SHS Annual Information Privacy and Security Training

Similar documents
HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

Employee Security Awareness Training

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

HIPAA UPDATE. Michael L. Brody, DPM

HIPAA Privacy and Security Training Program

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

Compliance & HIPAA Annual Education

Protecting Your Gear, Your Work & Cal Poly

Information Privacy and Security Training 2016 for Instructors and Students. Authored by: Office of HIPAA Administration

Identity Theft Prevention Policy

Information Technology Update

NMHC HIPAA Security Training Version

Information Technology Standards

Information Privacy and Security Training Authored by: Office of HIPAA Administration

LifeWays Operating Procedures

Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Federal Security Rule H I P A A

Business/Commercial Client Internet Banking Awareness and Education Program

Electronic Communication of Personal Health Information

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

HELPFUL TIPS: MOBILE DEVICE SECURITY

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

University of North Texas System Administration Identity Theft Prevention Program

Privacy and Security for the Medical Student. HIPAA Compliance Audit and Compliance Services Mount Sinai Health System

Why you MUST protect your customer data

Retail/Consumer Client Internet Banking Awareness and Education Program

Computing Policies / Procedures

Cyber fraud and its impact on the NHS: How organisations can manage the risk

RED FLAGS IDENTITY THEFT PREVENTION PROGRAM

How Cyber-Criminals Steal and Profit from your Data

Seven Requirements for Successfully Implementing Information Security Policies and Standards

Security Audit What Why

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

The Data Breach: How to Stay Defensible Before, During & After the Incident

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

University of Pittsburgh Security Assessment Questionnaire (v1.7)

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

How to Build a Culture of Security

Security and Privacy Breach Notification

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Lakeshore Technical College Official Policy

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

Name of Policy: Computer Use Policy

Department of Public Health O F S A N F R A N C I S C O

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Corporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

FAQ. Usually appear to be sent from official address

HIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996

HIPAA & Privacy Compliance Update

A practical guide to IT security

Mobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference

Employee Security Awareness Training Program

Regulation P & GLBA Training

HIPAA FOR BROKERS. revised 10/17

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

HIPAA and HIPAA Compliance with PHI/PII in Research

Self-Directed Learning: UPMC Privacy and Information Security Policies

REPORTING INFORMATION SECURITY INCIDENTS

Red Flags Program. Purpose

Acceptable Use Policy

Online Security and Safety Protect Your Computer - and Yourself!

Cybersecurity The Evolving Landscape

Securing Information Systems

Chapter 12. Information Security Management

HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER

Acceptable Use Policy

North Carolina Health Information Exchange Authority. User Access Policy for NC HealthConnex

HMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING. Created By:

Information Security Policy

What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996.

Let s get started with the module Ensuring the Security of your Clients Data.

HIPAA & HITECH Training 2018

Acceptable Use Policy

Putting It All Together:

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Privacy: Whose Information Is It?

PRIVACY-SECURITY INCIDENT REPORT

Enviro Technology Services Ltd Data Protection Policy

Subject: University Information Technology Resource Security Policy: OUTDATED

BEST PRACTICES FOR PERSONAL Security

Start the Security Walkthrough

IAM Security & Privacy Policies Scott Bradner

7.16 INFORMATION TECHNOLOGY SECURITY

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Information Security Policy for Associates and Contractors

TERMS OF USE Terms You Your CMT Underlying Agreement CMT Network Subscribers Services Workforce User Authorization to Access and Use Services.

PCI Compliance. What is it? Who uses it? Why is it important?

Red Flag Regulations

Cyber Security Issues

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Acceptable Use Policy

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Transcription:

SHS Annual Information Privacy and Security Training

Purpose for Training Samaritan Health Services has created the following training to meet the annual regulatory requirements for education related to information privacy and security as part of our corporate compliance program. Assignment of this training has been requested/approved by Colleen Fair, SHS Corporate Compliance Officer.

Information Privacy: What Is It? Establish and maintain the confidentiality and security of our patients and members protected health information (personal, financial and/or health information) in all forms paper, verbal, electronic, and social.

When Should You Access, Use or Share Patient/Member PHI? With patient/member authorization When it is part of your work-related duties for Treatment Payment Healthcare Operations As required by law Contact your supervisor, Compliance/Privacy Officer, Information Security Officer

Question 1 When are SHS employees allowed to access patient or member PHI? a) To satisfy a curiosity b) For Treatment, Payment, or Operations c) When they are concerned about a neighbor s health d) When asked by a co-worker e) At any time

When Accessing Patient/Member Information REMEMBER Only access the minimum necessary information required to fulfill your job duties and responsibilities.

Investigating Concerns Privacy and Security concerns are investigated by the SHS Privacy Officer and/or the Information Security Officer. See the SHS Information Privacy & Security Investigation and Corrective Action policy

Auditing of System Activity SHS audits user access to patient/member electronic medical records. Inappropriate access may lead to corrective action, up to and including termination.

