SlideShare a Scribd company logo

Week 1 discussion 2 confidentiality final

Download as PPTX, PDF
Lucy Lacy
Lucy Lacy

This document outlines the objectives and key points of a privacy and information security awareness course. It discusses laws governing protected health information, such as HIPAA and HITECH. Sensitive information that must be protected includes PHI and PII. Individual responsibilities include maintaining integrity, confidentiality, and availability of information. Incidents like unauthorized access or discussion of sensitive data should be reported. Failure to comply with privacy laws can result in civil or criminal penalties such as fines and imprisonment.

1 of 13
PRIVACY & INFORMATION SECURITY AWARNESS Ashford University MHA 690: Health Care Capstone Dr. Sherry Grover May 23, 2013
Course Objectives  Knowledge about the laws that governs the privacy and protection of identifiable health information  Recognize the types of information that must be kept private Recognize your responsibilities to protect privacy when dealing with sensitive information How to protect the privacy of identifiable health information Examples of incidents to report Knowledge of the process for reporting incidents and penalties of non-compliance
Laws and Regulations  Privacy Act of 1974 – Governs the collection, use and distribution o a person’s identifiable information kept in a system of record  Health Insurance Portability & Accountability Act (HIPPA)- law th protects the privacy of ones person’s personal health information  Federal Information Security Management Act (FISMA) – law that requires a risk assessment program, policies and procedures, evaluation of security controls, and provide training of information security to all employees  Health Information Technology for Economic and Clinical Health Act (HITECH) – requires patients to be notified of security breach, funds the adoption of health information technology for organization and enforces HIPPA violation penalties
What to Protect Sensitive information includes both our organizational business information and patients’ private information. Violations can be accidental or purposefully. Do not disclose, modify, or destroy any sensitive information unless you are authorized to do so. Sensitive information includes:  Protected Health Information (PHI) Personal Identifiable Information Internal Business Information
Your Responsibilities to Protect It Information security will be maintained when you ensure the following: Integrity – information is secure and protected from being damaged or altered Confidentiality – information is kept private and not disclosed to those who do not have permission to view it Availability – access to information systems and networks are available to those who have been granted permission
How to Protect It Follow the policies and procedures Only access and view information that is needed for you to do your job Use encrypted email  Do not place sensitive information in trash receptacles Do not discuss sensitive information in public places
Information Security Officer (ISO) Privacy Officer Your Supervisor Who Can Provide Support?
Examples of Incidents Observing someone access records that he/she should not Observing someone change or delete records without proper permission Finding a device with sensitive information Hearing a persons discussing sensitive information to an unauthorized person Accessing mail or email that you should not access
Examples of Incidents Observing someone access records that he/she should not Observing someone change or delete records without proper permission Finding a device with sensitive information Hearing a persons discussing sensitive information to an unauthorized person Accessing mail or email that you should not access
How to Report an Incident Immediately notify your supervisor and ISO of:  Person (s) involved  The time of the incident  What information was shared If the incident is after hours or weekends, you can call the Helpdesk @ 800-877-4327.
Consequences Suspension of access to information systems Disciplinary actions in your personnel file Suspension or job loss Civil or criminal prosecution Fines and/or imprisonment
Civil and Criminal Penalties Destroy records without being authorized - $2000 in fines & 3 years in prison Violation of the Privacy Act - $5000 & 1 year in prison per occurrence Intentional incident - $250,000 fines & 10 years in prison
References All images were from http://www.dreamstime.com/free-photos- images/flowers.html Privacy and Information Security Awareness. Retrieved from: https://www.tms.va.gov Velez, J. (2003). Hippa privacy compliance implications and solutions. Caribbean Business.

Recommended

Week 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityWeek 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityLucy Lacy
 
Confidentially in the workplace
Confidentially in the workplaceConfidentially in the workplace
Confidentially in the workplaceKnighten
 
Blodgett MHA 690 W1 D2
Blodgett MHA 690 W1 D2Blodgett MHA 690 W1 D2
Blodgett MHA 690 W1 D2Amanda Blodgett
 
Hipaa training
Hipaa trainingHipaa training
Hipaa trainingTara Dye
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
hipaa presentation
hipaa presentation hipaa presentation
hipaa presentationRenee Bell
 
Administrative safeguards
Administrative safeguardsAdministrative safeguards
Administrative safeguardsMelissa President
 
Mha 690 wk 1 dis 3
Mha 690 wk 1 dis 3Mha 690 wk 1 dis 3
Mha 690 wk 1 dis 3akudan
 

Recommended

Week 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityWeek 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityLucy Lacy
 
Confidentially in the workplace
Confidentially in the workplaceConfidentially in the workplace
Confidentially in the workplaceKnighten
 
