UCSF Security Campaign Goals

Esther Silver's picture

UCSF has created an ongoing annual security awareness campaign with monthly changing topics.  In order to sustain this program, various motivators have been introduced in order to keep public interest and ensure continuous training of multiple topics.  Such motivators include the giveaway of small prizes in exchange for viewing training videos and taking short quizzes.  We are also maintaining monthly grand prize drawings in order to garner greater word of mouth marketing of this program.

The monthly topics include:

Securing Data
Smartphone Security
Internet Safety
Social Media Safety
Travel Safety
Theft & Loss
Secure Disposal
Software Updates


To participate in our monthly giveaways and win free prizes, please visit

Under HIPAA, covered entities are required to administer ongoing security awareness training as a part of their administrative safeguards. As with privacy training under the Privacy Rule, this is required for all members of the covered entity's workforce, "as reasonable and appropriate for them to carry out their functions in the facility." The HIPAA Security Rule defines security awareness and training as including four component implementation specifications, all of them addressable:

1. Security reminders
2. Protection from malicious software
3. Log-in monitoring
4. Password management

The Primary Messages

  • UCSF leadership is committed to ensuring the security of protected health information (PHI) and other sensitive data.
  • Physically secure your work area and information when unattended:
    Lock up files and folders, log off your computer when away, lock the doors and windows when leaving for the day, etc.
  • Properly use portable devices:
    Store information on a department’s server or other secure back-up media. Sensitive data should not be stored on portable devices
  • Back up your data:
    Backup data to a department’s server, DVD, external hard drive, etc., and protect the back ups.
  • Use cryptic/strong passwords:
    Create strong passwords that are hard to guess but easy for you to remember.
  • Install anti-virus and security updates:
    Ensure that every device is protected with anti-virus software.
  • Practice safe emailing:
    Use UCSF secure email services whenever communicating restricted information outside of the UCSF network.