1
Enterprise Security
Your Information Security and Privacy Responsibilities
© 2008Providence Health & Services
This information may be replicated for training purposes only.
2
Enterprise Security
Why this training is important for you
Whatever your role is at Providence & Health Services, you will hear, see and work with information which needs to be kept secure. This is our promise to our patients and our ethical and legal responsibility.
The following privacy and information security responsibilities are very important because the
actions you take impact our ability to keep our information and computer network secure.
3
Enterprise Security
Providence has more than 50,000 employees serving the needs of our communities. Our work is driven by our ministry of service and guided by our mission and values.
It is in this spirit that we ask you to focus these next few minutes on learning about privacy and information security and what you can do to protect our information and assets.
4
Enterprise Security
Providence Mission
As people of Providence, we reveal God’s love for all, especially the poor and vulnerable, through our
compassionate service.
5
Enterprise Security
Course GoalsAfter completing this training you will know what is expected of you when:
•Using our computer network•Working with confidential information
– E-mail–Password Safety
•Taking work outside the workplace•Reporting security or privacy concerns
6
Enterprise Security
Computer Usage
People must rely on their computers all day, every day, to do their jobs and our computer system must be secure.
Do not change the settings on your computer, add or remove software or connect any personally owned devices without authorization.
7
Enterprise Security
Confidential information is any information not available to the public
This includes• Patient or employee-related information, whether in hard
copy or electronic format• Financial or personally identifying information such as
credit card, social security or driver’s license numbers• Business plans• Confidential knowledge gained through your work
8
Enterprise Security
While performing your job, you are not authorized to access any business or medical records other than those you specifically need to do your job. This is called limited information access. Accessing files of relatives, co-workers, friends or even yourself is not allowed.
Limited Access
9
Enterprise Security
Protect Confidential Information
Do not store electronic files on your computer’s hard drive or desktop, it will not be backed up
Dispose of papers in shredding containers
Verify identities before giving information over the phone
Have permission before leaving confidential or private messages on voice mail boxes
10
Enterprise Security
Protect Confidential Information
Keep papers out of public view
Clean off white boards
Take care you are not being overheard
Promptly remove papers from copiers, printers, fax machines and meeting rooms
11
Enterprise Security
Reply All?
Who needs to know?
Always use secure messaging when sending Protected Health Information (PHI) or other confidential data.
Think about who needs to know before selecting “Reply All” or “Forward”
Using E-mail
*Ask your manager about how to use secure messaging
12
Enterprise Security
Remember, e-mail is the most common means for spreading a virus.
Do not open e-mails and attachments that appear suspicious. Do not click on unfamiliar links. If it looks suspicious, delete it!
Virus Control
13
Enterprise Security
Did you know that every time you use a Providence computer it is recorded? All of your computer activity is traced back to you through your User ID.
• Going to a website
• Looking up files
• Sending e-mails
• Printing papers
• Using clinical applications
• Accessing medical records
Protecting Yourself
Computers are for business use.
14
Enterprise Security
Remember, if you share your password all activity will be traced back to YOU!
Password safety
15
Enterprise Security
Do you have a strong Password?
• Never share your password or leave it written down for others to find
• Create your own password that is at least six characters long Example: taxi + 2018 = Tax2018i
• Use a mix of letters and numbers and no personal information
• Periodically change your password
Password Safety
16
Enterprise Security
Protecting Information
When working in clinical areas with multi-user stations:
1. Make entries in a timely fashion
2. Save your work
3. Log out
Single users:
When you leave your work station lock your computer every time
To lock you computer press
Ctrl + Alt + Delete, then Enter
17
Enterprise Security
Encryption
Warning:
For encryption to work do not leave your laptop on hibernate or standby. The machine must be shut off.
Because they are portable, all mobile devices such a laptops, PDAs, flash drives and CDs increase our risk of data being lost or stolen. To protect Providence and our patients, each of these mobile devices must be encrypted and Providence approved.
18
Enterprise Security
Outside the Workplace
The following practices are very important to protect our information and our computer network.
•Keep mobile devices with you or in a secure, locked location
•Do not leave papers or any mobile devices in your car
•Never store Providence documents on your home computer
•Make sure papers in your laptop bag or briefcase are properly secured
19
Enterprise Security
Help Providence Health & Services –
Be Alert for • Papers lying around which have confidential information
on them• Strangers making unnecessary inquiries or trying to gain
access into Providence buildings• Inconsistencies or changes in records which should not
have happened• Equipment being misplaced or stolen
20
Enterprise Security
Reporting your Concerns
Should you have any concerns about privacy or information security report them to your manager immediately or call the toll free Providence Integrity Line
888 – 294 – 8455
Your call is confidential and anonymous
21
Enterprise Security
Thank you for your contributions to Providence and the people we serve.