This applies to information that identifies the individual or could be used to identify the individual that is created, stored, or transmitted by a Covered Entity (or business associate of a covered entity). HIPAA identifies 18 different identifiers that must be removed, secured, and/or encrypted. These include name, address, social security numbers, medical and health insurance-related numbers, biometric and photographic data, and medical device data and serial numbers.
A Covered Entity includes healthcare professionals, hospitals, insurers, and their business associates (such as a credit card processing company or medical device manufacturer, as well as a cloud service provider or cloud datacenter where sensitive data is stored), and requires that they all hold the same standards of privacy and confidentiality.
Why It Is Important
PHI is extraordinarily sensitive information that could subject an individual to significant harm if disclosed or shared. Patient rights with respect to PHI entail:
- The right to request restrictions for the use of PHI
- The right to examine and copy their PHI
- The right to request amendments or corrections to their PHI
- The right to file a complaint with the covered entity and with the Secretary of Health and Human Services if they believe their privacy has been compromised
Per HIPAA Regulation, the Timing and Documentation of Training Is Clearly Outlined That a Covered Entity Must Provide Training That Meets the Following Requirements:
- To each member of the covered entity's workforce by no later than the compliance date for the covered entity
- Thereafter, to each new member of the workforce within a reasonable period of time after the person joins the covered entity's workforce
- To each member of the covered entity's workforce whose functions are affected by a material change in the policies or procedures required, within a reasonable period of time after the material change becomes effective
- A covered entity must document that the training has been provided
What Does Good Look Like
Living Security is built on an entirely different premise - that people are you greatest asset. Our solution measures strengths and weaknesses for employees, identifies potential gaps, then delivers timely, engaging individual and team-based training that creates proven, lasting change.
If your organization has ever struggled with challenges like, "everyone has completed phishing training, but hundreds of employees still click on our phishing simulations over and over", you need a better solution.
The Escape Room
The Escape Room is one example of a team training that explores phishing, PHI, and other security concepts through team puzzle solving. Paired with an engaging storyline based on real life scenarios, the experience delivers a more impactful learning experience.
goal of security awareness
The goal of security awareness compliance shouldn’t just be to check the box that employees have completed training, it should be to prevent breaches and minimize risk and exposure due to human error.
What Makes Living Security Better
The sensitivity of PHI makes it especially critical to safeguard. It is the underlying foundation of HIPAA compliance, and in many ways requires the heightened application of personally identifiable information (PII) best practices. The most critical aspect of PHI is the restriction of its collection and sharing. In order to protect your patients’ PHI, you need to train your employees.
Living Security is chosen by more leading global organizations to provide the security awareness training they need to not only check the box for compliance, but to improve the cybersecurity posture of their organization. Training that is engaging, impactful, and delivers a 16x increase in retention helps you create proven, lasting change - and turns employees into your strongest cybersecurity asset.
Living Security makes it easy to meet compliance with training modules, that include, but are not limited to:
- PHI-specific content
- Passwords (maintaining strong passwords, use of a password manager)
- Phishing (and other forms, vishing, smishing)
- Physical security (device security, document access and disposal)
- How to report an incident
- Removable devices/USBs
- Mobile devices
- Social media usage and risks of oversharing
- … many, many more.
Our modules range from quick-hit 1-3 minute training per topic to full CyberEscape room series that cover multiple topics all-in-one. Your compliance checklist can easily support several complex topics in under 15 minutes.
Meet Your Compliance Requirements
Learn more about how Living Security can help you meet your compliance requirements, and actually help your employees make better cybersecurity decisions.