GME Division of Medical Education
Graduate
Medical Education

HIPAA Frequently Asked Questions

  1. I already completed HIPAA Privacy training, why is security training required? What's new in HIPAA Security?"
    Even though you already completed HIPAA privacy training, the Security Rule requires that all workforce members ("YOU") must receive training in information security safeguards governing the protection of ePHI. If you are using the UCSD network or have UCSD related data (including ePHI) on your laptop or other portable devices (such as PDAs, memory sticks), you are responsible for its safe keeping.
  2. Isn't security just an Information Technology problem? Why do I need to know this information?"
    Although UCSD implemented technology solutions to protect the security of our information systems and networks from unauthorized access, these technical solutions are useless if users ("You") have unsafe or risky computing practices. Each user who accesses any UCSD information system(s), servers, computer workstation or the UCSD network is personally responsible to:
    1. Protect your individual user access codes (User ID and password) from unauthorized access;
    2. Protect portable electronic media devices and local drives with confidential information (including ePHI) from loss, theft, and corruption from malicious malware (e.g., virus, spam, spyware, hackers);
    3. Protect confidential information whether it is transmitted, stored electronically or in hardcopy. Refer to the UCSD "Minimum Network Security Standards" when connecting devices to the UCSD network: http://blink.ucsd.edu/Blink/Files/newstds.pdf PDF - [20 kb]
    4. Create data back-ups for original information stored on local drives and portable electronic media
    5. Use safeguards to prevent physical damage to workstations due to environmental hazards (e.g., power failure, heat, water, fire); and
    6. Report a suspected or known security incident.

  3. Which training materials do I need to review?"
    The enclosed bulletin was developed to acquaint you with information security responsibilities for all computer users. The power-point module on the web provides "good computing practices" and training on the recommended safeguards for confidential electronic information: http://health.ucsd.edu/compliance/hipaa.shtml External Site / New Window. It is recommended that physicians review the attached bulletin and the power-point module; however, either method will satisfy the Security Rule's workforce training requirements.
  4. When do I need to complete the HIPAA Security training?"

    By April 20, 2005 all workforce members who use electronic PHI must complete security awareness training. New workforce members hired after 4/20/2005 must complete privacy and security training within 30-days of hire.

    • Tip: If your department requests that you provide a record of training, the power-point module includes an acknowledgment form for this purpose.
    • If you have questions regarding information security, please feel free to contact Kathleen (Kevie) Naughton (619-471-9152, E-mail) or Ed Veldin (E-mail).

Corporate Compliance, Privacy & Security Programs
9500 Gilman Drive, #0836; La Jolla, CA 92093-0836
http://health.ucsd.edu/compliance/hipaa.shtml External Site / New Window

Developed by the UCSD School of Medicine, Office of Educational Computing
Copyright 2012, University of California, San Diego
All rights reserved
Webmaster