Standard Guide for Training of Persons Who Have Access to Health Information
|Publication Date:||10 October 1998|
|ICS Code (Medical sciences and health care facilities in general):||11.020|
|ICS Code (Law. Administration):||03.160|
1.1 This guide addresses the privacy, confidentiality, and security training of employees, agents and contractors who have access to health information. This access shall be authorized and required to meet job responsibilities. Training is essential to developing an understanding about, and sensitivity for, individually identifiable health information. Anyone in a setting that collects, maintains, transmits, stores or uses health information, or provides health services, or a combination thereof, shall provide privacy, confidentiality, and security awareness training to all staff and business partners. Training shall be based on job responsibilities.
1.2 This guide applies to all individuals, groups, organizations, data-users, data-managers, and public and private firms, companies, agencies, departments, bureaus, service-providers and similar entities that collect individual, group and organizational data related to health care. Any organization which handles or stores individually identifiable health information has the obligation to educate eemployees, agents, contractors, and volunteers and others with whom they have business relationships regarding the privacy, confidentiality, and security principles and policies and procedures of the organization.
1.3 ASTM Committee E-31 gratefully acknowledges the contribution of the Computer-Based Patient Record Institute (CPRI) in providing the document, Guidelines for Information Security Education Programs at Organizations Using Computer-based Patient Records, to serve as the basis of this guide.