All OSU employees will have appropriate security awareness training as required by HIPAA guidelines.

Refer to policy CIC-1-28.01

1. As part of new employee training all new staff shall receive training in HIPAA security.



2. Training is delivered in both print and electronic media.



3. Covered topics shall include but not be limited to:
   
   1. Password policies
   2. Facility security
   3. HIPAA requirements including sanctions and mitigation
   4. Reporting of security breaches or suspected security breaches
   5. Steps to avoid malware and viruses
   6. Appropriate use guidelines
   7. Other policies and procedures that contribute to security of ePHI
   
   
   
4. All employees will be required to participate in security training annually. These records will be maintained with the records of other mandatory training for SWC and UHS employees.



5. Failure to participate in security training as directed by policy will result in disciplinary action sufficient to resolve the training deficiency. An employee who is required to have access to PHI in any form that is deficient in security training will not be allowed to work.