If you feel there has been any sort of security breach, or if you receive
an email or phone call from someone suspecting a security breach,
notify your CHG contact or email firstname.lastname@example.org.
Duke Electronic Communication Policy
All Duke Medicine electronic communication systems and data, however
transmitted, are the properties of Duke Medicine. All data transmitted
via electronic communication across Duke Medicine's intranet are the
property of Duke Medicine.
Privacy should not be presumed with respect to e-mail and similar data.
As proprietary material owned by Duke Medicine, it may be accessed and monitored by
Duke Medicine as deemed necessary.
Inappropriate use of the Internet/Intranet includes, but is not limited to:
Misrepresentation of oneself or Duke Medicine
Communications with the media without appropriate approval
Carrying out personal business
Other activities that could cause congestion and/or disruption of network and systems
PC and Unix passwords may be the same but must be different from database passwords (and from any external accounts). Each password needs to be a minimum of eight characters and a combination of upper case, lower case and non-letter characters. See the CHG Password Policy for more information. Passwords must be changed at least every 180 days (this is Duke policy).
Passwords should not be stored on laptops in email or any other applications
Passwords should not be taped to your monitor or anywhere they can be easily found around your computer.
Passwords may not be shared with other people, nor may others use your account.
They cannot be emailed unless encrypted.
You should not repeat your password in front of others.
Be sure, particularly in public places, that no one is watching you as you type your password
Your login and password information is encrypted when reading email.
The contents of your email is not. Please read the
email security document for information on how to send
emails containing sensitive research subject information.
Do not open any suspect attachments regardless of the sender. New viruses can
make the e-mail appear to be from anyone (including you) so you cannot trust
the name of the sender. See the virus attachment list
for a list of those attachments that usually carry a nasty payload.
If you think you have received a virus, do not send the virus to problem
or any of the system administrators. Just let them know you think you received one and
who it is from.
Personal Health Information (PHI)
PHI information can never be stored on laptops, home computers, flash drives or local, non-networked drives. This includes information from CHG databases and hospital databases such as DHIS. Any Duke owned laptop MUST be encrypted by a member of our staff.
Keep the password screensaver turned on to a maximum of 10 minutes. If you leave your computer,
manually lock your screen.
When printing sensitive information, pick it up from the printer immediately.
Credit card and cardholder data is never to be accessed, accepted, or
stored by any staff member. All credit card transactions are to
be processed only via the Dukepay HOP/Cybersource hyperlink from
You cannot email or store any Social Security Numbers in any Duke system.
To be HIPAA compliant, all media that contains any patient sensitive data must
be disposed of properly. Please discuss with your CHG contact on how to destroy media.
Trust your instincts! If something doesn't seem right, it probably isn't.
Contact problem with any issues you may have or any of the following (which may
also be reported to HR):
Misuse of DUHS proprietary information
Misuse of DUMC patient or CHG database information
Misuse of information pertaining to Duke personnel
Unauthorized use of Duke systems in ways that compromise system availability,
performance, or integrity.
By entering my login and the date, I state I have read and agree to the CHG computer security policies.