I had to drive down to Indiana this week to do work for a new client. I’d tell you who they are and what they do, but it might violate the security agreement we have with them. Sitting through seven hours of security tests and HIPAA regulations has made me a bit more paranoid about these sorts of things.
I was placed in a training room with a PC and a set of headphones. It was all done via eLearning. There were a number of presentations to go through. We covered all aspects of HIPAA and how to protect patient medical information. I found a lot of it to be basically common sense: don’t leave confidential information lying around, don’t install software without approval from the IT department, etc. There were a number of simulations where photographs of stern medical personnel questioned me on various aspects of regulations and I had to select the best answer. If I did, their stern expressions gradually lightened up and they were smiling by the end. I had convinced them this was all for the best.
Ironically, security was so tight at the company that after going through the presentations and simulations, I didn’t have rights to actually take the test! The machine popped up an error: I needed to download a version of Flash to continue. I thought it might be a test in itself. I didn’t dare download the Flash player. I carefully locked the PC before asking for help from the HR person. A little while later when Help Desk wanted to log into the machine remotely, I held off until I got official approval.
“You take this stuff seriously!” she said. I do indeed. And I don’t think it’s a breach of security to say I passed the tests on the first try.