Computer Use/Electronic Information: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 25: | Line 25: | ||
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Confidential Information]] | [[Protected Health Information (PHI)]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Confidential Information]] | [[Protected Health Information (PHI)]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | ||
<br /><br /> | <br /><br /> | ||
Policy No.: '''6051'''<br /> | |||
Effective Date: '''04/25/07'''<br /> | |||
Revised Date: '''08/19/13'''<br /> | |||
Reviewed Date: '''08/19/13'''<br /><br /> | |||
Revised Date: ''' | |||
Reviewed Date: ''' | |||
<big>'''Computer Use and Electronic Information Security Policy'''</big> | <big>'''Computer Use and Electronic Information Security Policy'''</big> | ||
== Introduction == | |||
University of Nebraska Medical Center (UNMC) has a robust information technology environment. It is the responsibility of the workforce to utilize information technology resources in an appropriate manner. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality. | University of Nebraska Medical Center (UNMC) has a robust information technology environment. It is the responsibility of the workforce to utilize information technology resources in an appropriate manner. Individuals with access to information systems are expected to safeguard resources and maintain appropriate levels of confidentiality. | ||
== Basis for Policy == | |||
The University of Nebraska has issued Executive Memorandum No. 16, [http://nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Policy for Responsible Use of Information Resources], which sets forth the University’s administrative policy and provides guidance relating to the responsible use of the University’s electronic information systems. It is the intent of this policy to confirm campus adherence to Executive Memorandum 16.<br /> | |||
<br /> | <br /> | ||
Information technology resources are owned by UNMC and are intended for use in completing UNMC’s mission. Their use is governed by Executive Memorandum No. 16, all applicable [[Policies_and_Procedures|UNMC policies]], including sexual harassment, patent and copyright, patient and student confidentiality, and student and employee disciplinary policies, as well as by applicable federal, state and local laws. | |||
== Policy == | |||
=== Acceptance and Adherence to Policy === | |||
Using UNMC’s information systems by anyone shall constitute agreement to abide by and be bound by the following: | |||
#Provisions of this policy | |||
#[http://www.unmc.edu/its/information_security_procedures.htm Information Security Procedures] | |||
#UNMC Policy 6045, [[Privacy/Confidentiality|Privacy, Confidentiality and Information Security Policy]] | |||
#Information Technology Security Procedures | |||
#Executive Memorandum No. 16, [http://nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Policy for Responsible Use of Information Resources] | |||
#Executive Memorandum No. 26, [http://nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf University of Nebraska Information Security Plan] | |||
#Executive Memorandum No. 27, [http://nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf HIPAA Compliance Policy] | |||
=== Access === | |||
Physical and electronic access to proprietary information and computing resources is controlled. The level of control will depend on user need and the level of risk and exposure to loss or compromise. Access will be assigned based upon the information needed to perform assigned duties. On campus electronic access is controlled through user id and password. Off Campus electronic access in some instances requires two-factor authentication. | |||
====UNMC Net ID accounts==== | |||
UNMC Net ID accounts will only be issued to the following individuals | |||
#Faculty, staff and students of UNMC | |||
#Retired faculty who have an emeritus appointment | |||
#Individuals who have a relationship with UNMC and need access to electronic resources in order to perform their duties. | |||
:#Individuals must have a department chair or section chief sponsor their need for this account. | |||
:#The department chair or section chief is responsible for ensuring that the individual is aware of all UNMC policies and procedures relating to the use of the electronic resources. | |||
:#The department chair or section chief is responsible for coordinating with ITS to ensure that all software license regulations are honored by granting this account. | |||
:#ITS is responsible for maintaining a log of individual name, contact information, sponsoring Department Chair or Section Chief, resources accessed and reason for account/relationship to UNMC | |||
:#The Assistant Vice Chancellor or designee will approve requests for these types of accounts. | |||
====UNMC email accounts ==== | |||
UNMC email accounts will only be issued to the following individuals: | |||
#Faculty (excluding volunteer appointments) staff and students of UNMC | |||
##Upon an employee’s entry into SAP or a student being admitted to a program, an email account will automatically be generated. It is the expectation that all faculty/staff/student will read and maintain their UNMC email account. Important information regarding the activities of UNMC are communicated via email. | |||
#Retired faculty who have an emeritus appointment | |||
#If a department identifies the need for an individual who does not meet the criteria to have an email account, a request for a policy exception can be made: | |||
##Individuals must have a department chair or section chief sponsor their need for this account. | |||
##The department chair or section chief is responsible for ensuring that the individual is aware of all UNMC policies and procedures relating to the use of the electronic resources. | |||
##The department chair or section chief is responsible for coordinating with ITS to ensure that all software license regulations are honored by granting this account. | |||
##ITS is responsible for maintaining a log of | |||
###Individual name, contact information,Sponsoring Department Chair or Section Chief,Resources accessed,Reason for account/relationship to UNMC | |||
##The Assistant Vice Chancellor or designee will approve requests for these types of accounts. | |||
NOTE: If an individual is a volunteer, please refer to Reporting of Non-faculty Volunteer Policy. | |||
Individual Personal accounts will always be utilized to access confidential information. | |||
Users are responsible and accountable for access under their personal accounts. No one should use the ID or password of another, nor should anyone provide his or her ID or password to another, except in the cases necessary to facilitate computer maintenance and repairs. Your password should only be given to Information Technology Support Personnel upon presentation of identification. If your password is shared with Information Technology Support Personnel, where technically feasible the password should be flagged, necessitating that it be changed the next time the user logs on. | |||
A strong password is the “first defense” against an information security attack upon the UNMC network. It is imperative that all users select a strong password. (See ITS Security Procedure: Password Security). | |||
Access to electronic mail, voice mail, administrative, student and patient care information systems will be obtained through the appropriate authorization process. (See ITS Security Procedure: Access Control to IT Resources) Unauthorized access to information systems is prohibited. Users must not attempt to gain access to information or systems for which they are not granted access. | |||
Remote access to systems which contain confidential information will be accomplished through a strong authentication method with the appropriate approval processes. (See ITS Security Procedure: Workforce Member Remote Access). Individuals requiring remote access to UNMC’s e mail system will purchase an internet service provider and utilize the web based e mail product. | |||
Information Technology Support Personnel will inactivate or delete IDs/password, as appropriate, of individuals who no longer have a relationship with UNMC. | |||
Individuals who have a relationship with UNMC and need access to electronic resources in order to perform their duties. | |||
# Individuals must have a department chair or section chief sponsor their need for this account. | # Individuals must have a department chair or section chief sponsor their need for this account. | ||
# The department chair or section chief is responsible for ensuring that the individual is aware of all UNMC policies and procedures relating to the use of the electronic resources. | # The department chair or section chief is responsible for ensuring that the individual is aware of all UNMC policies and procedures relating to the use of the electronic resources. | ||