All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, APS-6005. The policy states:

Ordinarily, Highly Confidential informationshall not be stored on workstations and mobile computing devices (laptops, flash drives, backup disks, etc.) unless specifically justified for business purposes and adequately secured. If Highly Confidential informationis stored on a workstation or mobile computing device or transmitted to an external network or organization, IT resource usersshall encrypt or adequately protect that information from disclosure. If Confidential information is stored on a workstation or mobile computing device or transmitted to an external network or organization, IT resource users shall adequately protect that information from disclosure. In addition to encryption, adequate protections may include the use of passwords, automatic logoffs, and secure Internet transmissions.

The most secure SEHD data are subject to the UCD Workforce HIPPA policy. The policy states

Computer workstations accessing ePHI must maintain security configurations that restrict access to ePHI to only those workforce members that have been legitimately granted access. Recommended security configurations include, but are not limited to:

• enabling a password protected screen saver;
• setting computers or applications to automatically terminate a computing session after a set period of idle time;
• the use of campus standard anti-virus products; and
• applying security patches to computer software applications and operating systems

Any individual that will report any known security related events as outlined in University of Colorado's IT Security Program policy related to the SEHD Secure Data Server or users of the data server to SEHDHelp@ucdenver.edu, OIT-RSS-Systems@ucdenver.edu, and oit-servicedesk@ucdenver.edu.