Data and Document Security Controls

Data and Document Security Controls
Skip to content
Information Security and IT Compliance
Information Strategy and Services
Data and Document Security Controls
Information Security for Hybrid and Remote Work
Remote work employees continue to be bound by University of Colorado Denver | CU Anschutz information security polices while working at an alternative worksite. Consistent with the organization’s expectations of information security for employees working at the office, remote work employees will be expected to ensure the protection of proprietary university information accessible from their home office. Security safeguards and document retention policies should be applied at the level as they would when working on-site in order to protect such information from unauthorized disclosure, loss or damage. Steps include the use of locked file cabinets and desks, regular password maintenance, and any other measures appropriate for the job and the environment.
Data and Document Security Practices
Some information (electronic and hard copy) used in work may be deemed confidential or highly confidential by the university. The employee is responsible for protecting and securing regulated information such as FERPA, Payment Card Industry data (PCI) and HIPAA protected health information (PHI), as well as the equipment used to access the information. Except as necessary, an employee should not print PHI, nor PCI data when working remotely. Any PHI or PCI data that must be maintained in printed form should be properly secured and should be securely transferred to the workplace for proper storage or destruction as soon as practical.
It is important to understand that in situations of possible litigation, all pertinent electronic information must be preserved. Although unlikely, the employee must be prepared to provide personally owned equipment used in performing work duties, in accordance with the department's electronic document policy, if the possibility of stored electronic information exists. In cases where the employee leaves the university, the employee must arrange the return of all university owned equipment.
HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, billing/coding companies, doctors, hospitals and other health care providers. University staff working remotely continue to be responsible for protecting and securing all information including HIPAA protected health information (PH) in the same manner as if you were working on-site.
Detailed information about how to protect the privacy and security of HIPAA information and tools approved for telehealth during this public health emergency are available on the Office of Regulatory Compliance
HIPAA & Coronavirus FAQ webpage
. Please reference
University HIPAA Policy
and
University IT Security Program Policy APS-6005
to ensure compliance with university and campus policies while working remotely, as well as university guidance on the secure use of OneDrive.
Protection of Secure Information
The employee agrees to abide by the University of Colorado Denver | CU Anschutz information security requirements with regards to the protection of sensitive university information from unauthorized or accidental access, use, modification, destruction, or disclosure. Only university-provided computers, including mobile computing devices, should be used to access or handle sensitive university information. If you must use a personal computer, it is recommended that you use remote desktop to connect to your university-provided computer. The employee must have, and maintain, VPN connectivity during work hours. Be sure to
connect to the VPN
on a regular basis and check for GlobalProtect software updates.
Any suspected information security incident must be reported as soon as possible to the
Service Desk
. Review the university and campus policies including
CU IT Security Program Policy APS-6005
and
Campus Administrative Policy 5001- Acceptable Use of Information Technology Resources
for additional useful information and guidance.
Get Help
Phone Support
303-724-4357 (4-HELP)
7:30 a.m. - 6 p.m., M - Th
7:30 a.m. - 5 p.m., Fri
Self Service Portal
Submit a ticket
Email the Service Desk
24/7 access to the Service Center
Information Security and IT Compliance
CU Anschutz
Education II North
13120 East 19th Avenue
5th Floor
Aurora,
CO
80045
About ISIC
ISIC Leadership Team
System Status Page
Remote and Hybrid Working
Remote, Hybrid, and On-Campus Working
Data and Document Security
Remote Tools and Software
IT Accessibility
Digital Accessibility
Web Accessibility
Additional Resources
Inclusive Pedagogy
Partner Websites
CU Anschutz OIT
CU Denver OIT
CMS Login
Webmail
UCD Access
Canvas
Opens in a new window
Opens document in a new window