Educause Security Discussion mailing list archives
HIPPA Questions
From: Carlos Lobato <clobato () NMSU EDU>
Date: Tue, 12 Jun 2012 17:37:53 +0000
Hello All, I'm in the process of reviewing the HIPPA Privacy Rule & Security Rule and I am wondering how other Universities that are designated as covered entities ensure compliance with the following two Administrative Requirements: 1. Training - Does your school offer security & privacy training to all workforce including management? a. Yes, mandatory for all employees b. Yes, mandatory but ONLY for employees who handle HIPPA data c. Yes, mandatory but only for employees who handle sensitive information (one training covers all regulations PII, PCI, HIPAA, PERPA, etc.) c. Yes, optional generic computer & data security training for all employees, but it does not specifically emphasize a regulation b. No, don't have a HIPPA training program 2. Privacy and Security Official - has your institution formally appointed or identified who will be operationally responsible for assuring that the covered entity complies with both the Security and Privacy rules? a. Yes, a Security Official and Privacy Official has been appointed and it is the same person b. Yes, a Security Official and Privacy Official has been appointed and it is NOT the same person c. No, no person has been identified. d. No. Your input will be highly appreciated and I will summarize the results and share with the group. Carlos S. Lobato, CISA, CIA IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003-8001 Phone: 575-646-5902 Fax: 575-646-5278 Email: clobato () nmsu edu<mailto:clobato () nmsu edu>
Current thread:
- HIPPA Questions Carlos Lobato (Jun 12)