New User Request Forms

New User Request Form https://www.med.unc.edu/surgery/aboutus/admin/it-support/new-user-request-form

 


Compliance

Data "Ownership", your data belongs to you. It is your responsibility to ensure that our data is safe and backed up. The easiest way is to store it on the Surgery server or on an encrypted device.

Desktop Security

A) Save ALL work files to Surgery server (J: or R: drive)

B) Screen Saver - enforced by group policy, 15 minutes

C) Password compromise policy: disable account, require renewal of HIPAA training, more disciplinary action possible

Laptop Security

A) Encryption required if hosting PHI or other sensitive data

B) Off campus use agreement (off campus machine meets Security Requirements)

Smartphone Security

A) Power-on password required

B) Minimum of five characters

C) Device reset upon five unsuccessful login attempts

D) Hard reset upon disposal

E) In event of loss, the onyen password must be reset. If there is sensitive data on it, notify campus security immediately.

Secure E-mail Transmission

A) Outlook client on desktop (secure) Subject is sending to external address

B) Web client - https://outlook.unc.edu

C) Smartphone - SSL (transmission vs. at rest)

USB Memory Sticks

lockable, encryptable device required for PHI/sensitive data

Data sharing sites/Third party apps, e.g., Dropbox/Dragon Dictate should not be used for storing PHI

Electronic Media Disposal

contact your division manager for steps

 


 

HHS.gov breaches and Resources Regarding HIPAA: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html