online course information security and privacy training module start click to begin…
TRANSCRIPT
Online CourseOnline CourseOnline CourseOnline Course
Information Security and Privacy Training Module
STARTClick to begin…
2 of 45 Prev
ObjectivesObjectives• Upon completion of this online course, you Upon completion of this online course, you
should understand:should understand:– The purpose of information security and privacyThe purpose of information security and privacy– That information security and privacy are your That information security and privacy are your
responsibilitiesresponsibilities– How to identify and protect UNC Health Care How to identify and protect UNC Health Care
Protected InformationProtected Information– That you will be held accountable for violations of That you will be held accountable for violations of
UNC Health Care Privacy and Security policiesUNC Health Care Privacy and Security policies
Prev Next
3 of 45 Prev
Privacy/Information SecurityPrivacy/Information Security
• Privacy and Information Security go Privacy and Information Security go hand-in-hand.hand-in-hand.
• Security safeguards are used to protect Security safeguards are used to protect the privacy of patient and confidential the privacy of patient and confidential information.information.
Prev Next
4 of 45 Prev
Privacy/Information Security Privacy/Information Security ComplianceCompliance
• HIPAA – Health Insurance Portability HIPAA – Health Insurance Portability and Accountability Act of 1996 (Federal)and Accountability Act of 1996 (Federal)– HIPAA Privacy RegulationsHIPAA Privacy Regulations
• Requires the healthcare industry to protect the Requires the healthcare industry to protect the privacy and confidentiality of Protected Health privacy and confidentiality of Protected Health Information (PHI)Information (PHI)
– HIPAA Security StandardsHIPAA Security Standards• Requires the healthcare industry to protect the Requires the healthcare industry to protect the
confidentiality, integrity and availability of confidentiality, integrity and availability of electronic protected health information (e-PHI)electronic protected health information (e-PHI)
Next
5 of 45 Prev
Privacy/Information Security Privacy/Information Security ComplianceCompliance
• Identity Theft Protection Act (ITPA)Identity Theft Protection Act (ITPA) – NC – NC State Law that imposes certain obligations on State Law that imposes certain obligations on NC State agencies and NC businesses NC State agencies and NC businesses concerning the collection, use, and concerning the collection, use, and dissemination of Social Security Numbers dissemination of Social Security Numbers and other personal identifying information.and other personal identifying information.– Requires UNC Health Care to protect personal Requires UNC Health Care to protect personal
information or identifiers from inappropriate information or identifiers from inappropriate disclosures (patient and employees).disclosures (patient and employees).
– Requires UNC Health Care to notify individuals Requires UNC Health Care to notify individuals when it becomes aware that certain information when it becomes aware that certain information has been inappropriately disclosed (IDENTITY has been inappropriately disclosed (IDENTITY THEFT POLICY 1-11)THEFT POLICY 1-11)
Next
6 of 45 Prev
Privacy/Information Security Privacy/Information Security ComplianceCompliance
ITPA – Collection and Use of SSNITPA – Collection and Use of SSN
• NC State statute requires that UNC Health Care NC State statute requires that UNC Health Care attemptattempt to collect social security numbers (SSN) from to collect social security numbers (SSN) from patients and other individuals who may become patients and other individuals who may become debtors. Because of these requirements, the Identity debtors. Because of these requirements, the Identity Theft Protection Act allows UNC Health Care to Theft Protection Act allows UNC Health Care to continue to request and collect SSNs, but a patient continue to request and collect SSNs, but a patient cannot be required to provide it. cannot be required to provide it.
• UNC Health Care is required to protect SSNs and UNC Health Care is required to protect SSNs and other personal identifying information.other personal identifying information.
