This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Security Awareness & Training: Security Reminders

Reference: 45 CFR § 164.308(a)(6)
Last Updated: February 7, 2024

Purpose

Goal: Define procedures used to provide an ongoing security information and awareness program to its employees.

The purpose of this policy is to communicate to the workforce changes that may affect the privacy and security of ePHI.

Policy

Procedure: The Security Manager is responsible to remind and update employees of their security responsibilities and the existence of any potential threat. As part of these responsibilities the Security Manager shall:

  • Post in a visible area basic information regarding ePHI.
  • On at least a quarterly basis communicate with the staff (e-mail, brochures, training session, or as part of a staff meeting) a reminder regarding Security Practices.
  • Inform staff members of security violations and/or penetration attempts.
    • Internal security violations shall be forwarded to all employees immediately. Whenever possible reports of the violation will be sanitized to protect the privacy of the violator and the ePHI.
      • Internal violations that have been contained may be reported to the workforce via e-mails, bulleting boards, memos or staff meetings.
      • Internal violations that have not been contained will require lock-up procedures where no one other than the Security Manager, the System Manager and the designated staff will have access to ePHI.
    • Penetration attempts shall be included as part of a quarterly meeting with the staff.
  • Inform staff of potential threats to include but not limited to virus, worms and trojan horses.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram