ITS HIPAA Training
UCSC's Information Technology Services HIPAA Security Rule Training Requirements
By law, we are required to train and periodically update ITS employees who are involved in, or support systems involved in, the creation, transmission, or storage of electronic protected health information (ePHI), also known as "HIPAA data". Currently this includes individuals (and their back-ups) who support the following units on campus or have access to their data, servers, workstations, backups, transmissions, logs, test/dev/bug systems, etc.: Benefits Office, Health Center, Fire Department, ITS Data Center, and AIS.
The ITS HIPAA training includes the five components listed below. Supervisors are responsible for ensuring and documenting that employees receive and complete appropriate HIPAA training. Items #1-4 are available online and are to be completed before an ITS employee gains access to HIPAA systems or data. Item #5, the classroom training, is to be completed within one quarter of assuming HIPAA-related job duties. Please note that some units/departments may require that ITS employees complete additional local training prior to accessing their systems or data.
- Required: Take UCSC's online HIPAA training.
- Description: This two-part, online training provides general information for all employees who have responsibilities relating to HIPAA data, plus information specific to the HIPAA Security Rule. There is a certificate to print out for each module; email verification of completion is also acceptable.
- Instructions: Log into learningcenter.ucsc.edu with your CruzID and Gold password. Enter "hipaa" in the search box on the left and click "go". You need to complete both modules that come up: "HIPAA Training" and "HIPAA Security Rule Overview," preferably in that order. To take a training, click on it, then click "Start". After you complete a course, go back to your home page (click on "Learner" or breadcrumbs at the top of the page), click on your "Transcript," select the course, and click on the "diploma" icon to print the certificate of completion. Detailed instructions are available from "Help" on your home page (don't use the help link in the top nav).
- Required: Read ITS' "HIPAA SECURITY RULE POLICIES AND PROCEDURES" (first item on the linked page).
Description: This is the current set of ITS-specific policies and procedures for HIPAA Security Rule compliance. It is available in Google to all ITS HIPAA supervisors and identified ITS staff (CruzID Blue login required). Employees are to read this document and work with their supervisor or contact me (info below) to address any questions. A downloadable certificate of completion for this reading is available at the end of the document; email verification of completion is also acceptable.
- Required: Read and sign the University Administrative Information System Access to Information Statement
Submit the signed form to your supervisor. Copies of signed forms are to be sent to the Accounts Team in the ITS Support Center. The supervisor may also retain a copy. If you already read and signed this when you were hired, you don't need to do it again. If you're not sure, do it again just to be safe.
- Also recommended for reference:
- UCSC Password Strength and Security Standards (referenced in the above Policies and Procedures document.
- The complete set of practices for HIPAA Security Rule compliance: This is the complete list of UCSC practices for compliance with each of the 42 HIPAA Security Rule requirements. For HIPAA training purposes, this document would be in the "skim-through-and-focus-on-what's-relevant-to-you" category.
- Required: Attend a scheduled in-person HIPAA training at the earliest opportunity. Must be within one quarter of assuming HIPAA-related job duties.
Next available training: Please contact Julie (contact info below) for details and to request additional training dates.
Please contact Julie Goldstein, 459-2779 with any questions, concerns, or requests for materials regarding HIPAA training or HIPAA Security Rule compliance.