Next
7 of 45 Prev
ITPA Personal Identifying ITPA Personal Identifying InformationInformation
• Drivers license numberDrivers license number• Social Security number Social Security number • Employer taxpayer Employer taxpayer
identification numbers identification numbers • Identification card numbersIdentification card numbers• Passport numbersPassport numbers• Checking account numbersChecking account numbers• Savings account numbersSavings account numbers• Credit card numbersCredit card numbers• Debit card numbersDebit card numbers
• Personal Identification Personal Identification Numbers (PIN) Numbers (PIN)
• Digital signaturesDigital signatures• Biometric data Biometric data • FingerprintsFingerprints• PasswordsPasswords• Any other numbers or Any other numbers or
information that can be used information that can be used to access a person’s to access a person’s financial resourcesfinancial resources
Next
8 of 45 Prev
UNC Health Care Protected UNC Health Care Protected InformationInformation
•Protected Health InformationProtected Health Information (PHI) (PHI) – Identifiable patient informationIdentifiable patient information
•Confidential InformationConfidential Information may include: may include:– personnel informationpersonnel information– personal identifying information defined in ITPApersonal identifying information defined in ITPA– system financial and operational information (such as new system financial and operational information (such as new
business plans)business plans)– trade secrets of vendors and research sponsors trade secrets of vendors and research sponsors – system access passwordssystem access passwords
•Internal InformationInternal Information may include: may include:– personnel directoriespersonnel directories– internal policies and procedures internal policies and procedures
Prev Next
9 of 45 Prev
Remember…Remember…• Access information only in Access information only in
support of your job duties:support of your job duties: – Do Do notnot access PHI of friends, family access PHI of friends, family
members, co-workers, VIPs, ex-spouses, members, co-workers, VIPs, ex-spouses, etc., as it is not required to perform your etc., as it is not required to perform your job.job.
– Do Do notnot access your own online medical access your own online medical record, demographic or appointment record, demographic or appointment information. Follow the same procedures information. Follow the same procedures as all other patients to obtain this as all other patients to obtain this information. information.
– Do Do notnot share your access or passwords to share your access or passwords to systems with anyone, even if a co-worker systems with anyone, even if a co-worker needs access to the same information to do needs access to the same information to do their job. their job. You are responsible for all system You are responsible for all system activity performed under your unique activity performed under your unique UserIDUserID and and passwordpassword..
Prev Next
10 of 45 Prev
Remember: ConfidentialityRemember: Confidentiality
• Our responsibility is to keep patient information Our responsibility is to keep patient information confidential, and not disclose information except confidential, and not disclose information except with authorization from the patient, or as required with authorization from the patient, or as required or permitted by law. or permitted by law.
• If a patient If a patient “opts out”“opts out” of having his/her information of having his/her information given in the patient list or provided to family or given in the patient list or provided to family or friends, friends, staff should staff should notnot release information . release information .
Next
11 of 45 Prev
Accounting of DisclosuresAccounting of Disclosures
• Patients have a right to receive a listing of certain disclosures of their PHI;
• We are not required to track routine disclosures that are part of treatment, payment or health operations;
• Most other disclosures are required to be tracked.
Next
12 of 45 Prev
Accounting of DisclosuresAccounting of Disclosures
• Disclosures directly to the patient, or directed Disclosures directly to the patient, or directed by a patient’s authorization do not have to be by a patient’s authorization do not have to be reported.reported.
• Accidental disclosures of PHI must be tracked Accidental disclosures of PHI must be tracked as well.as well.
• Contact the Privacy Office for additional Contact the Privacy Office for additional guidance or information. guidance or information.
Next
13 of 45 Prev
Release of PHIRelease of PHI
• Staff members responsible for release of Staff members responsible for release of patient information have received specific patient information have received specific training. Some of these staff members training. Some of these staff members include:include:
– Medical Information Management, Information Medical Information Management, Information Desk, Phone Operators, Public AffairsDesk, Phone Operators, Public Affairs
• If it is not part of your job, don’t release the If it is not part of your job, don’t release the information. Forward the request to the information. Forward the request to the appropriate department. appropriate department.
