Information Technology Security is not just good practice or prudent guidelines for Huntsman Cancer Institute and it's associates to consider. There are a variety of regulatory regimes that HCI is required to adhere to, by law, including:
- The Healthcare Information Portability and Accountability Act (HIPAA), and the provisions of the subsequent HiTECH Act from the US Department of Health and Human Services, as it applies to patient information and data.
- The Family Educational Rights and Privacy Act (FERPA), administered by the US Department of Education. This applies directly to the academic function of HCI as part of the University of Utah School of Medicine.
- as research collaborations and cancer treatment protocol developments expand to European Union nations and other nations, other regulatory requirements will be applicable.
- Beyond meeting regulatory requirements, following robust IT security best practices serves to protect proprietary HCI data and information in an increasingly perilous global IT world. Regardless of whether the data HCI associates handle is patient oriented, or education related, even currently unregulated data within HCI Research is valuable, and deserves similar levels of protection.
The Computing and Technology Group (CATG) at HCI is responsible for applying and monitoring adherence of the applicable regulatory regimes, and will develop procedures that try to balance the need for IT Security with the need for convenience and usuability, for HCI's end users, data managers and IT staff to follow, as well as coordinating IT Security procedures and monitoring adherence to standards within the larger Health Sciences and University of Utah IT environment.
Because HCI associates frequently are consumers of IT services in their non-HCI related activities, at their residences, in public areas, and have valuable personal data on Internet-based systems, CATG will continue to provide information of benefit to our employees, students and other associates.
IT Security is Everyone's Business