Blodgett MHA 690 W1 D2
Blodgett MHA 690 W1 D2Blodgett MHA 690 W1 D2
Blodgett MHA 690 W1 D2Amanda Blodgett
 
Hipaa training
Hipaa trainingHipaa training
Hipaa trainingTara Dye
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
hipaa presentation
hipaa presentation hipaa presentation
hipaa presentationRenee Bell
 
Administrative safeguards
Administrative safeguardsAdministrative safeguards
Administrative safeguardsMelissa President
 
Mha 690 wk 1 dis 3
Mha 690 wk 1 dis 3Mha 690 wk 1 dis 3
Mha 690 wk 1 dis 3akudan
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentialityscarollo
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hsslearfield
 
Data protection policy alex clapson 20-11-17
Data protection policy alex clapson 20-11-17Data protection policy alex clapson 20-11-17
Data protection policy alex clapson 20-11-17Alex Clapson
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Trainingridley27
 
Presentation5
Presentation5Presentation5
Presentation5Hana Tsege
 
Hippa presentation
Hippa presentationHippa presentation
Hippa presentationramona kelley
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynchplynch2012
 
Confidentiality and you
Confidentiality and youConfidentiality and you
Confidentiality and youyola121
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017Ashley Valenzuela
 
Confidentiality Rules
Confidentiality RulesConfidentiality Rules
Confidentiality Ruleskholman1
 
What is HIPAA
What is HIPAAWhat is HIPAA
What is HIPAALatonya Owens
 
What is HIPAA
What is HIPAAWhat is HIPAA
What is HIPAALatonya Owens
 
Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Compliancy Group
 
HIPAA Compliance Checklist
HIPAA Compliance ChecklistHIPAA Compliance Checklist
HIPAA Compliance ChecklistLeigh-Ann Renz
 
Hippa
HippaHippa
Hippakimgeorgelong08
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
1st isaca conference program
1st isaca conference program1st isaca conference program
1st isaca conference programGeorge Papoulias
 
Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Chapelle Ryon
 
CONFIDENTIALITY AGREEMENT - Contract Template and Sample
CONFIDENTIALITY AGREEMENT - Contract Template and SampleCONFIDENTIALITY AGREEMENT - Contract Template and Sample
CONFIDENTIALITY AGREEMENT - Contract Template and SampleGlobal Negotiator
 
Non-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsNon-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsLegal artviser
 
Fraud Prevention - St. Louis - March 6, 2015
Fraud Prevention - St. Louis - March 6, 2015Fraud Prevention - St. Louis - March 6, 2015
Fraud Prevention - St. Louis - March 6, 2015Ron Steinkamp
 
Nondisclosure Agreements (Training Notes and Template)
Nondisclosure Agreements (Training Notes and Template)Nondisclosure Agreements (Training Notes and Template)
Nondisclosure Agreements (Training Notes and Template)Cameron Sellers
 

More Related Content

What's hot

Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentialityscarollo
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hsslearfield
 
Data protection policy alex clapson 20-11-17
Data protection policy alex clapson 20-11-17Data protection policy alex clapson 20-11-17
Data protection policy alex clapson 20-11-17Alex Clapson
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Trainingridley27
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynchplynch2012
 
Confidentiality and you
Confidentiality and youConfidentiality and you
Confidentiality and youyola121
 
Confidentiality Rules
Confidentiality RulesConfidentiality Rules
Confidentiality Ruleskholman1
 
Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Compliancy Group
 
HIPAA Compliance Checklist
HIPAA Compliance ChecklistHIPAA Compliance Checklist
HIPAA Compliance ChecklistLeigh-Ann Renz
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 

What's hot (16)

Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
 
Hipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hssHipaa in the era of ehr mo dept hss
Hipaa in the era of ehr mo dept hss
 
Data protection policy alex clapson 20-11-17
Data protection policy alex clapson 20-11-17Data protection policy alex clapson 20-11-17
Data protection policy alex clapson 20-11-17
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
 
Presentation5
Presentation5Presentation5
Presentation5
 
Hippa presentation
Hippa presentationHippa presentation
Hippa presentation
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynch
 
Confidentiality and you
Confidentiality and youConfidentiality and you
Confidentiality and you
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017
 
Confidentiality Rules
Confidentiality RulesConfidentiality Rules
Confidentiality Rules
 
What is HIPAA
What is HIPAAWhat is HIPAA
What is HIPAA
 
What is HIPAA
What is HIPAAWhat is HIPAA
What is HIPAA
 
Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?
 
