• Account & Access Management
• Application Services
• Data Center Hosting
• Desktop Management
• Enterprise Connectivity
• Information Security
• Messaging & Collaboration
• Professional Services
• Technology Sales
• Training, Education & Awareness
• Voice Services

OU Norman IT
OU Tulsa IT

Home  |  Online Help  |  Policies  |  Tier Ones

 :: HOME /

How you can prevent sensitive data breaches

1. Store sensitive data such as Protected Health Information (PHI) on a server in the campus enterprise data center. 
   1. Your tier one can assist in identifying the proper server location and “shared” drive letter for your department.
   2. Sensitive data must not be stored or maintained on desktop computers or un-encrypted portable computing devices.

      Risks: Storing sensitive data on your local desktop places that information at risk in the event of a data stealing malware infection. Syncing your mobile device with University systems such as email or other desktop applications has the potential to inadvertently store this information in an unprotected manner.  Loss of an unencrypted portable computing device places sensitive data on the lost device at risk of unauthorized access. Such events can constitute a HIPAA data breach in which individuals will be held personally liable for HIPAA fines and penalties.  See HITECH on the web at http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html

      Regulations:  Under federal and state law and University policy computer systems containing sensitive data with data-stealing malware infections or unencrypted mobile devices which have been lost are reportable as data breaches and must be identified to University officials. If you have any questions about your storage location or portable device please contact your Tier One or IT Security.

   Sensitive data definition and examples: See  “Category A Data Classification” in the ”Information Security Policy Definitions” document at  http://it.ouhsc.edu/policies/documents/infosecurity/Information_Security_Policy_Definitions_%20v05172010.pdf

3. If your business process requires storage of sensitive data on a portable computing device such as a laptop, flash drive, or Smartphone then that device must be encrypted with a Federal Information Processing Standard encryption mechanism.  See http://it.ouhsc.edu/policies/PortableDeviceSecurityPolicy.asp
2. Install and use the most current security software available for your system to protect against malware infections and data breaches**.  Currently these include:
1. McAfee VirusScan and Anti-Spyware for MS Windows and Macintosh operating systems.
2. McAfee SiteAdvisor for Microsoft Internet Explorer and Mozilla Firefox..
3. McAfee Endpoint Encryption Full-Disk for laptop encryption.
3. Follow safe Internet browsing and email practices.
   1. Do not open suspicious email, especially email with unknown attachments or links to web sites.
   2. Do not download non University applications or unknown software from the Internet.  Example: screen savers or browser add-ons.
   3. Do not browse the web or access email for non University related business.  See: Acceptable Use of Information Systems policy at http://it.ouhsc.edu/policies/AcceptableUse.asp
   4. Follow the Email Transimission and Use Policy - Do not auto-forward or auto-redirect OUHSC email to non-University provided systems.
   **Contact your department tier one for more information before you install software on your desktop computer.

Downloads for McAfee VirusScan and SiteAdvisor: http://it.ouhsc.edu/services/desktopmgmnt/antivirussoftware.asp

IT Service Desk: http://it.ouhsc.edu/services/servicedesk/

McAfee SiteAdvisor description: http://it.ouhsc.edu/tier1/documents/SiteAdvisorEnterprisePlus.pdf