1. Explain the Health Insurance Portability and Accountability act (HIPAA)
2. Define Protected Health Information (PHI)
3. Explain the components of Information Security (Confidentiality, Integrity, Availability)
4. Explain the consequences of HIPAA violations and Information Security breaches
5. Protect information systems against intentional attack including
o Malicious software
o Stolen passwords
o Social engineering or “phishing”
o Theft
o Abuse of privilege
o Unauthorized access
6. Protect information systems against employee carelessness including
o Sharing passwords
o Selecting weak passwords
o Not logging off of systems
o Downloading and executing software
o Sending EPHI outside the institution without encryption
o Not protecting devices with password and encryption
o Not questioning or reporting suspicious activity
7. Understand when and how to report violations of HIPAA and Information Security Policy