Information Security
Training forPeople who Supervise Computer Users
The HIPAA Security Law Became Effective April 21, 2005!
We have new Information Security policies and procedures
Taking good care of our data has become very important!
All staff who supervise computer users received new responsibilities
All files on our network have been classified according to security level, and must be stored appropriately
First, Some Definitions
Facility Data – data which is acquired, developed, or maintained by our staff in performance of their official job duties
Application – a purchased, shared, or developed set of files which maintains Facility Data
Application Owner – a single, designated person responsible for this application and the data it maintains
More HIPAA Security Definitions
Data File – a computer file (often in Word, Excel, or Access format) which contains Facility Data
Computer User – staff who use a Facility computer in performance of their assigned duties
Data Owner – the person who created and saved a file which contains Facility Data, or, in the case of an application, the application owner
All Files on the Network have been Classified According to Security Level
All network files are classified as either:
Public Files – Usually on our Internet Site, not protected
Private Files – Usually stored on S: Drive, shared among all JIRDC network users, protected by Network Login requirement
Secure Files – Except for Application Software and Secure Systems, all JIRDC files NOT stored on the Public Shared folder, protected by Network Rights
Application Software – Things like Word and Excel
Secure Systems – Those applications which are not adequately protected by network authentication and network authorization controls, such as HEARTS
Files Must Be Stored in Secure Network Folders
All files on the Local Area Network are kept in folders
If the folder is the S: (S for Shared), then the files are private, but not confidential, and can be seen by all our computer users. No PHI should be stored here
All other folders are for Secure Files, and cannot be seen by anybody unless they have been granted network rights. PHI can be stored
All Staff who Supervise Computer Users Have Certain Responsibilities
Ensuring that their employees are aware of and observe all computer security requirements
Monitoring employee activities to ensure compliance with all software legal requirements
Ensuring that only authorized software runs on State computers
More Supervisor Responsibilities
When responsibilities change, additional computer training may be necessary
Security roles and responsibilities should be addressed at the recruitment stage
New security clearance requirements for high sensitivity positions
Position changes require a review of security clearance requirements relative to sensitivity
More Supervisor Responsibilities
Employees cannot connect personal USB drives, digital cameras, PDAs, or laptop computers to our network
Employees cannot take JIRDC files home with them without prior permission
Employees cannot place files which contain PHI on laptop computers without both permission and encryption
Security Awareness Day!
April 9 – 13, 2007 is Information Privacy and Security Awareness Week
We need help from Supervisors of Computer Users on that day– Giving Security Warnings to Computer Users– Giving Security Awards to Computer Users
Warnings will be unrecorded, and “for fun” Awards will be helium balloons, some with
money inside
The HIPAA Security Rule Balancing Home Living with Secure Information
The Work is Worth It!The Work is Worth It!
Top Related