2,654
edits
Computer Use/Electronic Information: Difference between revisions
Jump to navigation
Jump to search
Computer Use/Electronic Information (view source)
Revision as of 14:09, September 21, 2017
, September 21, 2017no edit summary
No edit summary |
|||
| (6 intermediate revisions by one other user not shown) | |||
| Line 23: | Line 23: | ||
</table> | </table> | ||
<br /> | <br /> | ||
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]] | ||
<br /><br /> | <br /><br /> | ||
Policy No.: '''6051'''<br /> | Policy No.: '''6051'''<br /> | ||
Effective Date: '''04/25/07'''<br /> | Effective Date: '''04/25/07'''<br /> | ||
Revised Date: '''08/20/13'''<br /> | Revised Date: '''08/20/13'''<br /> | ||
Reviewed Date: ''' | Reviewed Date: '''09/19/17'''<br /><br /> | ||
<big>'''Computer Use and Electronic Information Security Policy'''</big> | <big>'''Computer Use and Electronic Information Security Policy'''</big> | ||
== Introduction == | == Introduction == | ||
| Line 85: | Line 85: | ||
Users are responsible and accountable for access under their personal accounts. No one should use the ID or password of another, nor should anyone provide his or her ID or password to another, except in the cases necessary to facilitate computer maintenance and repairs. Your password should only be given to Information Technology Support Personnel upon presentation of identification. If your password is shared with Information Technology Support Personnel, where technically feasible the password should be flagged, necessitating that it be changed the next time the user logs on.<br /> | Users are responsible and accountable for access under their personal accounts. No one should use the ID or password of another, nor should anyone provide his or her ID or password to another, except in the cases necessary to facilitate computer maintenance and repairs. Your password should only be given to Information Technology Support Personnel upon presentation of identification. If your password is shared with Information Technology Support Personnel, where technically feasible the password should be flagged, necessitating that it be changed the next time the user logs on.<br /> | ||
<br /> | <br /> | ||
A strong password is the “first defense” against an information security attack upon the UNMC network. It is imperative that all users select a strong password. (See [ | A strong password is the “first defense” against an information security attack upon the UNMC network. It is imperative that all users select a strong password. (See [https://info.unmc.edu/its-security/policies/procedures/passwords.html ITS Security Procedure: Password Security]).<br /> | ||
<br /> | <br /> | ||
Access to electronic mail, voice mail, administrative, student and patient care information systems will be obtained through the appropriate authorization process. (See [ | Access to electronic mail, voice mail, administrative, student and patient care information systems will be obtained through the appropriate authorization process. (See [https://info.unmc.edu/its-security/policies/procedures/access-control.html ITS Security Procedure: Access Control to IT Resources]). Unauthorized access to information systems is prohibited. Users must not attempt to gain access to information or systems for which they are not granted access. <br /> | ||
<br /> | <br /> | ||
Remote access to systems which contain confidential information will be accomplished through a strong authentication method with the appropriate approval processes. (See ITS Security Procedure: Workforce Member Remote Access). Individuals requiring remote access to UNMC’s e mail system will purchase an internet service provider and utilize the web based e mail product.<br /> | Remote access to systems which contain confidential information will be accomplished through a strong authentication method with the appropriate approval processes. (See ITS Security Procedure: Workforce Member Remote Access). Individuals requiring remote access to UNMC’s e mail system will purchase an internet service provider and utilize the web based e mail product.<br /> | ||
| Line 96: | Line 96: | ||
It is the responsibility of the workforce to utilize the information technology resources in an appropriate manner. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality in order to protect the integrity of all data and of the interests of the entity.<br /> | It is the responsibility of the workforce to utilize the information technology resources in an appropriate manner. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality in order to protect the integrity of all data and of the interests of the entity.<br /> | ||
<br /> | <br /> | ||
It is the responsibility of the workforce to protect confidential information at all times including but not limited to when stored electronically (at rest) and when the data is being transferred outside of the facility such as on a mobile device or a diskette (See [ | It is the responsibility of the workforce to protect confidential information at all times including but not limited to when stored electronically (at rest) and when the data is being transferred outside of the facility such as on a mobile device or a diskette (See [https://info.unmc.edu/its-security/policies/procedures/enduser.html ITS Security Procedure: End User Device]).<br />UNMC’s information technology resources are to be used predominately for completing UNMC work related business. Misuse of University information systems is prohibited. Misuse includes the following (see Executive Memorandum No. 16, [http://nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Policy for Responsible Use of Information Resources]) | ||
<br /> | <br /> | ||
#Attempting to modify or remove computer equipment, software, or peripherals without proper authorization. | #Attempting to modify or remove computer equipment, software, or peripherals without proper authorization. | ||
#Accessing without proper authorization computers, software, information or networks which the University belongs, regardless of whether the resource accessed is owned by the University or the abuse takes place from a non-University site. | #Accessing without proper authorization computers, software, information or networks which the University belongs, regardless of whether the resource accessed is owned by the University or the abuse takes place from a non-University site. | ||
| Line 123: | Line 123: | ||
