Computer Use/Electronic Information: Difference between revisions

Reviewed Date: '''08/20/13'''<br /><br />

NOTE:   If an individual is a volunteer, please refer to UNMC Policy No. 6053, [[Volunteer]].<br />

Remote access to systems which contain confidential information will be accomplished through a strong authentication method with the appropriate approval processes. (See ITS Security Procedure: Workforce Member Remote Access). Individuals requiring remote access to UNMC’s e mail system will purchase an internet service provider and utilize the web based e mail product.<br />

It is the responsibility of the workforce to utilize the information technology resources in an appropriate manner. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality in order to protect the integrity of all data and of the interests of the entity.<br />

UNMC’s information technology resources are to be used predominately for completing UNMC work related business. Misuse of University information systems is prohibited. Misuse includes the following (see Executive Memorandum No. 16, [http://nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Policy for Responsible Use of Information Resources])

#Using electronic communications to harass or threaten users in such a way as to create an atmosphere which unreasonably interferes with the education or the employment experience. Similarly, electronic communications shall not be used to harass or threaten other information recipients, in addition to University users.

#E-mail which includes obscene material, threats or material that could be considered harassment  

ITS or other personnel must take immediate action to mitigate any threats that have the potential to pose a serious risk to campus information system resources. If the threat is deemed serious enough, the system(s) or individual posing the threat will be blocked from network access. Communication with department leadership regarding such action will take place as soon as possible. The block will be removed as soon as the threat has been repaired. (See UNMC ITS Security Procedure: Information Security Incident Reporting and Response)

UNMC maintains strict compliance with the Digital Millennium Copyright Act of 1998 and applicable amendments. It should be noted that traditionally a user purchases a software “license,” which is a right to use. Many times the licenses can only be loaded on one machine.   Violating any software license or copyright is in violation of university policy.   

E-mail attachments and files transfer utilizing instant messaging capabilities represent a significant risk to the organization. Many computer viruses are distributed through e-mail attachments or files received via instant messaging. Users should be careful about opening e-mail attachments or accepting file transfers via instant messaging.  

Electronic mail sent externally by UNMC personnel for the primary purpose of promoting UNMC’s “commercial” products or services must comply with the [http://www.unmc.edu/its/docs/security_SpamCompliance.pdf ITS Security Procedure: Controlling the Distribution of Non-Solicited Marketing Email]. Examples of such products or services include publications and membership solicitations. <br />

The Act is applicable only to e-mail that constitutes a commercial advertisement or promotion of a commercial product or service. The Act is not applicable to commercial e-mail in general, to e-mail advertising or promoting “activity” or to e-mail simply because the e-mail references or solicits funds. Further, it is not applicable to e-mail messages sent to provide information about UNMC’s undergraduate, graduate, or professional degree-granting programs. Some programs not a part of the regular campus curriculum might be considered commercial “services” depending upon the facts. Advice from the Compliance Officer should be sought about such programs.

Sending out mass distribution e-mails containing event and/or general announcement type information is discouraged. If you have an event to publicize or an announcement to deliver to a large group of people, the best way to do this is through UNMC Today, the campus electronic newsletter. Contact Public Relations for additional information.<br />

Patient information including demographic and medical data contained in, or obtained from any UNMC information system is confidential data. Individual access to this data may be audited in order to ensure compliance with federal and state law and [[Policies and Procedures|UNMC Policies and Procedures]].  

UNMC ITS is responsible for implementing and monitoring a consistent data security program. System administrators are responsible for operation and maintenance of information processing services. The system administrator and information custodians are responsible for implementing the security policy and standards within their applications.  

All members of the workforce will be trained in information security awareness. Periodic reminders regarding information security awareness and current threats will be communicated to the workforce.

Members of the workforce will have a need to transmit confidential information by facsimile rather than by a slower method, such as mail. It is easy to misdirect faxes to unauthorized recipients, faxes could be intercepted or lost in transmission. Thus, the potential for breach of confidentiality exists every time someone utilizes faxing. Therefore, all faxing must be done in accordance with the faxing policy (See UNMC Policy No. 6065, [[Fax Transmissions|Facsimile Transmissions]]).

(Source: Computer Crime by Ronald B. Stander, Copyright 1999, 2002, [http://www.rbs2.com www.rbs2.com])<br />

'''Information''' is data presented in readily comprehensible form. (Whether a specific message is informative or not depends in part on the subjective perceptions of the person who receives it.) Information may be stored or transmitted via electronic media on paper or other tangible media, or be known by individuals or groups. Information generated in the course of University operations is a valuable asset of the University and property of the University.<br />

'''Information custodians''' are people responsible for specifying the security properties associated with the information systems their organization possesses. This includes the categories of information that users are allowed to read and update. The information custodian is also responsible for classifying data and participating in ensuring the technical and procedural mechanisms implemented are sufficient to secure the data based upon a risk analysis that considers the probability of compromise and its potential business impact.<br />

'''Information Technology Support Personnel''' are the individuals who as a function of their job provides IT support. This includes ITS support staff, departmental system administrators and IT support staff within the units.<br />

'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records, and student records. (See UNMC Policy No. 6045, [[Privacy/Confidentiality|Privacy, Confidentiality and Information Security]] for more detailed information.)<br />

'''Protected Health Information (PHI)'''is individually identifiable health information. Health information means any information, whether oral or recorded in any medium, that:

'''Shared file''' is a collection of electronic PHI maintain on personal or departmental computers. This would include spreadsheets, databases, correspondence, quality improvement and research data files.<br />

'''Strong authentication method''' is a layer of security which requires a token or biometric authentication. This represents two factor authentication involving something you know (i.e. user id) and something you have (i.e., Secured card).<br />