Computer Use/Electronic Information: Difference between revisions
Mhurlocker (talk | contribs) m →Policy |
Mhurlocker (talk | contribs) No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 30: | Line 30: | ||
Policy No.: '''6051'''<br /> | Policy No.: '''6051'''<br /> | ||
Effective Date: '''04/25/07'''<br /> | Effective Date: '''04/25/07'''<br /> | ||
Revised Date: ''' | Revised Date: '''04/24/25'''<br /> | ||
Reviewed Date: ''' | Reviewed Date: '''04/24/25'''<br /><br /> | ||
<big>'''Computer Use and Electronic Information Security Policy'''</big> | <big>'''Computer Use and Electronic Information Security Policy'''</big> | ||
== Introduction == | == Introduction == | ||
| Line 38: | Line 38: | ||
The University of Nebraska has issued Executive Memorandum No. 16, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-for-responsible-use-of-university-computers-and-information-systems.pdf Policy for Responsible Use of University Computers and Information Systems], which sets forth the University’s administrative policy and provides guidance relating to the responsible use of the University’s electronic information systems. It is the intent of this policy to confirm campus adherence to Executive Memorandum 16.<br /><br />Information technology resources are owned by UNMC and are intended for use in completing UNMC’s mission. Their use is governed by Executive Memorandum No. 16, all applicable [[Policies_and_Procedures|UNMC policies]], including sexual harassment, patent and copyright, patient and student confidentiality, and student and employee disciplinary policies, as well as by applicable federal, state and local laws. | The University of Nebraska has issued Executive Memorandum No. 16, [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-for-responsible-use-of-university-computers-and-information-systems.pdf Policy for Responsible Use of University Computers and Information Systems], which sets forth the University’s administrative policy and provides guidance relating to the responsible use of the University’s electronic information systems. It is the intent of this policy to confirm campus adherence to Executive Memorandum 16.<br /><br />Information technology resources are owned by UNMC and are intended for use in completing UNMC’s mission. Their use is governed by Executive Memorandum No. 16, all applicable [[Policies_and_Procedures|UNMC policies]], including sexual harassment, patent and copyright, patient and student confidentiality, and student and employee disciplinary policies, as well as by applicable federal, state and local laws. | ||
== Policy == | == Policy == | ||
It is the responsibility of the workforce to utilize the information technology resources in an appropriate manner. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality to protect the integrity of all data and the business interests of the entity. | It is the responsibility of the workforce to utilize the information technology resources in an appropriate manner. Users of Information Technology Resources must procure information systems through standard approved channels to ensure compliance with organizational policies and standards. To be fiscally responsible, users should utilize one system when applicable to avoid unnecessary costs and streamline operations. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality to protect the integrity of all data and the business interests of the entity. | ||
It is the responsibility of the workforce to protect all confidential and proprietary information at all times including but not limited to when stored electronically (at rest) and when the data is being transferred outside of the facility such as on a mobile device, external storage or cloud system storage. (See End User Device Security Policy). | It is the responsibility of the workforce to protect all confidential and proprietary information at all times including but not limited to when stored electronically (at rest) and when the data is being transferred outside of the facility such as on a mobile device, external storage or cloud system storage. (See End User Device Security Policy). | ||
| Line 178: | Line 178: | ||
'''Confidential information''' includes proprietary information and protected health information (PHI). | '''Confidential information''' includes proprietary information and protected health information (PHI). | ||
'''Proprietary information''' refers to information regarding business practices, including but not limited to, financial statements, contracts, business plans, research data, employee records, and meeting minutes. | |||
'''Protected Health Information (PHI)''' is individually identifiable health information. Health information means any information whether oral or recorded in any medium. | |||
'''Information security''' is defined as the ability to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction or loss. | |||
'''Workforce''' refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct, in the performance of work for Nebraska Medicine or UNMC, is under the direct control of Nebraska Medicine or UNMC, whether or not they are paid by Nebraska Medicine or UNMC. | |||
'''Shared accounts''' (i.e. Generic or general accounts) allow multiple users to logon to the information technology resources using the same ID and password. | |||
'''Personal accounts''' allow an individual user to logon to specific applications or systems using personal or unique ID and password. | |||
'''Strong authentication''' method is a layer of security which requires a token or biometric authentication. This represents two factor authentication involving something you know (i.e. user id) and something you have (i.e. grid card). | |||
'''Information system''' is an interconnected set of informational resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. | |||
'''Shared file''' is a collection of electronic PHI maintained on any medium that will store digital data (i.e. computers, PDA's, memory sticks, iPods, laptops, mobile wireless devices, etc.) | |||
==Additional information== | ==Additional information== | ||
| Line 197: | Line 215: | ||
*[http://www.copyright.gov/ U.S. Copyright Office - General Guidelines About Copyright Law] | *[http://www.copyright.gov/ U.S. Copyright Office - General Guidelines About Copyright Law] | ||
This page maintained by [mailto: | This page maintained by [mailto:mhurlocker@unmc.edu mh]. | ||