Prev Next
14 of 45 Prev
For Example:For Example:
An accountant with UNC Health Care, An accountant with UNC Health Care, receives the following requests:receives the following requests:
1.1. His wife calls and asks him to check her test His wife calls and asks him to check her test results from a recent appointment.results from a recent appointment.
2.2. His neighbor calls and asks for the room number His neighbor calls and asks for the room number of a friend that was admitted to the hospital on of a friend that was admitted to the hospital on the previous evening.the previous evening.
Is it OK for the accountant to look up the information Is it OK for the accountant to look up the information and provide the information back to his wife and and provide the information back to his wife and
neighbor?neighbor?
Next
15 of 45 Prev
AnswersAnswers
1.1. No! – His wife should provide Medical No! – His wife should provide Medical Information Management an Information Management an authorization authorization formform that gives permission to release the that gives permission to release the information to her husband. information to her husband.
2.2. No! – He can call the hospital operator to No! – He can call the hospital operator to obtain the room number for his neighbor or obtain the room number for his neighbor or have his neighbor call the hospital operator have his neighbor call the hospital operator directly.directly.
Prev Next
16 of 45 Prev
SubpoenaSubpoena
• So another question:So another question:– If you are subpoenaed to testify or give If you are subpoenaed to testify or give
deposition related to events surrounding a deposition related to events surrounding a patient’s care, the Subpoena compels you patient’s care, the Subpoena compels you to appear, to appear, but are you authorized to but are you authorized to discuss or relay patient information?discuss or relay patient information?
Next
17 of 45 Prev
Authorizations/Subpoenas
• A subpoena does not negate HIPAA privacy protections.
• A HIPAA compliant authorization form is still required.
• Additional information on Authorizations/Subpoenas is located on the UNC Health Care HIPAA Web site:Intranet.unchealthcare.org/site/w3/hipaa/auth_subpoena
• UNC Health Care System Legal Department can answer any question you have concerning Subpoenas.
Next
18 of 45 Prev
UNC Health Care - PrivacyUNC Health Care - Privacy
• The HHS Office of Civil Rights (OCR) receives HIPAA complaints from across the country. We continue to investigate and respond to issues of privacy violations reported internally or to OCR.
• UNC Health Care employees have been disciplined and in several cases terminated from their employment for violations of policy related to patient privacy.
• Audits are being performed for access that may not be appropriate (i.e. friends, family, employees, high profile patients, etc…).
Next
19 of 45 Prev
Good Password Habits Provide Good Password Habits Provide Security & Information ProtectionSecurity & Information Protection
• Use strong passwords where possible (at Use strong passwords where possible (at least 6 characters, containing a combination least 6 characters, containing a combination of letters, numbers, special characters)of letters, numbers, special characters)
• Change your passwords Change your passwords frequently (45-90 days)frequently (45-90 days)
• Keep your passwords confidential! Keep your passwords confidential! • If you MUST write down your passwords:If you MUST write down your passwords:
– Store them in a secure locationStore them in a secure location– Do NOT store them near your computer, such as under the Do NOT store them near your computer, such as under the
keyboard or on a sticky note on your monitor!!keyboard or on a sticky note on your monitor!!
Prev Next
20 of 45 Prev
For Example:For Example:
An employee has to pick a new password that An employee has to pick a new password that is easy to remember, but hard to guess. So she is easy to remember, but hard to guess. So she decides to use one of the following passwords.decides to use one of the following passwords.
PrincessPrincess (her dog’s name)(her dog’s name)beavers beavers (her favorite sports team)(her favorite sports team)Tm2tbg#Tm2tbg# (based on a phrase)(based on a phrase)
• Which password is the strongest?Which password is the strongest?
