Information Security Awareness and Training: Difference between revisions

m
no edit summary
No edit summary
mNo edit summary
Line 35: Line 35:
==Policy==
==Policy==
UNMC will ensure that its workforce is trained in and understands the organization’s security policies and procedures with respect to protected information in accordance with all applicable laws and mandated standards including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act and the regulations promulgated thereunder governing the privacy and security of individually identifiable health information (collectively, “HIPAA”), the Family Educational Rights and Privacy Act (“FERPA”), and the Payment Card Industry Data Security Standard (“PCI DSS”). UNMC will strive to achieve a level of security awareness both to prevent improper access to or use or disclosure of protected information and to ensure detection and reporting of any improper access, use or disclosure that may occur.  
UNMC will ensure that its workforce is trained in and understands the organization’s security policies and procedures with respect to protected information in accordance with all applicable laws and mandated standards including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act and the regulations promulgated thereunder governing the privacy and security of individually identifiable health information (collectively, “HIPAA”), the Family Educational Rights and Privacy Act (“FERPA”), and the Payment Card Industry Data Security Standard (“PCI DSS”). UNMC will strive to achieve a level of security awareness both to prevent improper access to or use or disclosure of protected information and to ensure detection and reporting of any improper access, use or disclosure that may occur.  
==Definitions==
'''Affiliated Covered Entity (ACE)''' means legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current Nebraska Medical ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members.
'''Protected Health Information (PHI)''' is individually identifiable health information. Individually identifiable health information is a subset of health information including demographic information, collected from an individual, whether oral or recorded in any medium that:
*is created or received by ACE and
*relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual.
'''Workforce''' refers to faculty, full and part-time employees (management and staff), volunteers, trainees, students, and any other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.
==Required Training==
==Required Training==
Workforce will be required to take security training, usually in the form of on-line video training and/or onsite workshops. Each member of the workforce will be required to take security training within thirty (30) days of commencing his/her position at UNMC and on an annual basis thereafter. Completion of required training will be tracked by Compliance and the Information Security Officer.
Workforce will be required to take security training, usually in the form of on-line video training and/or onsite workshops. Each member of the workforce will be required to take security training within thirty (30) days of commencing his/her position at UNMC and on an annual basis thereafter. Completion of required training will be tracked by Compliance and the Information Security Officer.
Line 61: Line 53:
UNMC will retain a copy of this policy and any revisions thereto, all training materials, and all training records in accordance with UNMC Policy 6056, [https://wiki.unmc.edu/index.php/Retention_and_Destruction/Disposal_of_Private_and_Confidential_Information Retention and Destruction/Disposal of Private and Confidential Information].
UNMC will retain a copy of this policy and any revisions thereto, all training materials, and all training records in accordance with UNMC Policy 6056, [https://wiki.unmc.edu/index.php/Retention_and_Destruction/Disposal_of_Private_and_Confidential_Information Retention and Destruction/Disposal of Private and Confidential Information].


==Definitions==
'''Affiliated Covered Entity (ACE)''' means legally separate covered entities that designate themselves as a single covered entity for the purpose of HIPAA Compliance. Current Nebraska Medical ACE members are: The Nebraska Medical Center, UNMC Physicians, UNMC, University Dental Associates, Bellevue Medical Center, and Nebraska Pediatric Practice, Inc. ACE membership may change from time to time. The Notice of Privacy Practices lists current ACE members.
'''Protected Health Information (PHI)''' is individually identifiable health information. Individually identifiable health information is a subset of health information including demographic information, collected from an individual, whether oral or recorded in any medium that:
*is created or received by ACE and
*relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual.
'''Workforce''' refers to faculty, full and part-time employees (management and staff), volunteers, trainees, students, and any other persons whose conduct, in the performance of work for UNMC, is under the direct control of UNMC, whether or not they are paid by UNMC.
==Additional Information==
==Additional Information==
*Contact [mailto:infosecurity@unmc.edu infosecurity@unmc.edu] or 402.559.2545.
*Contact [mailto:infosecurity@unmc.edu infosecurity@unmc.edu] or 402.559.2545.