Over the next several months the Integrity Office and ITG will expand safeguards for various devices that contain restricted information, including research data.
The Information Security Enhancement Initiative will address requirements from the federal HITECH Act of 2009, HIPAA, the Oregon Identity Theft Protection Law and the Red Flag Rule. By adding these safeguards, we’ll automatically become exempt from some of the reporting requirements. If we do nothing, we face a potential for increased fines and civil penalties—up to $1.5 million for identical violations occurring within one year. That’s a lot of money, especially in this tough economic climate.
The first phase of the project will target laptop computers (Mac, Linux and Windows) and portable storage media in high risk environments, such as clinical areas and human subject research; future phases will include desktop computers. Safeguards for PDAs and other smartphones holding OHSU information have not yet been determined.
ITG will install the software automatically on most computers, using the same process as for routine system updates. In the next few weeks, watch for more info about when installation will take place on your laptop and mobile devices.
Project website – http://www.ohsu.edu/xd/about/services/integrity/ips/resources/encryption.cfm
Policy or regulatory questions? Contact the Integrity Office at 503 494-8849 or firstname.lastname@example.org.
Technical questions? Contact Natasha Farvan, ITG Project Lead, 503 494-0561 or email@example.com.