know this information?” PHI or sensitive information sent by MUST be encrypted first using an approved encryption method NEVER use unauthorized public portal sites such as Box, DropBox, iCloud. If doesn’t meet your requirements, contact the service desk

8 Encryption If you need to send PHI or sensitive information, you must encrypt your message with one of these methods: Select the Encrypt & Send “ZixSelect” button right above your send key when you open an (if you don’t have this button, call the Service Desk at ext. 5177), OR Include the word Secure in the subject line of your . IMPORTANT: Before you hit send, make sure your is only addressed to those you want to send it to.

9 Email Data Loss Prevention
RCHSD utilizes a Data Loss Prevention technology that blocks s sent by users which contain unencrypted PHI. If you receive a blocked notification, review your sent , make any corrections and resend.  If you feel your has been blocked in error, please contact the Compliance Department at The Compliance Department receive copies of blocked s and will monitor those s accordingly. 

10 Social Engineering Social engineering is defined as manipulating and exploiting human behavior in order to gain unauthorized access to a system or to information. Common targets are: Passwords Employee’s personal data Other sensitive information

11 Phishing Attacks Phishing s (or texts) is an example of social engineering where an attacker seeks information or access through a targeted message. They typically alert you to a problem or request information and often include links that could introduce malware or expose information when clicked. These s look real and often pretend to be from another employee or from IT.

12 Information Security Best Practices
and Internet Information Security Best Practices Do’s and Do Not’s Do Encrypt s containing PHI, PII, or other sensitive data. Do report suspicious s to Do Not Click on suspicious links in or on internet sites Do Not respond to or text messages that ask for personal information like credit card numbers, Social Security numbers, passwords, etc. Do Not use a personal device to access or store PHI if the device has not been approved Do Not open attachments from untrusted sources

13 Preventing Unauthorized Access
Use strong passwords and commit them to memory Never use the same password for your work account as for your personal account. Recent compromises on commercial sites (Yahoo!, LinkedIn, etc.) have exposed personal passwords! DO NOT write down passwords! Never leave a workstation that is logged in unattended: Lock your computer screen by pressing Ctrl-Alt-Delete whenever you leave a desk or work area, and be sure to secure the application you are using Log off of your computer when you leave work each day

14 Preventing Unauthorized Disclosure
Never leave laptops or devices that contain PHI unattended in open areas such as cars, restaurants or waiting rooms Never leave printers unattended when printing sensitive information Never leave your computer monitor open towards public view when sensitive information is being accessed Report suspicious activities to the Service Desk Report suspected HIPAA violations through the Safety Reporting System (SRS).

15 Your Role in Privacy and Security Compliance
Understand the reasons for confidentiality and agree to abide by our confidentiality policies and procedures; Keep patient information confidential at all times including electronic, written and verbal information; Report suspected or known violations of confidentiality and security such as: Unauthorized or suspicious visitors; Logged-on but unattended workstations; Uncontrolled access to areas that house equipment and/or PHI; Passwords on Post-it™ notes; Staff accessing records without a need to know.

16 Reporting Breaches or Other Security Concerns
Call the Chief Information Security Officer! Use the Safety Reporting System Call the Compliance Hotline!! Reporting is Everyone’s Responsibility…do you know the Safety Penquin?

17 If You Have Concerns There are a number of resources available to you. Please do not hesitate to call if you have questions, suggestions or concerns: Contact Christina Galbo, Chief Compliance & Privacy Officer at (858) or Contact Melody Herbert, Privacy Compliance Manager at (858) ext or Contact the IT Security Department at (858) or Call the confidential Compliance Hotline at (877)

18 Reporting a Concern to the Compliance Hotline
There may be times when your concerns cannot be properly addressed through the normal chain of command; Available seven days a week including all holidays; Your confidentiality and anonymity are guaranteed to the extent permitted by law; Your call will not be recorded or traced; All allegations will be thoroughly investigated and verified before any action is taken.

19 Compliance Hotline 1-877-862-4228
Do You Have a Concern? Make the right call Compliance Hotline 24 HOUR TELEPHONE HOTLINE Staffed by trained personnel Independent from RCHHC Important that sufficient detail is shared This hotline should be used to report concerns about potential violations and to receive follow-up information in confidence

20 Non-Retaliation You will not be retaliated against for voicing a legitimate concern to RCHSD, or to an outside entity. If you feel you are a victim of retaliation, please report your concerns to the Compliance Department immediately to initiate an investigation.

Download ppt "Information Security Training"

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.

Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Protecting Sensitive Information PA Turnpike Commission.

Protecting Sensitive Information PA Turnpike Commission.

Similar presentations

Ads by Google