Understanding: The Key to Protecting Highly Sensitive Personally Identifiable Information Timothy J. Brueggemann, Ph.D.

Slides:



Advertisements
Similar presentations
INTRODUCTION TO HEALTH SCIENCE LAW AND ETHICS. MEDICAL LAW Medical law is the branch of law which concerns the rights and responsibilities of medical.
Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
IT Project Management AN INTRODUCTION TO ETHICS
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Significance Testing.  A statistical method that uses sample data to evaluate a hypothesis about a population  1. State a hypothesis  2. Use the hypothesis.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA TRAINING to satisfy the training requirement for School District # 435 Staff.
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
HIPAA and Beyond: Privacy and Confidentiality Legislative and Ethical Issues within Health Sciences Special Collections Judith A. Wiener, MA, MLIS, Assistant.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
IS3350 Security Issues in Legal Context
Planning for the Elimination of Social Security Numbers as Primary Identifiers Mike Corn, University of Illinois Jenny Mehmedovic, University of Kansas.
Copyright © 2010 by Nelson Education Ltd. Chapter 7 Marketing Research, Decision Support Systems, and Sales Forecasting with Duane Weaver.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Security Controls – What Works
Chapter Four. Writing the Proposal  What does the intended reader/audience need to understand better about the topic?  What does the audience know little.
HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
Privacy & Personal Information -- Why do we care or do we?
The Study of Security and Privacy in Mobile Applications Name: Liang Wei
G041: Lecture 16 Section B Revision Questions
CONFIDENTIALITY The promise of NOT to share personal information inappropriately. Grounded in an individual’s right of privacy.  “DO NO HARM” Slide 2.
Student Confidentiality: The FERPA/HIPAA Facts AISD Policy Student Records AISD Procedure AP. 11.
Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
The Challenges of Managing Microinsurance Schemes in Uganda Objective to analyze the challenges of managing micro- insurance schemes in Uganda. (i) Introduction.
Towards Sustainability: Challenges and Demands for Environmental Education in Hungary Márton HERCZEG&Noémi NAGYPÁL Ph.D. Student and Assistant Lecturer.
TWO FIELDS…ONE JOB: THE RELATIONSHIP BETWEEN ACCOUNTING AND IT By: Jodi L. Benson July 2005.
Do you believe in this? Due to its very nature, the Internet is NOT a safe or secure environment. It is an ever-changing medium where anyone and everyone.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
C H A P T E R 2 Stakeholder Relationships, Social Responsibility, and Corporate Governance.
J. Rick Mihalevich Dean of Information Technology Linn State Technical College June 18, 2009.
Ethics/Legal 6.02 Analyze contracts, privileged communications, and HIPPA.
Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.
CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.
FERPA AND HIPAA COMPLIANCE AS COMMUNITY PARTNERS Written and presented by Nicole M. Thompson School Board Attorney, School Board of the City of Richmond.
Unit 7 Seminar.  According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.
Incident Documentation Campus Security Officer Training.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition.
Medical Documentation
1 An Overview of Process and Procedures for Health IT Collaboration GSA Office of Citizen Services and Communications Intergovernmental Solutions Division.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
ADVISORY ROLE OF THE LABOUR INSPECTORATE Borut Brezovar, MSc, Chief Labour Inspector of the RS.
Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Chapter 6 Due Process and Other Protected Rights Section 2 Controversial Rights.
Health and Social Care Action Group A Human Rights Based Approach in action – Care about Rights.
Information Security and Privacy in HRIS
IS4680 Security Auditing for Compliance
Chapter 1: Information Security Fundamentals
HIPAA Implementation Strategies for Compliance Professionals
CONTRACTS PRIVILEGED COMMUNICATION PRIVACY ACT
Chapter 1: Information Security Fundamentals
Lesson 1: Introduction to HIPAA
CONTRACTS PRIVILEGED COMMUNICATION PRIVACY ACT
Move this to online module slides 11-56
Introduction to the PACS Security
Evaluation and assessment
Presentation transcript:

Understanding: The Key to Protecting Highly Sensitive Personally Identifiable Information Timothy J. Brueggemann, Ph.D.

Introduction  The reliance of organizations on the collection and storing of data  HSPII is defined as information which can be used to discern or to trace an individual’s identity either alone or when combined with other information which is held in the public domain  Access to information and data is easier than ever to obtain, use, and share

Introduction – cont.Introduction – cont.  Lost or stolen laptops  Challenges that face an organization today  Increase organizational efficiency  the protection of the HSPII  New perspectives in organizational security have grown from the increased amount of government legislation and increased public awareness.  Data security is an area that is one of the most studied, and often the area that is the most confused with a HSPII program.

Privacy  As a legal right privacy was defined by Samuel D. Warren and Louis D. Brandeis in 1890 as “the right to be let alone”  Not currently enacted into law  In the 1960s and 1970s congress became increasingly concerned about the amount of data being stored on databases

Legislation  The Privacy Act of 1974  Health Insurance Portability and Accountability Act (HIPAA)  Family Education Rights Act (FERPA)  Electronic Communications Privacy Act (ECPA), 18 U.S.C

Problem AreasProblem Areas  Increases in online technology  Attacks on privacy occur in many areas  Employment Records  The Internet  Government Databases  Corporate Databases

The StudyThe Study  Define the level of understanding the IT worker had on HSPII at their organization  Four areas reviewed  Knowledge of HSPII Program  Ascription to Technology  Ascription to Technology – Belief  Senior Management Involvement

The Study – cont.The Study – cont.  The population for this study was comprised of all IT workers employed by Fortune 500 companies within and outside of the United States.  A convenience sample was taken from one large Fortune 500 company.  Approximately 8,000 IT employees  A random sample of 10% of the IT staff was selected  A minimum response rate of 260, 32.5%, was necessary to represent the 800 employees selected to participate  Actual response rate was 332 or 41.5%

The Study – cont.The Study – cont.  Six hypotheses were formed for this study.  H 1 : The time in the Information Technology field has a relationship to the Information Technology workers’ understanding of Personally Identifiable Information Programs.  H 2 : The education level of Information Technology employees has a relationship to their understanding of Personally Identifiable Information Programs.  H 3 : The length of time with the company of Information Technology employees has a relationship to their understanding of Personally Identifiable Information Programs.  H 4 : There is a difference in the understanding of Personally Identifiable Information Programs between those who have employees that report to them and those who do not have employees report to them.  H 5 : The role of Information Technology employees has a relationship to their understanding of Personally Identifiable Information Programs.  H 6 : The age of Information Technology employees has a relationship to their understanding of Personally Identifiable Information Programs.

Hypothesis 1: Time Working in Information TechnologyHypothesis 1: Time Working in Information Technology

Hypothesis 2: Formal Education of IT and HSPII Understanding

Hypothesis 3: Length of Time with the Company and HSPII Understanding

Hypothesis 4: Employees Who Have Direct Reports and HSPII Understanding

Hypothesis 6: Age of Employee and HSPII UnderstandingHypothesis 6: Age of Employee and HSPII Understanding

Hypothesis 6: Role of Employee and HSPII Understanding

Summary  1. Explored the understanding level of HSPII programs by the IT professional  2. Additional insights gained from this study  3. The age group of the IT professional

Concluding RemarksConcluding Remarks  The possibility of data loss continuously threatens the security and the availability of IT systems and IT resources. The HSPII program must be a reiterative process and must be ongoing for it to be of value. IT systems and applications need to continually be examined and evaluated to determine any new risks that may arise around HSPII data security. One of the, if not the primary, risk to any HSPII program is a lack of understanding of the individuals most involved in protecting the data; the IT professional.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.