1

Enterprise Security

Your Information Security and Privacy Responsibilities

© 2008Providence Health & Services

This information may be replicated for training purposes only.

2

Enterprise Security

Why this training is important for you

Whatever your role is at Providence & Health Services, you will hear, see and work with information which needs to be kept secure. This is our promise to our patients and our ethical and legal responsibility.

The following privacy and information security responsibilities are very important because the

actions you take impact our ability to keep our information and computer network secure.

3

Enterprise Security

Providence has more than 50,000 employees serving the needs of our communities. Our work is driven by our ministry of service and guided by our mission and values.

It is in this spirit that we ask you to focus these next few minutes on learning about privacy and information security and what you can do to protect our information and assets.

4

Enterprise Security

Providence Mission

As people of Providence, we reveal God’s love for all, especially the poor and vulnerable, through our

compassionate service.

5

Enterprise Security

Course GoalsAfter completing this training you will know what is expected of you when:

•Using our computer network•Working with confidential information

– E-mail–Password Safety

•Taking work outside the workplace•Reporting security or privacy concerns

6

Enterprise Security

Computer Usage

People must rely on their computers all day, every day, to do their jobs and our computer system must be secure.

Do not change the settings on your computer, add or remove software or connect any personally owned devices without authorization.

7

Enterprise Security

Confidential information is any information not available to the public

This includes• Patient or employee-related information, whether in hard

copy or electronic format• Financial or personally identifying information such as

credit card, social security or driver’s license numbers• Business plans• Confidential knowledge gained through your work

8

Enterprise Security

While performing your job, you are not authorized to access any business or medical records other than those you specifically need to do your job. This is called limited information access. Accessing files of relatives, co-workers, friends or even yourself is not allowed.

Limited Access

9

Enterprise Security

Protect Confidential Information

Do not store electronic files on your computer’s hard drive or desktop, it will not be backed up

Dispose of papers in shredding containers

Verify identities before giving information over the phone

Have permission before leaving confidential or private messages on voice mail boxes

10

Enterprise Security

Protect Confidential Information

Keep papers out of public view

Clean off white boards

Take care you are not being overheard

Promptly remove papers from copiers, printers, fax machines and meeting rooms

11

Enterprise Security

Reply All?

Who needs to know?

Always use secure messaging when sending Protected Health Information (PHI) or other confidential data.

Think about who needs to know before selecting “Reply All” or “Forward”

Using E-mail

*Ask your manager about how to use secure messaging

12

Enterprise Security

Remember, e-mail is the most common means for spreading a virus.

Do not open e-mails and attachments that appear suspicious. Do not click on unfamiliar links. If it looks suspicious, delete it!

Virus Control

13

Enterprise Security

Did you know that every time you use a Providence computer it is recorded? All of your computer activity is traced back to you through your User ID.

• Going to a website

• Looking up files

• Sending e-mails

• Printing papers

• Using clinical applications

• Accessing medical records

Protecting Yourself

Computers are for business use.

14

Enterprise Security

Remember, if you share your password all activity will be traced back to YOU!

Password safety

15

Enterprise Security

Do you have a strong Password?

• Never share your password or leave it written down for others to find

• Create your own password that is at least six characters long Example: taxi + 2018 = Tax2018i

• Use a mix of letters and numbers and no personal information

• Periodically change your password

Password Safety

16

Enterprise Security

Protecting Information

When working in clinical areas with multi-user stations:

1. Make entries in a timely fashion

2. Save your work

3. Log out

Single users:

When you leave your work station lock your computer every time

To lock you computer press

Ctrl + Alt + Delete, then Enter

17

Enterprise Security

Encryption

Warning:

For encryption to work do not leave your laptop on hibernate or standby. The machine must be shut off.

Because they are portable, all mobile devices such a laptops, PDAs, flash drives and CDs increase our risk of data being lost or stolen. To protect Providence and our patients, each of these mobile devices must be encrypted and Providence approved.

18

Enterprise Security

Outside the Workplace

The following practices are very important to protect our information and our computer network.

•Keep mobile devices with you or in a secure, locked location

•Do not leave papers or any mobile devices in your car

•Never store Providence documents on your home computer

•Make sure papers in your laptop bag or briefcase are properly secured

19

Enterprise Security

Help Providence Health & Services –

Be Alert for • Papers lying around which have confidential information

on them• Strangers making unnecessary inquiries or trying to gain

access into Providence buildings• Inconsistencies or changes in records which should not

have happened• Equipment being misplaced or stolen

20

Enterprise Security

Reporting your Concerns

Should you have any concerns about privacy or information security report them to your manager immediately or call the toll free Providence Integrity Line

888 – 294 – 8455

Your call is confidential and anonymous

21

Enterprise Security

Thank you for your contributions to Providence and the people we serve.