Differences

This shows you the differences between two versions of the page.

--- minimum_required_data_policy [2019/03/27 18:59] – tonyromero
+++ minimum_required_data_policy [2019/03/28 16:21] (current) – removed tonyromero
@@ Line 1: / Line 1: @@
-===== Data Privacy Policies =====
-  -  [[:privacy_and_security_policies_and_procedures|Privacy and Security Policies and Procedures]]
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]]
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Identification of a Privacy and Security Board and Officer|]] Server/OIT
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Management Oversight of Privacy and Security Programs|]] Server/OIT
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Sanctions for Violations of Policies and Procedures|]] User/SEHD Server/OIT
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]]
-  - [[Reporting Potential Problems in Privacy and Security|]] User/SEHD Server/OIT
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]]
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Incident Response and Incident Response Mitigation|]] User/SEHD Server/OIT-same as #5
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-      - See attached Incident Response Process Flow Diagram for unit/department responsibility.
-  - [[Privacy and Security Training|]] User/SEHD
-  - [[Access Control, Minimum Necessary Access and Verification for Access to Data|]] User/SEHD Database Server/OIT
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]]
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-      - APS-6001 [[https://www.cu.edu/ope/aps/6001|https://www.cu.edu/ope/aps/6001]]
-  - [[Password Management|]] User/SEHD Database Server/OIT – complying with university policy
-      - University Password Policy [[http://www.ucdenver.edu/faculty_staff/employees/policies/Policies Library/Admin/fp5-13.pdf|http://www.ucdenver.edu/faculty_staff/employees/policies/Policies%20Library/Admin/fp5-13.pdf]]
-  - [[Transmitting Sensitive Information Securely including Faxing and Email|]] User/SEHD—duplicative with #1
-      - Email and Webmail Stay Secure [[https://www1.ucdenver.edu/offices/office-of-information-technology/software/how-do-i-use/email-and-webmail|https://www1.ucdenver.edu/offices/office-of-information-technology/software/how-do-i-use/email-and-webmail]]
-      - HIPAA Policy 7.1 Safeguards [[https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6|https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6]]
-  - [[Log-in Monitoring|]] Database Server/OIT
-      - Needs to be implemented and documented
-      - OIT has an internal standard for logging, monitoring and auditing that applies to all servers managed by CU Denver OIT.
-      - HIPAA Policy 9.3 Auditing [[http://www.ucdenver.edu/research/Research Administration Documents/9.3 Auditing.pdf|http://www.ucdenver.edu/research/Research%20Administration%20Documents/9.3%20Auditing.pdf]]
-  - [[Workstation Security Configuration|]] User/SEHD, Server/OIT – duplicative with #1
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]]
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Device and Media Control Database|]] Server/OIT – duplicative with #1
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]]
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Securing Materials with Data|]] User/SEHD-duplicative with #1
-      - Security and Compliance Hard Drive Disposal [[https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6|https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6]]
-  - [[Encryption|]] Database Server/OIT
-      - Encrypt Your Laptop Guidance [[https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/encryption|https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/encryption]]
-      - Guide to Secure Devices [[https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/guide-to-secure-devices|https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/guide-to-secure-devices]]
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]]
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Authorizations for Personal Health Information|]], if applicable User/SEHD –NA
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Permitted Uses and Disclosures of PHI|]], if applicable User/SEHD—NA
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[HIPAA Status|]], if applicable Server/OIT
-      - UC Denver’s File servers are HIPAA compliant.
-      - Units/Departments can request assistance from the RAC team on the security of data usage. [[https://www1.ucdenver.edu/offices/office-of-information-technology/services/security-and-compliance|https://www1.ucdenver.edu/offices/office-of-information-technology/services/security-and-compliance]]
-  - Business Associate Status, if applicable
-      - NA
-  - [[Designating Sensitive Information|]] User/SEHD – may be duplicative
-      - University Data Classifications and Impact [[https://www.cu.edu/ois/data-classifications-impact|https://www.cu.edu/ois/data-classifications-impact]]
-  - [[Risk Assessments and Management|]] User/SEHD – duplicative
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
-  - [[Change Control Procedures|]] User/SEHD – user access/retiring users
-      - OIT is also working on a process flow diagram to guide units/departments on their role in this process and how the OIT CAB process fits into the process.
-  - [[Audit and Evaluation Procedures|]] User/SEHD Server/OIT – designated liaison and form for auditors
-      - Units/Departments can request assistance from the RAC team on the security of data usage, but we are not auditors, nor do we have a specific form.
-Sample Local Education Agency Policy Links: [[http://www.cde.state.co.us/dataprivacyandsecurity/sampleitpolicies|http://www.cde.state.co.us/dataprivacyandsecurity/sampleitpolicies]]