All data and information resources of the SEHD are subject to University of Colorado's IT Secuirty Program policy, APS-6005. Within the policy it describes the requirement of minimum necessary access to data:

Although students, faculty, and staff require access to University information resources for academic and business purposes, this access must be limited to what is needed for his/her work. Use of resources beyond that which is authorized results in unnecessary risks to University information with no corresponding academic or business value.

As applicable, the most secure SEHD data are subject to the UCD Workforce HIPPA policy 9.4. The policy descirbes what must be included in a unit's access control procedures.

The UCD Information Technology Services Department (ITS) offers central disk storage and backup services which many departments and units use for maintaining their data. While central ITS systems meet the HIPAA physical security and contingency planning requirements, departments and units must still take care to address controls for workstation security, account management, and controlling access to ePHI they create or house.