You are here: Vanderbilt Biostatistics Wiki>Main Web>BiostatisticsDataSecurityPolicy (19 Dec 2023, DalePlummer)Edit Attach

Department of Biostatistics Data Security Policy

Data Protection Recommendations

Introduction

Protecting private health information is vital because of the high consequences for exposure. Ensuring data security also mitigates the risk of identity theft and fraud, preserving patients' financial well-being. Compliance with privacy regulations, like HIPAA, maintains legal standards, upholding healthcare professionals' integrity. Robust data protection bolsters research endeavors, as individuals are more likely to participate when confident their information won't be misused. Overall, safeguarding private health information upholds individual rights, maintains healthcare quality, and supports ethical medical practices. The burden to prevent information exposure lies with each employee of VUMC Biostatistics.

This policy adopts and extends the Vanderbilt University Medical Center policy on electronic devices; if there is any conflict between department and VUMC policy, the VUMC policy takes precedence. See related policies below.

Department-Specific Policies

With vulnerability to ransomware and other dangers an ongoing critical concern for VUMC, all department members must practice electronic device safety and responsibility, which includes observing these precautions:
  • Never store PHI or PII on any device (including desktops and laptops) if a secured server or other VUMC-authorized storage solution would suffice.
  • Never store passwords or API keys in plain text files on any desktop or laptop.
  • Never use any VUMC device for non-VUMC business
  • Never allow use of VUMC devices by non-VUMC personnel (i.e., access to VUMC devices by friends or family members is prohibited).
  • Researchers must abide by any data-sharing agreement they are party too. This will generally impose additional limitations on the handling of the data.

VUMC uses Cortex monitoring software to help detect if an electronic device issued to an employee has been compromised. If an incident is detected, the VUMC security system enacts automatic shutdown of all access to the device and locks the employee’s VUMC-ID account. After security personnel reviews the device for PHI/PII, the device will be wiped and the employee directed to set a new password.

For this reason, and as a good practice to observe in general:
  • Always back up your work in an appropriate location external to your device(s), such as a shared drive on a network server or OneDrive.

Remember: You are responsible for all usage of your VUMC-issued device(s).

For more about electronic device responsibility, please take a moment to read VUMC’s policy on acceptable use: https://vanderbilt.policytech.com/dotNet/documents/?docid=32170

VUMC Enterprise Cybersecurity - Security Policy and Compliance
Edit  | Attach | Print version | History: r5 < r4 < r3 < r2 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r5 - 19 Dec 2023, DalePlummer
This site is powered by FoswikiCopyright &© 2013-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Vanderbilt Biostatistics Wiki? Send feedback