Question 2 The worst thing that can happen to an employee who inappropriately accesses patient PHI is: a) Lunch detention b) Verbal counseling c) Stern warning d) Termination e) Final written warning

Information Security: What Is It? The mission of the SHS Information Security Program is to protect valuable SHS resources Information security is everyone s responsibility

What Valuable Resources are We Protecting? Protected Health Information (PHI) Other Sensitive Information, including: Social Security Numbers Credit Card Numbers HR Data SHS Financial Data Laptops, Computers, Mobile Devices SHS Reputation in the Community SHS Legal Position Employees

Why You Need to Know About Information Security Without information security, SHS cannot protect PHI, other sensitive information, and other valuable SHS resources The Health Insurance Portability and Accountability Act (HIPAA) requires SHS to provide for the physical and electronic security of PHI Our customers expect us to protect their privacy

What Are The Greatest Threats to These Valuable Resources? Phone-Based Social Engineering Phishing Email Scams Computer Viruses Weak Passwords Revealing Login and password information Mobile Devices Improper Disposal of Sensitive Information

Question 3 Among the greatest threats to valuable SHS resources are: a) Phishing emails b) Malware c) Streaming music services d) Sedentary lifestyles e) C&D only f) A&B only

Phone-Based Social Engineering Social Engineering is manipulation of people into performing actions or divulging confidential information External callers might ask you to: share your password or email address navigate to a website download a document

How to Protect Yourself from Phone-Based Social Engineering Attacks Verify external callers Ask for their name and telephone number Offer to call them back at their number Never reveal your SHS network password to anyone, including co-workers SHS will never contact you and ask you for your network password Call the IS Service Desk if you receive a suspicious phone call

Question 4 To protect yourself from Phone-Based Social Engineering attacks: a) Never answer your phone b) Never share your password with anyone c) Forward all of your work call to your manager s extension d) Verify the identity of callers e) A & C only f) B & D only g) All of the above

Phishing Email Attacks Phishing Emails are after your SHS network access Phishing Emails often contain: Promises, offers, or threats An attachment that contains a computer virus A link that takes you outside the SHS network Requests for your user name and password

How to Protect Yourself from Phishing Email Attacks Verify the email sender before responding Hover over links to verify web addresses Never reveal your SHS network password to anyone, including co-workers SHS will never contact you and ask you for your network password Call the IS Service Desk if you receive a suspicious email

Question 5 To protect yourself from Phishing Email attacks: a) Verify senders of external emails b) Never reveal your SHS password c) Call the IS Service Desk if you suspect a phishing email d) Don t open attachments or click on links from external senders unless you were expecting the email. e) All of the above

Computer Viruses and Other Malware Malware" is short for malicious software and refers to software that causes damage to computers or networks. Malware includes viruses, spyware, Trojan Horses, and internet worms. Viruses and other malware get introduced to the SHS network most frequently when employees: Open an email attachment that contains a virus Download a file from a website Visit a website that has malware on it

Protecting Yourself from Malware Limit personal internet access while on SHS network to incidental and occasional use only Visit only trusted websites Do not open attachments from unexpected or untrusted external email sources Maintain anti-virus protection on personal computers and mobile devices that you use to connect to the SHS network Contact the Service Desk if you are uncertain about an email attachment or a website

Choosing and Protecting Your Passwords Longer and complex passwords are generally more secure Passphrases can be easier to remember and are hard to crack Never Share Your SHS Network password with anyone Do not reuse your SHS Network password on any other site Do not write your password down and store it in an unsecured place, especially on your desk or next to your computer

How to Prevent Loss or Theft Secure mobile devices (laptops, tablets, smart phones, and USB drives) at all times Do not leave mobile devices unattended in your car Do not store sensitive information on your mobile device unless it is part of an approved business process Lock or log off your workstation when not in use Know and enforce your site s visitor policies

Proper Disposal of Sensitive Information Dispose of all printed material in Shred-It bins Destroy CDs and DVDs that contain sensitive information before disposing of them

If You See Something, Say Something Report anything suspicious or out of the ordinary Rapid response minimizes the damage done as the result of an information security incident Report lost or stolen devices or equipment to the IS Service Desk immediately at: (541) 768-4911 SHSISServiceDesk@samhealth.org

In Conclusion Protect valuable SHS Assets Identify and understand threats to security Protect yourself from Phishing Attacks and Malware Safeguard your passwords Secure mobile devices Report anything suspicious

Compliance Team Colleen Fair, Corporate Compliance and Privacy Officer cfair@samhealth.org - (541) 451-7928 James Kelly, Information Security Officer jkelly@samhealth.org - (541) 768-4507 Tyler Jacobsen General Counsel tjacobsen@samhealth.org (541) 768-4478 Altove (Tovee) Rowley Assistant General Counsel arowley@samhealth.org (541) 768-4691 SHS Compliance Anonymous Hotline: 866-297-0489 or at www.ethicspoint.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback