HIPAA identifiers are 18 points of information that can be used to identify an individual or combined with other information to identify an individual.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act specifies requirements for the privacy and security of all individually identifiable patient health information in any form or media, whether electronic, paper, or oral.
HIPAA Hints: Privacy Guidelines
The Washington University HIPAA Privacy Office has created HIPAA Hints to provide guidance for some of the most common privacy issues.
HIPAA Forms
Patient Communication Form Email Authorization Form Media Authorization Form Medical Records Release Form Request for Alternative Methods of Communication Request for Restriction to Health Plan (Self-Pay) Request for Amendment of Protected Health Information Form Request for Restrictions on Use or Disclosure of Protected Health Information Form Washington University Business Associate Agreement Request for Accounting of […]
HIPAA Privacy Information
Centered on your privacy Washington University health care providers respect the confidentiality of our patient’s health information by observing the highest standards of ethics and integrity. Our Notice of Privacy Practices describes your rights under HIPAA and how Washington University may use and disclose your protected health information. If you have not reviewed our Notice of Privacy Practices. […]
HIPAA Privacy Training
Workforce members at the Medical School are also required to complete HIPAA 101, a set of online training modules that cover the HIPAA Privacy, Security and Breach Notification Rule. Classroom and online refresher training is also available. Refresher courses include topics such as: HIPAA 101: Privacy Matters – Protecting Patient Privacy through Data Security Encryption […]
HIPAA Patient Forms and Rights
HIPAA provides patients with several rights, all described in our Notice of Privacy Practices. The HIPAA Privacy Office works with our clinical departments, physicians, and Health Information Release Services to facilitate requests related to your rights under HIPAA. These rights include: The right to request a copy of your medical records from Washington University Physicians for yourself or […]
HIPAA Health and Patient Information Policies
Health and Patient Information Policies Washington University expects all employees and contractors who interact with our patients and/or their protected health information to understand and comply with our policies and procedures related to the HIPAA Privacy and Security Rule. These policies and procedures are designed to help our workforce understand the requirements for the appropriate […]
Policy 109 Information Security Incident Reporting, Response, and Recovery
The policy communicates a planned and systematic approach to incident handling from reporting to recovery and analysis.
Policy 100 Information Security Program
The policy is the foundation of the policy library. It establishes the charge and mission of the Office of Information Security (OIS) to protect the Confidentiality, Integrity, and Availability (CIA) of information resources at Washington University in St. Louis (WashU).
Keeping Information Security Simple – “Using Code Words to Defeat the AI Menace”
Letter from the CISO, Vol 3 Issue 9 Washington University Community: Artificial Intelligence is a tool Artificial Intelligence, or AI, has received a lot of attention and interest over the past year, primarily due to the great advances in productivity and quality it seems to promise. WashU IT is excited to be helping the university […]
Information Security Training
Security Guidance for Automatic Transcription Services
Many WashU community members create audio and video recordings in research, during meetings, while attending lectures, and in other circumstances. These recordings can be indispensable to a project because they document what was said with perfect fidelity for future reference and analysis. A transcript of the recording is even more helpful, making it easy to […]
Remote Computing with Protected and Confidential Data
Requirements for remote computing with protected and confidential data.
Compliance
Compliance in cyber security means meeting certain standards and obeying by regulations…
Business Associate Agreement (BAA) Explained
If you work with Protected Health Information (PHI), you have probably heard mention of a business associate agreement. At WashU, it is essentially a contract between WashU and a business associate concerning the handling of PHI. Who is a Business Associate? It is a person or entity outside of WashU who creates, receives, maintains, or […]
Personal Device Security Policy
The policy and associated guidance provide requirements for using personal devices to access, create, host, and transmit confidential and/or protected information.
Media Reuse and Disposal Policy
The policy and associated guidance provide requirements for reuse or disposal of WashU systems containing protected or confidential information.
Information Security Risk Management Policy
The policy and associated guidance provide a common methodology and organized approach to Information Security risk management whether based on regulatory compliance requirement or a threat to the university.
Electronic Messaging Security Policy
The policy and associated guidance provide direction for electronic messages (i.e. email, chat, and other electronic messages) containing WashU confidential and/or protected information.
Computer Use Policy
This policy and associated guidance provide direction for appropriate use of computer systems, networks, and information at WashU.
WEBINAR: Exciting Days in the Office of Information Security with CISO, Chris Shull
Curious about attempted cybercrime at WashU? Join our webinar to learn about how WashU protects its users and systems from online threats. Chris Shull, Chief Information Security Officer, will talk about the comprehensive preventive, detective, and responsive defenses we are building in response to the wide range of Information Security challenges we face. One […]
WEBINAR: Careers in Cybersecurity with Brian Allen
Did you know that there are more than three million open positions in cybersecurity today? There is a huge demand for cybersecurity professionals today, and the Bureau of Labor Statistics predicts that this trend will continue for the next decade and beyond. This high demand means opportunity, competitive salaries, and job security. Effective cybersecurity requires […]
WEBINAR: Phishing Incidents and their Impact to the University with Jason Murray
Curious about attempted cybercrime at WashU? Join our webinar to learn about how WashU protects its users and systems from online threats. Information Security Assistant Director and Architect for Digital Forensics and Incident Response, Jason Murray, will discuss incidents and vulnerabilities detected on the WashU network during the last year and the new tools […]
WEBINAR: Security in Research with Michael Mayer
Do you want to know how security plays into research at WashU? Please join Michael Mayer, Information Security Analyst III, with the Office of Information Security, and bring your questions about how to secure your research. Mark your calendars and join us via Zoom on October 11 at 12 pm CST. This webinar is exclusively […]
Wonderful OneTrust
The Information Security Governance, Risk, and Compliance (GRC) team, led by Assistant Director, Denise Woodward, handles many types of security-related requests from the WashU community. When researchers need a security review of the tools they’re using for a study, when a department wants to adopt new technology, or when someone requires a specialized solution for […]
Protected Health Information (PHI)
Protected health information (PHI) refers to health data created, kept, or shared by HIPAA-covered entities and their commercial partners in the provision of healthcare, healthcare operations, and payment for such services.
IRB Security Review
In the IRB Security Review process, our team works with research coordinators to evaluate security risks involved in the research process.
What are the Security Expectations of Your Research Sponsor?
Increasingly, research sponsors require grantees meet strict security requirements to protect the data and systems used in funded projects.
Keeping Information Security Simple – Privacy – Free isn’t free: If you aren’t paying for it, you and your data are the product being sold!
Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]
Threats to Your Research Data and Intellectual Property
Your research data and intellectual property are valuable, not only in the pursuit of knowledge for the betterment of society but also to cybercriminals who seek to steal it or hold it for ransom. According to the Federal Bureau of Investigation , intellectual property theft is a growing threat in the digital era, and much […]
Meet Your InfoSec Team: James Gagliarducci, Information Security Director
James Gagliarducci, Director of Information Security, an electrical engineer by training and a security whiz by experience and certification, started out designing radar systems for the Department of Defense. He joined WashU IT as a network engineer in the 90s. Remembering those days, James says, “I loved it.” When the Health Insurance Portability and Accountability […]
Deidentified Data
Deidentified data has had all individual identifiers removed.
Protected Data
Protected data refers to data regulated by federal, state, and local legislation.
Phishing 101
Email phishing has long been the method of choice for many cybercriminals who seek to exploit vulnerabilities for personal gain. These attacks are continually revised and refreshed to take advantage of current trends and new strategies used to socially engineer their victims. Phishing works so well because it takes advantage of human emotion, convincing unsuspecting […]
Thank You for Participating in Cybersecurity Awareness Month 2020
The Office of Information Security extends its gratitude to the faculty, staff, and students who participated in the events and activities of Cybersecurity Awareness Month 2020! During the month of October, we hosted a slate of webinars and presentations to help our community stay informed and empowered in the digital era. This year, our program […]
WEBINAR: Securely Managing Protected Information
The HIPAA Privacy Office, WashU IT, and the Office of Information Security invite you to attend a one-hour discussion and Q&A about safely handling protected data and using WUSTLBox to develop a secure workflow. Hosts will include Christine Schorb, HIPAA Privacy Officer, Eric Suiter, Systems Engineer with expertise in WUSTLBox, and Kevin Hardcastle, Chief Information […]
Protect Yourself from Social Engineering
The Office of Information Security continuously works to protect our community from a wide variety of phishing activity and other security threats. Currently, the majority of the phishing threats we see involve some form of social engineering. What is social engineering? Social engineering attempts to manipulate people by exploiting psychology and emotions such as fear, […]
Tax Deadline Extension and Phishing Scams
As a result of the COVID-19 pandemic, the deadline for filing state and federal tax returns is postponed until July 15, 2020. As the deadline approaches, we want to make you aware of the more common tax fraud scams that our office sees each year. We have also compiled some helpful resources to assist you […]
Tax Time is Open Season for Phishing Scams
Tax season is here again, and with it comes an uptick in scammers using phishing emails designed to steal personal information from their victims in order to commit tax fraud. We encourage you to use extreme caution with any email correspondences requesting personal information. Please refrain from opening any attachments or following any links in […]
NCSAM Retrospective
The Office of Information Security recently wrapped up a month of exciting activities and events across Washington University campuses for National Cybersecurity Awareness Month. We are grateful to everyone who took the time to participate in this year’s events, and we are already looking forward to next year’s program. During October 2019, the Office of […]
Security Controls
The Office of Information Security (OIS) will review and identify the applicable security frameworks – International Organization for Standardization, National Institute of Standards and Technology (NIST) Security Controls (SP800-53) and other identified industry standards to be applied and tailored within Washington University (WashU) departments and schools. Controls will be assigned to create protection levels. Control […]
Secure Storage and Communication Services
Before using external websites or cloud services to store, create or transmit WashU confidential or Protected information please review the tables below for approved services. If what you are looking for is not listed, the following reviews are needed. Collaboration Reference the tables below to determine which collaboration service is best for storing and sharing your data. […]
Notice of Privacy Practices
English
Vulnerability Assessment
The scanner is capable of meeting all the requirements outlined for RA-5 priorities low, medium, high. The appliance performs assessments against system security policies and identifies vulnerabilities with CVE scoring. It has customizable templates that measure compliance with SOX, PCI DSS, HIPAA, ISO 27002, FISMA, and FDCC (Federal Desktop Core Configuration) baseline. It supports content […]
Information Security FAQ
Documents
Document /ˈdä-kyə-mənt/ noun a computer file containing information input by a computer user and usually created with an application (such as a spreadsheet or word processor) In the course of a year, WashU students, faculty and staff create millions of electronic documents related to the academic, research, clinical and/or administrative work done at the university. Not all of […]
Phishing
phish∙ing /’fiSHiNG/ noun the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers Phishing is an illegal way that criminals gather private information for the purposes of sending spam, sending phishing e-mails, logging onto university systems and […]