Differences

This shows you the differences between two versions of the page.

--- policy:data_privacy:workstation_security [2019/06/06 16:57] – [University of Colorado Denver HIPPA Policy] tonyromero
+++ policy:data_privacy:workstation_security [2019/06/13 17:26] (current) – tonyromero
@@ Line 7: / Line 7: @@
 All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. The policy states:
-> Ordinarily, Highly Confidential informationshall not be stored on workstations and mobile computing devices (laptops, flash drives, backup disks, etc.) unless specifically justified for business purposes and adequately secured. If Highly Confidential informationis stored on a workstation or mobile computing device or transmitted to an external network or organization, IT resource usersshall encrypt or adequately protect that information from disclosure. If Confidential information is stored on a workstation or mobile computing device or transmitted to an external network or organization, IT resource users shall adequately protect that information from disclosure. In addition to encryption, adequate protections may include the use of passwords, automatic logoffs, and secure Internet transmissions.
+> Ordinarily, Highly Confidential information shall not be stored on workstations and mobile computing devices (laptops, flash drives, backup disks, etc.) unless specifically justified for business purposes and adequately secured. If Highly Confidential information is stored on a workstation or mobile computing device or transmitted to an external network or organization, IT resource users shall encrypt or adequately protect that information from disclosure. If Confidential information is stored on a workstation or mobile computing device or transmitted to an external network or organization, IT resource users shall adequately protect that information from disclosure. In addition to encryption, adequate protections may include the use of passwords, automatic logoffs, and secure Internet transmissions.
 ==== University of Colorado Denver HIPPA Policy ====
@@ Line 20: / Line 20: @@
   * applying security patches to computer software applications and operating systems
+> UCD ITS will disconnect workstations from the network that pose a threat to UCD information systems due to a suspected policy violation, workstation intrusions, virus infestations, and other conditions which might jeopardize UCD information or work.
-==== SEHD Secure Data Server Reporting ====
+> Workstations storing ePHI or that may be used to access ePHI must be located in areas with controlled access. An electronic audit trail of access must be maintained. It is the responsibility of unit administrators to establish and enforce a facility security plan to ensure access to workstations under their jurisdiction is restricted to authorized users.
-Any individual that will report any known security related events as outlined in University of Colorado's IT Security Program policy related to the SEHD Secure Data Server or users of the data server to SEHDHelp@ucdenver.edu, OIT-RSS-Systems@ucdenver.edu, and oit-servicedesk@ucdenver.edu.
+==== SEHD Secure Data Server ====
+Any workstation that has access to the SEHD Secure Data Server must meet the requirements of the UCD HIPPA Policy.