HIPAA Compliance Checklist
HIPAA Compliance ChecklistHIPAA Compliance Checklist
HIPAA Compliance Checklist
 
Hippa
HippaHippa
Hippa
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guide
 

Viewers also liked

1st isaca conference program
1st isaca conference program1st isaca conference program
1st isaca conference programGeorge Papoulias
 
Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Chapelle Ryon
 
CONFIDENTIALITY AGREEMENT - Contract Template and Sample
CONFIDENTIALITY AGREEMENT - Contract Template and SampleCONFIDENTIALITY AGREEMENT - Contract Template and Sample
CONFIDENTIALITY AGREEMENT - Contract Template and SampleGlobal Negotiator
 
Non-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsNon-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsLegal artviser
 
Fraud Prevention - St. Louis - March 6, 2015
Fraud Prevention - St. Louis - March 6, 2015Fraud Prevention - St. Louis - March 6, 2015
Fraud Prevention - St. Louis - March 6, 2015Ron Steinkamp
 
Nondisclosure Agreements (Training Notes and Template)
Nondisclosure Agreements (Training Notes and Template)Nondisclosure Agreements (Training Notes and Template)
Nondisclosure Agreements (Training Notes and Template)Cameron Sellers
 
WEBINAR - A New Era in HR Security for SAP
WEBINAR - A New Era in HR Security for SAPWEBINAR - A New Era in HR Security for SAP
WEBINAR - A New Era in HR Security for SAPUL Transaction Security
 
CERT - EXXONMOBIL - CYBER SECURITY AWARNESS
CERT - EXXONMOBIL - CYBER SECURITY AWARNESSCERT - EXXONMOBIL - CYBER SECURITY AWARNESS
CERT - EXXONMOBIL - CYBER SECURITY AWARNESSMaria Raju
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Organization Management, business presentations
Organization Management, business presentationsOrganization Management, business presentations
Organization Management, business presentationshttp://www.drawpack.com
 

Viewers also liked (10)

1st isaca conference program
1st isaca conference program1st isaca conference program
1st isaca conference program
 
Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?Security in HR... How secure are your files, really?
Security in HR... How secure are your files, really?
 
CONFIDENTIALITY AGREEMENT - Contract Template and Sample
CONFIDENTIALITY AGREEMENT - Contract Template and SampleCONFIDENTIALITY AGREEMENT - Contract Template and Sample
CONFIDENTIALITY AGREEMENT - Contract Template and Sample
 
Non-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsNon-Disclosure Agreement: key points
Non-Disclosure Agreement: key points
 
Fraud Prevention - St. Louis - March 6, 2015
Fraud Prevention - St. Louis - March 6, 2015Fraud Prevention - St. Louis - March 6, 2015
Fraud Prevention - St. Louis - March 6, 2015
 
Nondisclosure Agreements (Training Notes and Template)
Nondisclosure Agreements (Training Notes and Template)Nondisclosure Agreements (Training Notes and Template)
Nondisclosure Agreements (Training Notes and Template)
 
WEBINAR - A New Era in HR Security for SAP
WEBINAR - A New Era in HR Security for SAPWEBINAR - A New Era in HR Security for SAP
WEBINAR - A New Era in HR Security for SAP
 
CERT - EXXONMOBIL - CYBER SECURITY AWARNESS
CERT - EXXONMOBIL - CYBER SECURITY AWARNESSCERT - EXXONMOBIL - CYBER SECURITY AWARNESS
CERT - EXXONMOBIL - CYBER SECURITY AWARNESS
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Organization Management, business presentations
Organization Management, business presentationsOrganization Management, business presentations
Organization Management, business presentations
 

Similar to Week 1 discussion 2 confidentiality final

Week 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityWeek 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityLucy Lacy
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeChapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeWilheminaRossi174
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf503SaranyaS
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Patrick Doyle
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Hippa final JU nursing informatics
Hippa final JU nursing informaticsHippa final JU nursing informatics
Hippa final JU nursing informaticskmcanty
 
Confidentiality 9.26.13
Confidentiality 9.26.13Confidentiality 9.26.13
Confidentiality 9.26.13pneville0629
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarcEtienne6
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
Workplace Investigations - Safeguarding Sensitive Information with Care.pdf
Workplace Investigations - Safeguarding Sensitive Information with Care.pdfWorkplace Investigations - Safeguarding Sensitive Information with Care.pdf
Workplace Investigations - Safeguarding Sensitive Information with Care.pdfLisa Bell
 
CHAPTER 7Standards on Privacyand Confidentiality4. Privacy a.docx
CHAPTER 7Standards on Privacyand Confidentiality4. Privacy a.docxCHAPTER 7Standards on Privacyand Confidentiality4. Privacy a.docx
CHAPTER 7Standards on Privacyand Confidentiality4. Privacy a.docxchristinemaritza
 
UCLA compliance training
UCLA compliance trainingUCLA compliance training
UCLA compliance trainingTCromwell01
 
Mha690 wk 1 fletcher
Mha690 wk 1 fletcherMha690 wk 1 fletcher
Mha690 wk 1 fletcherEmed32
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentialityTheresa Tapley
 

