With approximately 12,000 people, 11,000 information resources and enough stored information to fill the Library of Congress several times over, it is absolutely impossible for one, or even 20 people to protect all the information entrusted to UTMB by the people of Texas. The one way we can ensure the security of our confidential data is to empower everyone as “Good Stewards” of our information, and ask that we all remain vigilant.
Faculty, staff and students need to keep an eye out for, and report security weaknesses, violations and suspicious activity to department management, the Information Security Officer or Institutional Compliance.
Things that we all should be watchful for include:
- Excessive Access - Access to resources and/or information when a business need does not exist
- Unsecured Information – Access to confidential information without a username and/or password
- Virus Protection – Computer systems that aren’t running anti-virus software
- Account Sharing – Personnel sharing computer accounts
- Snooping – Accessing information outside of assigned job duties or without proper authorization
- Extending the UTMB network – Installing unauthorized wireless access points, routers and HUBs on the UTMB network
In addition to working with one another to ensure our data remains secure, we are also tasked with continuously enhancing our information security program. Because of a recent incident and to ensure patient privacy and compliance with various legislative mandates, Institutional Compliance, working with Health Information Management and the Information Security Office, will be implementing a random audit process of user’s access to the EPIC electronic medical records system. The audit will include a review of user’s access to patient records during a specific time frame. This practice is used by several academic health care institutions nationwide and is considered a best practice.
Information Services has deployed impressive technology to guard against malicious attacks, exploits and unauthorized access. However, without your watchful eye and commitment to protecting our information (one of our most valuable assets) that impressive technology is nothing more than a doorstop.
Remember, Information SecU-R-ITy