Prev Next
21 of 45 Prev
AnswerAnswerTm2tbg# is the strongest password because:Tm2tbg# is the strongest password because:
– It is six or more characters longIt is six or more characters long– It contains upper and lower case lettersIt contains upper and lower case letters– It contains a numberIt contains a number– It contains special charactersIt contains special characters– It’s based on a phrase that is memorable It’s based on a phrase that is memorable
((TTake ake mme e toto tthe he bballallggame ame ##))
• You should not use passwords that can be You should not use passwords that can be associated with yourself, such as the names of your associated with yourself, such as the names of your children, pets or favorite sports team. If someone children, pets or favorite sports team. If someone knows you then they might guess your password.knows you then they might guess your password.
Prev Next
22 of 45 Prev
Malicious Software Compromises Malicious Software Compromises Information SecurityInformation Security
• Most damage from Malicious Software can be Most damage from Malicious Software can be prevented by regular updates (patches) of prevented by regular updates (patches) of your computer’s operating system and your computer’s operating system and antivirus software.antivirus software.– Viruses spread to other machines by the actions of Viruses spread to other machines by the actions of
users, such as opening email attachments.users, such as opening email attachments.
– Worms are programs that canWorms are programs that can run independently run independently without user action.without user action.
– Spyware is software that is secretly loaded onto Spyware is software that is secretly loaded onto your computer from certain web sites.your computer from certain web sites.
– Spam is unsolicited or "junk" electronic mail Spam is unsolicited or "junk" electronic mail messages that can clog up e-mail systems.messages that can clog up e-mail systems.
Prev Next
23 of 45 Prev
Safe E-mail UseSafe E-mail Use• Do not open e-mail attachments if the message looks Do not open e-mail attachments if the message looks
suspicious.suspicious.• Delete and DON’T respond to “spam” even if it has Delete and DON’T respond to “spam” even if it has
an “unsubscribe” feature.an “unsubscribe” feature.• Ensure proper safeguards are in place when sending Ensure proper safeguards are in place when sending
confidential or patient information through e-mail:confidential or patient information through e-mail:– Double checkDouble check that the correct recipient has been that the correct recipient has been
selectedselected– Verify it is only being sent to Verify it is only being sent to authorizedauthorized recipients recipients – If sending outside of UNC Health Care’s internal If sending outside of UNC Health Care’s internal
network, make sure you select to send the e-mail network, make sure you select to send the e-mail secure secure (encryption). (encryption). Instructions for secure e-mail are Instructions for secure e-mail are discussed in a later slide.discussed in a later slide.
Prev Next
24 of 45 Prev
For Example:For Example:
While online at work, an employee sees a “pop While online at work, an employee sees a “pop up” ad for a free custom screen saver. He up” ad for a free custom screen saver. He clicks on the “I agree” button and his computer clicks on the “I agree” button and his computer downloads and installs the screen saver utility. downloads and installs the screen saver utility. After a few days he notices that his computer is After a few days he notices that his computer is running slower and calls the Help Desk.running slower and calls the Help Desk.
What did he do wrong?What did he do wrong?
Next
25 of 45 Prev
Oops!Oops!
• He installed software from an unknown He installed software from an unknown sourcesource
• He didn’t read the fine print before clicking “I He didn’t read the fine print before clicking “I agree”agree”
Many “free” applications include a spyware utility that Many “free” applications include a spyware utility that will cause performance problems and potentially will cause performance problems and potentially release confidential information. release confidential information.
Don’t download software from unknown sources!Don’t download software from unknown sources!
