80 likes | 202 Views
CSP Annual Security Training. Miranda Gregory, CSP Analyst Carroll County Department of Citizen Services. Security is Important!. Client data is confidential Clients have a right to determine how their data is shared Client data can be shared between agencies using CSP
E N D
CSP Annual Security Training Miranda Gregory, CSP Analyst Carroll County Department of Citizen Services
Security is Important! • Client data is confidential • Clients have a right to determine how their data is shared • Client data can be shared between agencies using CSP • We must ensure that all clients have a signed ROI with their data in CSP • Agencies must also agree to share data in order for their data to be shared
Release of Information • Release of Information (ROI) • All clients must have an ROI on file with the agency prior to being entered into CSP • Clients have a right to request that their data not be entered into CSP • When this happens, clients can be entered anonymously • Clients also have a right to request that their data not be shared with other agencies, even if the agencies have a sharing agreement • When this happens, the visibility settings on the assessments must be adjusted before any client data is entered • Visibility settings are adjusted using the locks on each assessment* • ROI’s are typically good for 3 years; however some agencies require ROI’s to be updated annually • See your Agency Administrator for details *Currently, the Universal Data Assessment (UDA) is the only one set up to default share. If the client wishes to share more data, other assessments can be modified accordingly using the locks.
Passwords • Passwords in CSP must be changed every 45 days • 8-14 characters long • At least 2 characters must be numbers • Best Practice: At least 1 capital letter, At least 1 lowercase letter, and at least 1 special character (!,@,#,$,%,^,&,*) • The system does not allow using the same password 2x in a row • If you mistype your password 3x in a row, the system will lock you out, and you will need an admin to reset you • Agency Admins or the CSP Analyst can reset passwords • Your Agency Admin is your first point of contact
Security Points • DO NOT share your logon information • You are legally responsible for everything that is done in the system using your logon. If you share it, you are legally responsible for anything the other person does in the system • Only view/edit client records when they are needed for you to do your job • Do not share data with unauthorized persons • Log out of CSP before leaving your computer • An unattended workstation with the system open is a threat to the security of the system.
The Bottom Line • CSP contains much of the same information about our clients that we store in paper files • We must secure our CSP records like they are our paper files • For this reason, only authorized users who have been trained on CSP may access the system • Any printed files from CSP must be secured just like our paper files • Any files downloaded from CSP that contain client identifying information must be password protected
Breaches of Security • Each agency has a security officer • Usually the Agency Admin • If you suspect inappropriate use of CSP, you must report it immediately to your agency’s security officer • Your agency security officer will then contact the CSP Analyst who will investigate the report • If a breach is found, sanctions may be taken against the user and the agency
Questions? • Any questions specific to procedures at your agency should be directed to your Agency Admin • Other questions can be directed to your Agency Admin or… • Miranda Gregory, CSP Analyst • mgregory@ccg.carr.org or 410-386-3600