UCSF Security Campaign Goals
March 8, 2012
See the UCSF announcement about the launch of the data security campaign.
UCSF has created an ongoing annual security awareness campaign with monthly changing topics. In order to sustain this program, various motivators have been introduced in order to keep public interest and ensure continuous training of multiple topics. Such motivators include the giveaway of small prizes in exchange for viewing training videos and taking short quizzes. We are also maintaining monthly grand prize drawings in order to garner greater word of mouth marketing of this program.
The monthly topics include:
To participate in our monthly giveaways and win free prizes, please visit http://awareness.ucsf.edu
Under HIPAA, covered entities are required to administer ongoing security awareness training as a part of their administrative safeguards. As with privacy training under the Privacy Rule, this is required for all members of the covered entity's workforce, "as reasonable and appropriate for them to carry out their functions in the facility." The HIPAA Security Rule defines security awareness and training as including four component implementation specifications, all of them addressable:
1. Security reminders
2. Protection from malicious software
3. Log-in monitoring
4. Password management
The Primary Messages
- UCSF leadership is committed to ensuring the security of protected health information (PHI) and other sensitive data.
- Physically secure your work area and information when unattended:
Lock up files and folders, log off your computer when away, lock the doors and windows when leaving for the day, etc.
- Properly use portable devices:
Store information on a department’s server or other secure back-up media. Sensitive data should not be stored on portable devices
- Back up your data:
Backup data to a department’s server, DVD, external hard drive, etc., and protect the back ups.
- Use cryptic/strong passwords:
Create strong passwords that are hard to guess but easy for you to remember.
- Install anti-virus and security updates:
Ensure that every device is protected with anti-virus software.
- Practice safe emailing:
Use UCSF secure email services whenever communicating restricted information outside of the UCSF network.
Communication and Training Overview
Address All of the Following Topics
- Information Security Laws and Policies:
Cover laws and policies UCSF must comply with and implications of these laws and explain what the laws really say or protect, the purpose of these laws, and the responsibilities of UCSF’s faculty, staff, student and trainees.
- Information Security Threats:
Define terms such as virus, worm, malware and other threats and explain the implications of these threats and tips for preventing security breaches.
- Information Security Tools:
Describe available security tools to prevent security incidents at UCSF, how to download them, how these tools are used, and what is expected of faculty, staff, students and trainees for using them.
- Information Security Incident Response Procedures:
Define security incidents describe three to four case studies and computer attack scenarios with appropriate responses, review processes and protocols for responding to or reporting an incident and how to report lost or stolen devices.
- Information Security: Six Simple Steps:
Explain the six security practices faculty, staff, students and trainees can do to reduce the risk of an information security incident.