USF IT Security HIPAA Practice. Ensuring IT Security: Policies, Training &Technology. All USF workforce members utilizing/ coming in contact with HIPAA Protected Health Information (PHI) must complete this training program and pass the security quiz at the end of Part 4.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
USF IT Security
Ensuring IT Security:
Policies, Training &Technology
The purpose of this training is to provide USF
faculty & staff information on:
USF data security requirements & procedures
The Privacy Rule of the Health Insurance
Portability and Accountability Act (HIPAA)
The HITECH provisions of the ARRA Act
General Network Information and Security Procedures
USF employees work
on computers that are
linked through a network
that connects all
computers at the university
With an ID and password, you are able to:
Access shared files & information stored in databases
Use hardware such as printers and scanners
Use software such as web browsers & virus protection programs.
Secure Log-in ID
The USF Information Technologies (IT) Office will help you establish a log-in ID that will be a unique identifier linking you to all of your computer transactions.
Like a fingerprint, your ID can be traced for all authorized and unauthorized activities conducted on the USF network.
To maximize security, passwords must be at least eight characters long and contain 3 of the following 4 types of characters: upper case letters, lower case letters, numbers; or special characters such as ! # &.
Please don’t select this as your
own password – make up one yourself!
All USF users sign a statement agreeing to use the USF computers and network only to conduct activities related to the mission and business purposes of the University.
All USF computer accounts are automatically closed when employment ends. Some transitional services (such as auto-forwarding of e-mail messages) may be offered as allowed by USF policy.
Most computer viruses enter a computer from program or file “downloads” (for example, e-mail attachments) or from transfers from external disks (floppies, USB drives).
Although all USF PCs have a virus protection program installed, we all must be VERY CAREFUL about what we download to our computers.
Some viruses and intrusions are more damaging than others, but all of them represent a hole in the security of the network.
All communications using the USF e-mail system should be courteous and professional and should comply with USF anti-harassment policies, i.e., unwelcome, offensive or otherwise inappropriate messages are prohibited.
The USF e-mail system may not be used for:
to the Network
If you purchase new computer equipment and want it connected to the USF network, it must comply with USF standards and be approved prior to purchase by the IT department.
Part 2 of this training program
provides an overview of USF
policies and procedures.
Faculty and staff at USF often use sensitive and confidential data to conduct research and evaluation studies.
Data security is not only an obligation of individual researchers, but also of the University, it’s Colleges and Institutes as academic entities.
Because USF stores confidential information, our data systems must be protected against:
Our security infrastructure includes:
The USF security infrastructure includes the:
Part 3HIPAA:Basic Information for All Employees
HIPAA establishes a civil right to the protection of personal health information through the U.S. Department of Health and Human Services.
Health Information is any information created or received that relates to the past, present, or future physical or mental health of an individual.
Information (PHI) is any information that contains data that may be used to directly or indirectly identify an individual.
Elements that can make Health Information identifiable:
Address/geographic infoName of employer
NameNames of relatives
Telephone #Fax number
Email address Birthdate; other dates
Finger or voice printsPhoto image/x-rays
Social Security #Internet IP address
Vehicle I.D./device serial #Web URL
Health plan #Medical record #
Certificate/license #Account #
Yes, we house private information for individuals receiving services through Medicaid, Medicare, as well as mental health and substance abuse services. These data sets
contain names, Social Security numbers, addresses, patient ID numbers, and other identifiers and are protected health information.
PHI is protected in any form:
Yes. PHI may be used for research with the express authorization of the individual or through other measures designed to protect the privacy of the individual.
USF must provide as good, or better, security for sensitive data than the agencies and providers from whom we obtain the data.
“Did not know”
Information security is the key to protecting PHI data. USF has developed
USF has implemented several technological enhancements to address security concerns.
We have installed a Firewall to protect our network. A firewall is computer hardware and/or software that limit access to a computer network from an outside source. Firewalls are used to prevent computer hackers from getting into computer systems.
USF Technology Security
An authorized user is a person who has:
The custodian of the data set is an authorized user who has primary responsibility for:
All research data at USF, including data from active projects and archived data from inactive projects, are potentially subject to the regulation.
Three categories of data are subject to regulation:
If the source of the sensitive data asks you to provide or share sensitive data with specific individuals, specific procedures must be used (continued on next slide).
If you have data that are no longer needed:
Custodians for sensitive data sets should inform the HIPAA Security Director when:
Please proceed to the security quiz.
Click on the following link, print and complete the quiz, and send it to the USF IT HIPAA Security Office, SVC 4010.