ITS HIPAA Training

Home IT Security Awareness ITS HIPAA Training

UCSC's Information Technology Services HIPAA Security Rule Training Requirements

By law, we are required to train and periodically update ITS employees who are involved in, or support systems involved in, the creation, transmission, or storage of electronic protected health information (ePHI), also known as HIPAA data. Currently this includes individuals who support the following units on campus or have access to their data, servers, workstations, backups, transmissions, logs, test/dev/bug systems, etc.: Benefits Office, Health Center, Fire Department, ITS Data Center, and AIS.

The ITS HIPAA training includes the five components listed below. Supervisors are responsible for ensuring and documenting that employees receive and complete appropriate HIPAA training. Since items #1-4 are self-paced, supervisors or employees must inform me of their completion (a single email is sufficient). ITS will schedule periodic in-person trainings to meet requirement #5, below. Supervisors must ensure that employees who are required to perform HIPAA-related job duties before they are able to attend an in-person training have completed the other listed requirements. Please note that some units/departments may require that ITS employees complete additional local training prior to accessing their systems or data.

1. Required: UCSC Internal Audit’s online HIPAA Security Rule Overview.
   Description: This online training provides general information for all employees who have responsibilities relating to HIPAA data. There is a certificate to print out at the end, though email verification of completion is also acceptable.


2. Required: Review HIPAA Security Rule Policies and Procedures: ITS Staff & Campus-Level Implementation*.
   Description: This is the current set of ITS-specific policies and procedures for HIPAA Security Rule compliance. It is available for download to all HIPAA supervisors and identified ITS staff on the ITS collab tool (link above*) . Employees are to review this document and work with their supervisor or contact me (info below) to address any questions. Supervisors must verify that employees have completed this requirement.
   
   * Your @ucsc.edu email username and password is required to log into collab. If the above link doesn't work, please go to https://collab.ucsc.edu/ and log in. Once you are logged in, click "ITS Group Spaces" in the left nav bar, then select "ITS HIPAA Documentation". From there, the path to this document is "Documents" --> "ITS HIPAA Policy and Procedure Manual" --> "HIPAA Security Rule Policies and Procedures".


3. Required: Read and sign the University Administrative Information System Access to Information Statement
   Submit the signed form to your supervisor. If you already read and signed this when you were hired, you don't need to do it again. If you're not sure, do it again just to be safe. Copies of signed forms are to be sent to the Accounts Team in the ITS Support Center. The supervisor may also retain a copy.


4. Also recommended for reference:
   • UCSC Password Strength and Security Standards (referenced in the above Policies and Procedures document. 
   • The complete set of practices for HIPAA Security Rule compliance: This 17-page document lists UCSC practices for compliance with each of the 42 HIPAA requirements. For HIPAA training purposes, this document would be in the "skim-through-and-focus-on-what's-relevant-or-interesting-to-you" category.


5. Required: Attend a scheduled in-person HIPAA training at the earliest opportunity.

Please contact me with any questions, concerns, or requests for materials regarding HIPAA training or HIPAA Security Rule compliance.

Thank you,
Julie Goldstein
ITS Service Manager for Community and Compliance
julieg@ucsc.edu; 459-2779

Rev. 4/17/09