Prev Next
26 of 45 Prev
E-Mail & EncryptionE-Mail & Encryption
• PHI, Confidential and Personal Identifying information PHI, Confidential and Personal Identifying information mustmust be encrypted when sending outside of UNC be encrypted when sending outside of UNC Health Care’s internal network:Health Care’s internal network:– ISD has provided a ISD has provided a Send SecureSend Secure tool that will allow you to tool that will allow you to
selectively encrypt/secure any e-mail sent to recipients not selectively encrypt/secure any e-mail sent to recipients not on the Hospital e-mail system. Instructions for downloading on the Hospital e-mail system. Instructions for downloading the the Send SecureSend Secure tool provided by ISD can be found on the tool provided by ISD can be found on the UNC Health Care intranet home page:UNC Health Care intranet home page:
http://intranet.unchealthcare.org/site/w3http://intranet.unchealthcare.org/site/w3– Secure e-mail instructions for UNC School of Medicine users Secure e-mail instructions for UNC School of Medicine users
can be located on the UNC School of can be located on the UNC School of Medicine HIPAA Web page:Medicine HIPAA Web page:http://www.med.unc.edu/hipaa/http://www.med.unc.edu/hipaa/
Next
27 of 45 Prev
Mobile Computing / External Mobile Computing / External StorageStorage
• Palm/Pocket PC, PDA, and laptop PC are Palm/Pocket PC, PDA, and laptop PC are examples of mobile computing devicesexamples of mobile computing devices
• Diskettes, CD ROM disks, and memory sticks Diskettes, CD ROM disks, and memory sticks are examples of external storage devices.are examples of external storage devices.
• Protected information stored on these devices Protected information stored on these devices must be safeguarded to prevent theft and must be safeguarded to prevent theft and unauthorized access.unauthorized access.
Prev Next
28 of 45 Prev
Mobile Computing / External Mobile Computing / External Storage ControlsStorage Controls
• Mobile computing devices that store Mobile computing devices that store protected information must have a power-on protected information must have a power-on password, automatic logoff, data encryption password, automatic logoff, data encryption or other comparable approved safeguard.or other comparable approved safeguard.
• Whenever possible, protected information on Whenever possible, protected information on external storage devices must be encrypted. external storage devices must be encrypted.
Prev Next
29 of 45 Prev
Mobile Computing / External Mobile Computing / External Storage ControlsStorage Controls
• NeverNever leave mobile computing or leave mobile computing or external storage devices unattended in external storage devices unattended in unsecured areas.unsecured areas.
• ImmediatelyImmediately report the loss or theft of report the loss or theft of any mobile computing or external any mobile computing or external storage devices to your entity’s storage devices to your entity’s Information Security Officer.Information Security Officer.
Prev Next
30 of 45 Prev
For Example:For Example:
A physician leaves his PDA which contains PHI A physician leaves his PDA which contains PHI as well as personal information on the back as well as personal information on the back seat of his car. The PDA did not have a power-seat of his car. The PDA did not have a power-on password nor encryption. When he returns on password nor encryption. When he returns to the car, the PDA is missing. to the car, the PDA is missing.
What should the physician have done? What should the physician have done?
What should the physician do now?What should the physician do now?
Next
31 of 45 Prev
AnswerAnswer
The physician should have password protected The physician should have password protected the PDA and PHI should have been encrypted the PDA and PHI should have been encrypted to prevent unauthorized access.to prevent unauthorized access.
He should now:He should now:– Contact his Information Security OfficerContact his Information Security Officer– Report the loss to his immediate supervisorReport the loss to his immediate supervisor– Since this was a possible theft, report the incident Since this was a possible theft, report the incident
to the appropriate law enforcement agencyto the appropriate law enforcement agency
Next
32 of 45 Prev
Remote AccessRemote Access• All computers used to connect to UNC Health Care All computers used to connect to UNC Health Care
networks or systems from home or other off-site networks or systems from home or other off-site locations should meet the same minimum security locations should meet the same minimum security standards that apply to your work PC.standards that apply to your work PC.
• Some good practices when working from home Some good practices when working from home include:include:– Set up your computer in a private areaSet up your computer in a private area– Log off before walking awayLog off before walking away– Ensure that passwords are not written down where they can Ensure that passwords are not written down where they can
be foundbe found– Lock up disks and other electronic storage devices that Lock up disks and other electronic storage devices that
contain patient and other confidential informationcontain patient and other confidential information– Maintain up-to-date virus protection on your PCMaintain up-to-date virus protection on your PC
Prev Next
33 of 45 Prev
Faxing Protected InformationFaxing Protected Information
• Fax protected information only when mail delivery is Fax protected information only when mail delivery is not fast enough to meet patient needs.not fast enough to meet patient needs.
