Health and Human Services Enterprise Information Technology Security Training Resource Guide

Supports and promote social activities and team building activities for eHealth There is available fund for training and support on effective use of eHealth Performance

NIST Computer Security Resource Ctr – csrc.nist.gov HHS Health Information Privacy - ww.hhs.gov/ocr/privacy State Data Breach Laws – www.ncsl.org. FTC Privacy Actions

Policy/Requirements Traceability: Policy for Information Systems Security and Privacy (as amended), HHS-OCIO-2011-0003, Section 5.12; FISMA; HHS Memorandum Role-Based Training

This class has nine control families: Awareness Training (AT), Configuration Management (CM), Contingency Planning (CP), Incident Response (IR), Maintenance (MA), Media

Data Classification provides a framework for managing data assets based on value and associated risks and for applying the appropriate levels of protection as required by state

o Developed by he Office of the National Coordinator for Health Information Technology (ONC) with the HHS Office for Civil Rights (OCR) and the HHS Office of the General

– HHS has determined that “compromises the security or privacy of the protected health information” means that the breach poses a “significant risk of financial, reputation,

Department of Health and Human Services (HHS), a state may choose to establish its own exchange, work with HHS to operate a hybrid exchange (often called a “partnership” exchange