New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

HIPAA Health Insurance Portability and Accountability Act of 1996
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Health Insurance Portability & Accountability Act.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Academic Administrators Series Privacy and Security at UF SUSAN BLAIR, CHIEF PRIVACY OFFICER CHERYL LYN GRANTO, INFORMATION SECURITY MANAGER.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA Health Insurance Portability & Accountability Act of 1996.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Protecting Sensitive Information PA Turnpike Commission.
Securing Information in the Higher Education Office.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
ESCCO Data Security Training David Dixon September 2014.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
STANDARD 5.3 Objective 3 Students will explain and understand the need for confidentiality.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
End User Cyber Security Awareness Training. Who should complete this training This training is required for all individuals that owns a computer, mobile.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
SPH Information Security Update September 10, 2010.
Information Security Office Protecting Privacy in the New Millennium © Copyright Melissa Guenther, LLC. All rights reserved. Kelley Bogart – Information.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.
TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
HIPAA Privacy What Every Staff Member Needs to Know.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Information Security Awareness Training
East Carolina University
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Red Flags Rule An Introduction County College of Morris
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
CompTIA Security+ Study Guide (SY0-401)
Lesson 1: Introduction to HIPAA
HIPAA & PHI TRAINING & AWARENESS
Presented by Elizabeth Kunkel Member Service Trainer
School of Medicine Orientation Information Security Training
Presentation transcript:

New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security

Privacy: Not Alphabet Soup …

Security: Not a Prison or a Fortress

Restricted Data Restricted Data: – Information, which if disclosed to unauthorized users, may have very significant adverse operational or strategic impact on an individual, a group or institution. This classification includes, but is not limited to, data restricted by law and legal contracts. Examples: – Personally Identifiable Information – SSNs, FDLs, financial data – Medical Records – Student Records

Information Highway “Danger Zones” Family Educational Rights and Privacy Act (FERPA): Student Records – Authorizes Secretary of Education to end all federal funding if a university fails to comply with federal statute Health Insurance Portability & Accountability Act (HIPAA): Protected Health Information – Civil penalties and DOJ criminal prosecutions, which may result in penalties and up to ten years of jail time Payment Credit Industry Data Security Standard (PCIDSS): Credit Card Information – Noncompliant entities may be fined $500,000 per incident if cardholder information is compromised, and processing privileges may be revoked

Hazard Number One Failing to complete specific Privacy and Security general awareness trainings. – “Privacy and Student Records in the Sunshine State” – HIPAA General Awareness or HIPAA for Researchers – Security: Restricted Data Training – Security: Cyber Self-Defense

Hazard Number Two Being a Faculty member does not entitle you to any and all student information. Share student records with individuals who have official need-to-know Grades, UFIDs, Student photos Letters of Recommendations

Hazard Number Three Beware of including restricted data in unsecure s systems. Do not use personal accounts (hotmail, gmail, yahoo, etc.)to receive or transmit restricted data. Adhere to UF’s Social Media Guidelines; do not disclose restricted information or talk about work related issues in blogs or on Facebook pages.

Hazard Number Four Any portable device (i.e., laptop, ipad, pda, cell phone, flash drive) that is used for collecting, storing, or communicating restricted data must be encrypted- no exceptions. Use of Social Security requires Privacy Office written permission.

Hazard Number Five Identity Theft Red Flag Rules for credit cards and financial data Payment Credit Industry Data Security Standards Phishing scams ALWAYS be suspicious UF will NEVER ask you for your password Never share your password with ANYONE Verify the information in the by calling the UF Computing Help Desk, 392-HELP For more tips, visit

Potholes and Patches Training Opportunities: – “Privacy and Student Records in the Sunshine State” – Social Security Number Training – Red Flag Rules – HIPAA General Awareness or HIPAA for Researchers – Security: Restricted Data Training – Security: Cyber Self-Defense

Potholes and Patches No antivirus software or software isn’t current McAfee VirusScan is free for work and home Computer updates are not current Secunia Personal Software Inspector (PSI) –

Potholes and Patches Portable devices and media Encryption – McAfee Endpoint Protection Loss and theft protection – FrontDoorSoftware

When in Doubt … Privacy: Susan Blair Information Security Kathy Bergsma

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.