General information security training:
HIPAA security training:
|
Limit physical access to any area or computer that contains sensitive data. Paper records and any other physical data that are sensitive must be locked in a secure area. |
Collect only the minimum necessary subject identifiers. |
Subject identifiers must be separated from the rest of the data files and associated with the data only through a key code. The identifiers, data, and key codes must be stored in password protected/encrypted files, and each of the three types of files should be stored in a separate and secure location. |
Remove or destroy subject identifiers as soon as they are no longer needed. |
Data collection and storage devices must be password protected with a strong password. Remember to password lock the screen of your workstation if you step away. Consider setting up two factor identification through ITS. |
Limit electronic access to any computer or server that contains sensitive data and encrypt data and research files where feasible. For assistance with electronic safeguards, contact Information Technology Services at 523-1511. The Solution Center and the Information Security Team can provide a range of assistance with security issues. Consider storing and using sensitive data on devices that do not have internet connectivity. If the machine must reach the web, it should not be used for general internet browsing -- any web access should be as purpose-specific as possible. |
Do not store sensitive data on a laptop or removable electronic storage device (such as a flash drive). If it is necessary to use portable devices for initial data collection, the data files must be encrypted and the identifiers moved to a secure system as soon as possible. Additionally, the portable device must be locked up in a secure location when it is not in use.
|
Be sure to keep any computers utilized for research data up to date with patches and anti-virus protection. NAU ITS can provide assistance if needed. |
If using email to communicate with research subjects, include a statement that email is not confidential. |
This page brought to you through a collaboration between NAU's Information Security Team and Cline Library.
Guidelines are also based on: