====== Reporting Potential Problems in Privacy and Security ======

===== Applicable University of Colorado Denver Policies =====

==== University of Colorado IT Security Program Policy ====

All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. The policy states that all University IT users must:

> IT resource users shall report security related events; known or suspected violations of IT security policy; and inappropriate, unethical, and illegal activities involving University IT resources. Users shall follow the reporting process applicable to their campus. If unsure of the local incident reporting process, users shall call the appropriate IT service center or help desk.

==== University of Colorado Denver HIPPA Policy ====

The most secure SEHD data are subject to the [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|UCD HIPPA policy]].

If there is a suspected violation email [[HIPAA@UCDenver.edu​|HIPAA@UCDenver.edu]]​ as soon as possible and please download and fill out [[http://www.ucdenver.edu/research/Research Administration Documents/HIPAA Privacy Incident Notice.doc|this form]] and return it to [[HIPAA@UCDenver.edu​|HIPAA@UCDenver.edu]].


==== SEHD Secure Data Server Reporting ====

Any individual that will report any known security related events as outlined in University of Colorado's IT Security Program policy related to the SEHD Secure Data Server or users of the data server to SEHDHelp@ucdenver.edu, OIT-RSS-Systems@ucdenver.edu, and oit-servicedesk@ucdenver.edu.