• Use a UNC Health Care approved cover page that Use a UNC Health Care approved cover page that includes the confidentiality notice with all faxes. includes the confidentiality notice with all faxes. Sample cover sheets are located on the UNC Health Sample cover sheets are located on the UNC Health Care Human Resources Web site under Forms.Care Human Resources Web site under Forms.
• Ensure that you send the information to the correct Ensure that you send the information to the correct fax number by using pre-programmed fax numbers fax number by using pre-programmed fax numbers whenever possible.whenever possible.
• Refer to the UNC Health Care Fax policy.Refer to the UNC Health Care Fax policy.
Prev Next
34 of 45 Prev
PHI NotesPHI Notes
• PHI, whether in electronic or paper format, PHI, whether in electronic or paper format, should always be protected! Persons should always be protected! Persons maintaining notes containing PHI are maintaining notes containing PHI are responsible for:responsible for:– Using minimal identifiersUsing minimal identifiers– Appropriate security of the notes Appropriate security of the notes – Properly disposing of information when no longer Properly disposing of information when no longer
needed.needed.
• Information on paper should never be left Information on paper should never be left unattended in unsecured areasunattended in unsecured areas
Prev Next
35 of 45 Prev
Disposal of InformationDisposal of Information• Protected Information should Protected Information should NEVERNEVER
be disposed of in the regular trash!be disposed of in the regular trash!– Paper and microfiche must be shredded Paper and microfiche must be shredded
or placed in the secured Shred-it bins.or placed in the secured Shred-it bins.– Diskettes and CD ROM disks can also be Diskettes and CD ROM disks can also be
placed in the secured Shred-it bins or placed in the secured Shred-it bins or physically destroyed.physically destroyed.
– The hard drives out of your PC must be The hard drives out of your PC must be physically destroyed or “electronically physically destroyed or “electronically shredded” using approved software.shredded” using approved software.
– Contact your entity’s IT Department or Contact your entity’s IT Department or Information Security Officer for specific Information Security Officer for specific procedures.procedures.
Prev Next
36 of 45 Prev
Disposal Question…Disposal Question…
• Can you completely remove files off of Can you completely remove files off of your computer or storage devices, such your computer or storage devices, such as diskettes, CDs, or memory sticks, by as diskettes, CDs, or memory sticks, by highlighting the files and clicking highlighting the files and clicking “delete”?“delete”?
Next
37 of 45 Prev
AnswerAnswer
• The "format" and "delete" commands do not The "format" and "delete" commands do not mean removed or destroyed! The actual data mean removed or destroyed! The actual data is not completely wiped from your hard drive. is not completely wiped from your hard drive. Also, deleted information on diskettes, CDs Also, deleted information on diskettes, CDs and memory sticks can be recovered. and memory sticks can be recovered.
• Refer to UNC School of Medicine Electronic Refer to UNC School of Medicine Electronic Data Disposal Policy for more details.Data Disposal Policy for more details.
• ISD is responsible for the destruction of hard ISD is responsible for the destruction of hard drives for Hospital-owned PCs. Refer to UNC drives for Hospital-owned PCs. Refer to UNC Health Care Workstation Security Policy W-4.Health Care Workstation Security Policy W-4.
Next
38 of 45 Prev
Physical SecurityPhysical Security
• Computer screens, copiers, and fax Computer screens, copiers, and fax machines must be placed so that they machines must be placed so that they cannot be accessed or viewed by cannot be accessed or viewed by unauthorized individuals.unauthorized individuals.
• Personal computers must use Personal computers must use password-protected screen savers to password-protected screen savers to further protect against unauthorized further protect against unauthorized access.access.
