Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:HIPAA Security Rule
Slide content:Administrative Safeguards Continued Security awareness and training Security reminders (A) Protection from malicious software (A) Log-in monitoring (A) Password management (A) Security incident proceduresresponse & reporting (R) Contingency plan Data back-up plan (R) Disaster recovery plan (R) Emergency mode operation plan (R) Testing and revision procedures (A) Application and data criticality analysis (A) Evaluation (R) Business association contracts, subcontractors, and other arrangements (R) 8
Slide notes:Continuing with the administrative safeguards, security awareness and workforce training cover concerns such as security reminders, protection from malicious software like viruses and spyware, login monitoring, audit trails, and password management. All of these issues must be addressed, and a process must be in place for security incident procedures. Organizations also need a contingency plan, which includes data backup, disaster recovery, and emergency response procedures. There also needs to be evaluation of the security process as it pertains to the explicit agreements with an organizations business associates and their subcontractors. A disaster recovery plan for the information technology department and the organization should be developed and tested annually. 8