1 / 11

Information Security

Information Security Training for People who Supervise Computer Users The HIPAA Security Law Became Effective April 21, 2005! We have new Information Security policies and procedures Taking good care of our data has become very important!

Olivia
Download Presentation

Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information Security Training forPeople who Supervise Computer Users

  2. The HIPAA Security Law Became Effective April 21, 2005! • We have new Information Security policies and procedures • Taking good care of our data has become very important! • All staff who supervise computer users received new responsibilities • All files on our network have been classified according to security level, and must be stored appropriately

  3. First, Some Definitions • Facility Data – data which is acquired, developed, or maintained by our staff in performance of their official job duties • Application – a purchased, shared, or developed set of files which maintains Facility Data • Application Owner – a single, designated person responsible for this application and the data it maintains

  4. More HIPAA Security Definitions • Data File – a computer file (often in Word, Excel, or Access format) which contains Facility Data • Computer User – staff who use a Facility computer in performance of their assigned duties • Data Owner – the person who created and saved a file which contains Facility Data, or, in the case of an application, the application owner

  5. All Files on the Network have been Classified According to Security Level • All network files are classified as either:Public Files – Usually on our Internet Site, not protectedPrivateFiles – Usually stored on S: Drive, shared among all JIRDC network users, protected by Network Login requirementSecure Files – Except for Application Software and Secure Systems, all JIRDC files NOT stored on the Public Shared folder, protected by Network RightsApplication Software – Things like Word and ExcelSecure Systems – Those applications which are not adequately protected by network authentication and network authorization controls, such as HEARTS

  6. Files Must Be Stored in Secure Network Folders • All files on the Local Area Network are kept in folders • If the folder is the S: (S for Shared), then the files are private, but not confidential, and can be seen by all our computer users. No PHI should be stored here • All other folders are for Secure Files, and cannot be seen by anybody unless they have been granted network rights. PHI can be stored

  7. All Staff who Supervise Computer Users Have Certain Responsibilities • Ensuring that their employees are aware of and observe all computer security requirements • Monitoring employee activities to ensure compliance with all software legal requirements • Ensuring that only authorized software runs on State computers

  8. More Supervisor Responsibilities • When responsibilities change, additional computer training may be necessary • Security roles and responsibilities should be addressed at the recruitment stage • New security clearance requirements for high sensitivity positions • Position changes require a review of security clearance requirements relative to sensitivity

  9. More Supervisor Responsibilities • Employees cannot connect personal USB drives, digital cameras, PDAs, or laptop computers to our network • Employees cannot take JIRDC files home with them without prior permission • Employees cannot place files which contain PHI on laptop computers without both permission and encryption

  10. Security Awareness Day! • April 9 – 13, 2007 is Information Privacy and Security Awareness Week • We need help from Supervisors of Computer Users on that day • Giving Security Warnings to Computer Users • Giving Security Awards to Computer Users • Warnings will be unrecorded, and “for fun” • Awards will be helium balloons, some with money inside

  11. The HIPAA Security RuleBalancing Home Living with Secure Information The Work is Worth It!

More Related