Information Security and Privacy in HRIS

Slides:

Advertisements

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

Advertisements

Hipaa privacy and Security

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

NAU HIPAA Awareness Training

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Privacy, Security, Confidentiality, and Legal Issues

Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

Crime and Security in the Networked Economy Part 4.

Security, Privacy, and Ethics Online Computer Crimes.

Security Controls – What Works

Project Mgmt and HR Mgmt Advice and HRMS Implementation

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Factors to be taken into account when designing ICT Security Policies

Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Session 3 – Information Security Policies

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

HIPAA PRIVACY AND SECURITY AWARENESS.

Information Systems Security Computer System Life Cycle Security.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.

Privacy, Confidentiality, Security, and Integrity of Electronic Data

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Information Systems Security Operational Control for Information Security.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Eliza de Guzman HTM 520 Health Information Exchange.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Chap1: Is there a Security Problem in Computing?.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

CONTROLLING INFORMATION SYSTEMS

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 8 Auditing in an E-commerce Environment

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

Welcome to the ICT Department Unit 3_5 Security Policies.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.

Explaining strategies to ensure compliance with workplace legislation

Add video notes to lecture

Security Of Information Systems

Privacy principles Individual written policies

Errors, Fraud, Risk Management, and Internal Controls

Understanding HIPAA Dr. Jennifer Lu.

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Move this to online module slides 11-56

County HIPAA Review All Rights Reserved 2002.

CompTIA Security+ Study Guide (SY0-401)

Information management and communication

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Lesson 1: Introduction to HIPAA

How it affects policies and procedures

Introduction to the PACS Security

Presentation transcript:

Information Security and Privacy in HRIS CHAPTER 16 Information Security and Privacy in HRIS

INTRODUCTION A Great Deal Of Confidential Information Employees are Captured and Stored by Organizations Employee Personal Details Pay And Benefits History Medical Records Disciplinary Records Data Are Stored Electronically And Transmitted Across Networks. Increasing Integration Of HRIS Has Made Information Security Management A Complex And Challenging Undertaking

Information Security in HRIS Protecting Information In The HRIS From Unauthorized Access, Use, Disclosure, Disruption, Modification, and estruction Objectives of Information Security Protect Confidentiality, Integrity And Availability Of Information.

COMPONENTS OF INFORMATION SECURITY Three Main Principles Of Information Security Confidentiality Integrity Availability The HRIS Is Composed Of Three Components Hardware Software Communications

COMPONENTS OF INFORMATION SECURITY SOURCE: Wikipedia (2007)

LEGAL REQUIREMENTS FOR INFORMATION TECHNOLOGY Personal Information Protection And Electronics Document Act (Canada) Supports And Promotes Electronic Business By Protecting Personal Information That Is Collected, Used Or Disclosed Security Breach Notification Law (California, USA) Requires Organizations To Notify Customers Or Employees When Unencrypted Personal Information May Be Compromised, Stolen Or Lost. Computer Misuse Act 1990 (UK) Proposed To Make Computer Crime (e.g. Hacking Or Cyber-terrorism) A Type Of Criminal Offense.

LEGAL REQUIREMENTS FOR INFORMATION TECHNOLOGY (Cont.) The European Union Data Protection Directive (EUDPD) Requires That All EU Members Must Adopt National Regulations To Standardize The Protection Of Data Privacy For Citizens Throughout The European Union. Health Insurance Portability And Accountability Act (USA) Sets National Standards for Electronic Healthcare Transactions and Requires Healthcare Providers, Insurance Companies And Employers To Safeguard The Security Of Health Information Of Individuals.

THREATS TO INFORMATION SECURITY Human Errors In Data Entry & Handling Damage By Employee Disgruntled & Ill-informed Employees: Critical Role Of HR Misuse Of Computer Systems: Unauthorized Access To Or Use Of Information Computer-based Fraud Viruses, Worms & Trojans: Cyber Terrorism Hackers Natural Disasters

BEST PRACTICES IN HR INFORMATION SECURITY Adopt A Comprehensive Privacy Policy Store Sensitive Personal Data In Secure Computer Systems And Provide Encryption Dispose Of Documents Properly Or Restore Computer Drives And CD-ROMs Build Document Destruction Capabilities Into The Office Infrastructure Conduct Regular Security Practice Training (Canavan, 2003; David, 2002; Tansley & Watson, 2000)

ADDITIONAL BEST PRACTICES IN HR INFORMATION SECURITY The Careful Selection Of Staff with Regard to their Honesty and Integrity Raise Information Security Awareness and Ensure Employees Understand Corporate Security Policies Institute Measures To Address The Personal Problems Of Staff, Such As Gambling And Drug Addictions, Which Might Lead Them Indulge In Abuse For Financial Gains Provide Access To Effective Grievance Procedures Since The Motivation For Much Computer Abuse Is Retaliation Against Management Kovach, Hughes, Fagan, and Maggitti (2002) Grundy, Collier, and Spaul (1994)

INFORMATION PRIVACY Privacy Is A Human Value Consisting Of Four Elements (Kovach & Tansey, 2000): Solitude: The Right To Be Alone Without Disturbances Anonymity: The Rights To Have No Public Personal Identity Intimacy: The Right Not To Be Monitored Reserve: The Right To Control One’s Personal Information Including The Methods Of Dissemination Of That Information.

CONTROLLING ACCESS TO HR DATA Administrative Controls Logical (Technical) Controls Physical Controls Security classification for Information Access control

INFORMATION PRIVACY AND HRIS Concerns Types Of Employee Information that Can be Collected And Stored In The System Who Can Access And Update The Information Considerations Collect and store information Based On Sound And Valid Business Reasons Collect only information which is Necessary, Lawful, Current, And Accurate

HRIS SECURITY BEST PRACTICES Train Users On How To Securely Use And Handle The Equipment, Data, And Software. Train Employees To “Log Off” Personal Computers After They Are Through Using Them. Do Not Allow Passwords To Be Shared. Change Passwords Frequently. Run Software Through A Virus-detection Program Before Using It On The System. Ensure That Backup Copies, Data Files, Software, And Printouts Are Used Only By Authorized Users. (Noe et al., 1994; Pfleeger, 2006)

HRIS SECURITY BEST PRACTICES Make Backup Copies Of Data Files And Programs. Ensure That All Software And Mainframe Applications Include An Audit Trail (A Record Of The Changes And Transactions That Occur In A System, Including When And Who Performed The Changes). Use Edit Controls (Such As Passwords) To Limit Employees' Access To Data Files And Data Fields. Employees Take Responsibility For Updating Their Employee Records Themselves Via The Self-service System. (Noe et al., 1994; Pfleeger, 2006)