Similar to Week 1 discussion 2 confidentiality final (20)

Week 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityWeek 1 discussion 2 confidentiality
Week 1 discussion 2 confidentiality
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Hayden
 
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeChapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
 
Data security training
Data security trainingData security training
Data security training
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
Hippa final JU nursing informatics
Hippa final JU nursing informaticsHippa final JU nursing informatics
Hippa final JU nursing informatics
 
Confidentiality 9.26.13
Confidentiality 9.26.13Confidentiality 9.26.13
Confidentiality 9.26.13
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentation
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
 
Workplace Investigations - Safeguarding Sensitive Information with Care.pdf
Workplace Investigations - Safeguarding Sensitive Information with Care.pdfWorkplace Investigations - Safeguarding Sensitive Information with Care.pdf
Workplace Investigations - Safeguarding Sensitive Information with Care.pdf
 
CHAPTER 7Standards on Privacyand Confidentiality4. Privacy a.docx
CHAPTER 7Standards on Privacyand Confidentiality4. Privacy a.docxCHAPTER 7Standards on Privacyand Confidentiality4. Privacy a.docx
CHAPTER 7Standards on Privacyand Confidentiality4. Privacy a.docx
 
UCLA compliance training
UCLA compliance trainingUCLA compliance training
UCLA compliance training
 
Mha690 wk 1 fletcher
Mha690 wk 1 fletcherMha690 wk 1 fletcher
Mha690 wk 1 fletcher
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentiality
 

Week 1 discussion 2 confidentiality final

  • 1. PRIVACY & INFORMATION SECURITY AWARNESS Ashford University MHA 690: Health Care Capstone Dr. Sherry Grover May 23, 2013
  • 2. Course Objectives  Knowledge about the laws that governs the privacy and protection of identifiable health information  Recognize the types of information that must be kept private Recognize your responsibilities to protect privacy when dealing with sensitive information How to protect the privacy of identifiable health information Examples of incidents to report Knowledge of the process for reporting incidents and penalties of non-compliance
  • 3. Laws and Regulations  Privacy Act of 1974 – Governs the collection, use and distribution o a person’s identifiable information kept in a system of record  Health Insurance Portability & Accountability Act (HIPPA)- law th protects the privacy of ones person’s personal health information  Federal Information Security Management Act (FISMA) – law that requires a risk assessment program, policies and procedures, evaluation of security controls, and provide training of information security to all employees  Health Information Technology for Economic and Clinical Health Act (HITECH) – requires patients to be notified of security breach, funds the adoption of health information technology for organization and enforces HIPPA violation penalties
  • 4. What to Protect Sensitive information includes both our organizational business information and patients’ private information. Violations can be accidental or purposefully. Do not disclose, modify, or destroy any sensitive information unless you are authorized to do so. Sensitive information includes:  Protected Health Information (PHI) Personal Identifiable Information Internal Business Information
  • 5. Your Responsibilities to Protect It Information security will be maintained when you ensure the following: Integrity – information is secure and protected from being damaged or altered Confidentiality – information is kept private and not disclosed to those who do not have permission to view it Availability – access to information systems and networks are available to those who have been granted permission
  • 6. How to Protect It Follow the policies and procedures Only access and view information that is needed for you to do your job Use encrypted email  Do not place sensitive information in trash receptacles Do not discuss sensitive information in public places
  • 7. Information Security Officer (ISO) Privacy Officer Your Supervisor Who Can Provide Support?
  • 8. Examples of Incidents Observing someone access records that he/she should not Observing someone change or delete records without proper permission Finding a device with sensitive information Hearing a persons discussing sensitive information to an unauthorized person Accessing mail or email that you should not access
  • 9. Examples of Incidents Observing someone access records that he/she should not Observing someone change or delete records without proper permission Finding a device with sensitive information Hearing a persons discussing sensitive information to an unauthorized person Accessing mail or email that you should not access
  • 10. How to Report an Incident Immediately notify your supervisor and ISO of:  Person (s) involved  The time of the incident  What information was shared If the incident is after hours or weekends, you can call the Helpdesk @ 800-877-4327.
  • 11. Consequences Suspension of access to information systems Disciplinary actions in your personnel file Suspension or job loss Civil or criminal prosecution Fines and/or imprisonment
  • 12. Civil and Criminal Penalties Destroy records without being authorized - $2000 in fines & 3 years in prison Violation of the Privacy Act - $5000 & 1 year in prison per occurrence Intentional incident - $250,000 fines & 10 years in prison
  • 13. References All images were from http://www.dreamstime.com/free-photos- images/flowers.html Privacy and Information Security Awareness. Retrieved from: https://www.tms.va.gov Velez, J. (2003). Hippa privacy compliance implications and solutions. Caribbean Business.