If you feel there has been any sort of security breach, or if you receive an email or phone call from someone suspecting a security breach, notify Beth, Lenny or Chris immediately - preferably via the problem email.

• Duke Electronic Communication Policy

  • All Duke Medicine electronic communication systems and data, however transmitted, are the properties of Duke Medicine. All data transmitted via electronic communication across Duke Medicine's intranet are the property of Duke Medicine.

  • Privacy should not be presumed with respect to e-mail and similar data. As proprietary material owned by Duke Medicine, it may be accessed and monitored by Duke Medicine as deemed necessary.

  • Inappropriate use of the Internet/Intranet includes, but is not limited to:
    • Unlawful activity
    • Misrepresentation of oneself or Duke Medicine
    • Communications with the media without appropriate approval
    • Carrying out personal business
    • Other activities that could cause congestion and/or disruption of network and systems

• Passwords

  • PC and Unix passwords may be the same but must be different from database passwords (and from any external accounts). Each password needs to be a minimum of eight characters and a combination of upper case, lower case and non-letter characters. See the CHG Password Policy for more information. Passwords must be changed at least every 180 days (this is Duke policy).

  • Passwords should not be stored on laptops in email or any other applications

  • Passwords should not be taped to your monitor or anywhere they can be easily found around your computer.

  • Passwords may not be shared with other people, nor may others use your account. They cannot be emailed unless encrypted. If a person is off-site, a password can be given over the telephone however, in person is preferred. You should not repeat your password in front of others.

  • Be sure, particularly in public places, that no one is watching you as you type your password

  • Read the tips on creating a secure password document.

  • Make sure you are aware of what you signed when you signed the Duke Confidentiality Form!
  
  

• E-mail communications

  • Your login and password information is encrypted when reading email. The contents of your email is not. Please read the email security document for information on how to send emails containing sensitive research subject information.

  • Do not open any suspect attachments regardless of the sender. New viruses can make the e-mail appear to be from anyone (including you) so you cannot trust the name of the sender. See the virus attachment list for a list of those attachments that usually carry a nasty payload.

  • If you think you have received a virus, do not send the virus to problem or any of the system administrators. Just let them know you think you received one and who it is from.
  
  

• CHG Computers

  • Users are not permitted to download software onto their computers. This includes work software, screensavers, IM, music or movie clips, etc. This helps prevent network issues for everyone. PCs are scanned frequently and inappropriate files are removed.

  • Do not bring computer equipment from home and attach it to the network or your computer.

  • Keep the password screensaver turned on to the default setting (unless you choose to decrease the interval). If you leave your desk, you should manually lock your screen.

  • When printing sensitive information, pick it up from the printer immediately.
  
  

• Personal Health Information (PHI)

  • PHI information can never be stored on laptops, home computers, flash drives or local, non-networked drives. This includes information from CHG databases and hospital databases such as DHIS. Any Duke owned laptop MUST be encrypted by a member of our staff.

  
  

• Misc

  • Credit card and cardholder data is never to be accessed, accepted, or stored by any CHG staff or system. All credit card transactions are to be processed only via the Dukepay HOP/Cybersource hyperlink from wwwchg.duhs.duke.edu

  • You cannot email or store any Social Security Numbers in any Duke system.

  • Remember, the problem account is to report computer-related issues only. Problems with telephones, temperature control, lights, badge access, etc are not computer-related issues. Direct all facilities issues to Beth Rusnak. The E&O Maintenance Reporting Number and the Telephone Repair number are listed at the top of the staff pages on the internal web page.

  • To be HIPAA compliant, all media that contains any patient sensitive data must be disposed of properly. Give any CDs, diskettes, zip drives, etc that have contained patient data to Beth, Lenny or Chris to be destroyed.

  • Trust your instincts! If something doesn't seem right, it probably isn't. Contact problem with any issues you may have or any of the following (which may also be reported to HR):
    • Misuse of DUHS proprietary information
    • Misuse of DUMC patient or CHG database information
    • Misuse of information pertaining to Duke personnel
    • Unauthorized use of Duke systems in ways that compromise system availability, performance, or integrity.

  ---

  By entering my login and the date, I state I have read and agree to the CHG computer security policies.

  Your computer login ID:
  Today's Date:			January February March April May June July August September October November December 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 2012