Prev Next
39 of 45 Prev
For Example:For Example:An employee working from home, takes a brief An employee working from home, takes a brief break and leaves her computer logged on to the break and leaves her computer logged on to the system. CDs and paperwork containing PHI system. CDs and paperwork containing PHI clutter her desk, so she decides to throw away clutter her desk, so she decides to throw away some of the papers she no longer needs. some of the papers she no longer needs. When she returns 30 minutes later, she finds When she returns 30 minutes later, she finds her computer still logged on to the system.her computer still logged on to the system.
Is the employee properly protecting the above PHI?Is the employee properly protecting the above PHI?
How can the employee better protect the PHI?How can the employee better protect the PHI?
Next
40 of 45 Prev
For Example:For Example:
• Answer: No, the PHI is not properly secured. Answer: No, the PHI is not properly secured. • The employee should put in place the following The employee should put in place the following
controls to protect the PHI:controls to protect the PHI:– Log off of the computer when she steps awayLog off of the computer when she steps away– Turn on her password protected screen saver that kicks in Turn on her password protected screen saver that kicks in
quickly when there is no activity (3-5 minutes)quickly when there is no activity (3-5 minutes)– Secure both the CD and Paper in a locked cabinet or drawer Secure both the CD and Paper in a locked cabinet or drawer
when not attendedwhen not attended– Use appropriate procedures for disposal of PHI, even at Use appropriate procedures for disposal of PHI, even at
home: paper should be shredded or taken back to the office home: paper should be shredded or taken back to the office and placed in the secure bin for shredding laterand placed in the secure bin for shredding later
Next
41 of 45 Prev
Summary Summary • Patient, confidential, and personal identifying
information should ONLY be accessed by, and shared with, authorized persons.
• It is YOUR responsibility to:– Protect SSN and other personal identifying information.Protect SSN and other personal identifying information.– Protect Patient, Confidential and Internal InformationProtect Patient, Confidential and Internal Information– Review and comply with UNC Health Care Identity Theft Review and comply with UNC Health Care Identity Theft
PolicyPolicy– Review and comply with UNC Health Care Privacy and Review and comply with UNC Health Care Privacy and
Security policiesSecurity policies– Report losses or misuse of information (possible security Report losses or misuse of information (possible security
breaches) promptly to your Information Security or Privacy breaches) promptly to your Information Security or Privacy OfficerOfficer
Next
42 of 45 Prev
Disciplinary ActionsDisciplinary Actions
• Individuals who violate the UNC Health Individuals who violate the UNC Health Care Information Security and Privacy Care Information Security and Privacy policies will be subject to appropriate policies will be subject to appropriate disciplinary action as outlined in the disciplinary action as outlined in the entity’s personnel policies, as well as entity’s personnel policies, as well as possible criminal or civil penalties.possible criminal or civil penalties.
Prev Next
43 of 45 Prev
For more information:For more information:
Visit UNC Health Care’s HIPAA Web site for more Visit UNC Health Care’s HIPAA Web site for more information on security and privacy policies.information on security and privacy policies.
Intranet.unchealthcare.org/site/w3/hipaaIntranet.unchealthcare.org/site/w3/hipaa
Prev Next
44 of 45 Prev
UNC Health Care ContactsUNC Health Care Contacts
• Compliance OfficeCompliance Office
• Privacy OfficePrivacy Office
• Security OfficeSecurity Office
• Medical Information Medical Information ManagementManagement
• Compliance E-MailCompliance E-Mail
• (919) 966-8505(919) 966-8505
• (919) 843-2233(919) 843-2233
• (919) 966-0084(919) 966-0084
• (919) 966-1225(919) 966-1225
[email protected]@unch.unc.edu
Next
45 of 45 Prev
You have now successfully completed You have now successfully completed the online Information Security and the online Information Security and
Privacy ModulePrivacy Module
You have now successfully completed You have now successfully completed the online Information Security and the online Information Security and
Privacy ModulePrivacy Module
- Click <HERE> to end show -- Click <HERE> to end show -
Prev