Download presentation
Presentation is loading. Please wait.
Published byJoseph Griffin Modified over 8 years ago
2
TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES
3
#10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to another employee's data. 2014 DHS IT Security & Privacy Training 2
4
#9 Users of DHS information systems should have no expectation of personal privacy in the use of these resources. 2014 DHS IT Security & Privacy Training 3
5
#8 All DHS employees must follow the DHS Security and Privacy Policies. These may be found on DHS Share under 5000 & 4000 series. 2014 DHS IT Security & Privacy Training 4
6
#7 There are specific conditions under which HIPAA allows DHS to share PHI without an Authorization to Disclose; you must know which conditions are allowable and which are not. Please contact the DHS Security Office at 501-320-3911. 2014 DHS IT Security & Privacy Training 5
7
#6 Each user has the responsibility to monitor the physical security of the DHS work area. This work area includes your desk and the DHS facility. 2014 DHS IT Security & Privacy Training 6
8
#5 The failure to protect sensitive information can impact the privacy of DHS clients and may lead to disciplinary action as well as criminal and civil penalties against DHS and those individuals who improperly access or disclose Sensitive Information. 2014 DHS IT Security & Privacy Training 7
9
#4 Never give out your user name and password. DHS tech support staff will never ask anyone for this information. Anyone who asks for it is trying to get more than that from you and DHS. 2014 DHS IT Security & Privacy Training 8
10
#3 Under HIPAA, clients’ files containing PHI may only be shared with those who “need to know” the information. This is called the Minimum Necessary Rule. Under the Minimum Necessary Rule, DHS can only disclose the PHI that is necessary to satisfy a particular need or request. 2014 DHS IT Security & Privacy Training 9
11
#2 Don’t comply with a request for information unless you are sure the requestor is authorized to obtain or have that information. 2014 DHS IT Security & Privacy Training 10
12
#1 Report security incidents ASAP – within one business day of occurrence, at the most. DHS employees are required by policy 5006 to report security incidents. 2014 DHS IT Security & Privacy Training 11
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.