Persons using UNMC's information technology facilities and services bear the primary responsibility for the material they choose to access, send or display. It is a violation to access and view materials which would create the existence of a sexually hostile working, patient care, or educational environment.<br /> | Persons using UNMC's information technology facilities and services bear the primary responsibility for the material they choose to access, send or display. It is a violation to access and view materials which would create the existence of a sexually hostile working, patient care, or educational environment.<br /> | ||
<br /> | <br /> | ||
It is the workforce‘s responsibility to notify ITS when an information security incident appears to have happened. (See [ | It is the workforce‘s responsibility to notify ITS when an information security incident appears to have happened. (See [https://info.unmc.edu/its-security/policies/procedures/incident-reporting.html ITS Security Procedure: Information Security Incident Reporting and Response]). A security incident includes, but is not limited to the following events, regardless of platform or computer environment: | ||
#Evidence of tampering with data | #Evidence of tampering with data | ||
#System is overloaded to the point that no activity can be performed (Denial of service attack on the network) | #System is overloaded to the point that no activity can be performed (Denial of service attack on the network) | ||
| Line 151: | Line 151: | ||
E-mail attachments and files transfer utilizing instant messaging capabilities represent a significant risk to the organization. Many computer viruses are distributed through e-mail attachments or files received via instant messaging. Users should be careful about opening e-mail attachments or accepting file transfers via instant messaging. | E-mail attachments and files transfer utilizing instant messaging capabilities represent a significant risk to the organization. Many computer viruses are distributed through e-mail attachments or files received via instant messaging. Users should be careful about opening e-mail attachments or accepting file transfers via instant messaging. | ||
===Controlling the Distribution of Non-Solicited Marketing E-mail=== | ===Controlling the Distribution of Non-Solicited Marketing E-mail=== | ||
Electronic mail sent externally by UNMC personnel for the primary purpose of promoting UNMC’s “commercial” products or services must comply with the [ | Electronic mail sent externally by UNMC personnel for the primary purpose of promoting UNMC’s “commercial” products or services must comply with the [https://info.unmc.edu/its-security/policies/procedures/spam-compliants.html ITS Security Procedure: Controlling the Distribution of Non-Solicited Marketing Email]. Examples of such products or services include publications and membership solicitations. <br /> | ||
<br /> | <br /> | ||
The Act is applicable only to e-mail that constitutes a commercial advertisement or promotion of a commercial product or service. The Act is not applicable to commercial e-mail in general, to e-mail advertising or promoting “activity” or to e-mail simply because the e-mail references or solicits funds. Further, it is not applicable to e-mail messages sent to provide information about UNMC’s undergraduate, graduate, or professional degree-granting programs. Some programs not a part of the regular campus curriculum might be considered commercial “services” depending upon the facts. Advice from the Compliance Officer should be sought about such programs. | The Act is applicable only to e-mail that constitutes a commercial advertisement or promotion of a commercial product or service. The Act is not applicable to commercial e-mail in general, to e-mail advertising or promoting “activity” or to e-mail simply because the e-mail references or solicits funds. Further, it is not applicable to e-mail messages sent to provide information about UNMC’s undergraduate, graduate, or professional degree-granting programs. Some programs not a part of the regular campus curriculum might be considered commercial “services” depending upon the facts. Advice from the Compliance Officer should be sought about such programs. | ||
| Line 161: | Line 161: | ||
*Deliver goods or services, including upgrades or updates, which the recipient has previously requested or ordered from the sender.<br /> | *Deliver goods or services, including upgrades or updates, which the recipient has previously requested or ordered from the sender.<br /> | ||
<br /> | <br /> | ||
For more information, see [ | For more information, see [https://info.unmc.edu/its-security/policies/procedures/spam-compliants.html ITS Security Procedure: Controlling the Distribution of Non-Solicited Marketing Email]. | ||
===Campus-wide e-mail announcements=== | ===Campus-wide e-mail announcements=== | ||
| Line 250: | Line 250: | ||
Reference: [http://www.ucop.edu/information-technology-services/ University of CA Guidelines], January 28, 2004 | Reference: [http://www.ucop.edu/information-technology-services/ University of CA Guidelines], January 28, 2004 | ||
==Additional information== | ==Additional information== | ||
*[ | *[https://info.unmc.edu/its-security/index.html Information Technology Services] | ||
*Executive Memorandum No. 16, [http://nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Policy for Responsible Use of Information Resources] | *Executive Memorandum No. 16, [http://nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Policy for Responsible Use of Information Resources] | ||
*Executive Memorandum No. 26, [http://nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Information Security Plan] | *Executive Memorandum No. 26, [http://nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Information Security Plan] | ||
| Line 260: | Line 260: | ||
*UNMC Policy No. 6057, [[Protected Health Information (PHI)|Use and Disclosure of Protected Health Information]] | *UNMC Policy No. 6057, [[Protected Health Information (PHI)|Use and Disclosure of Protected Health Information]] | ||
*UNMC Policy No. 6065, [[Fax Transmissions|Facsimile Transmissions]] | *UNMC Policy No. 6065, [[Fax Transmissions|Facsimile Transmissions]] | ||
*[ | *[https://info.unmc.edu/its-security/policies/procedures/index.html UNMC Information Security Procedures] | ||
*[http://www.copyright.gov/legislation/dmca.pdf The Digital Millennium Copyright Act of 1998] | *[http://www.copyright.gov/legislation/dmca.pdf The Digital Millennium Copyright Act of 1998] | ||
*[http://www.copyright.gov/ U.S. Copyright Office - General Guidelines About Copyright Law] | *[http://www.copyright.gov/ U.S. Copyright Office - General Guidelines About Copyright Law] | ||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. | ||