The following points are to help you make sure confidential data is protected when you are working from a remote location, such as home.
- Remember that you have a responsibility to protect the confidentiality of all data that you use and have access to. For patient data, HIPAA guidelines apply to data being access from UIHC or remotely. In the current crisis, it is critically important that confidentiality and security of data be maintained.
- If you are using a personal computer at home, make sure you have security software such as AntiVirus installed, maintain current updates, software updates/patches, locked screen, and do not share the computer with other family members. If you are using work-provided computer at home—work computers are intended for business and may not be shared with others, including family members. Be sure to notify the Help Desk if you suspect updates to your work computer are not getting applied, or if you have any other cybersecurity concerns.
- Do not use unsecured, public wifi (such as in restaurants, coffee shops, etc.) unless you are using a secure VPN or Citrix session. When using home wifi, make sure your home wifi is secured with a strong password (greater than 10 characters, mixed upper and lower case, numeric and symbols) and strong encryption. For the encryption type, use WPA2. There are different types of WPA2, all are fine. Make sure you keep your home wi-fi software up to date, even if you are simply using your home computer to check your UIHC email.
- Be very careful when clicking links—even more careful than when working onsite at UIHC or UIowa. Be aware of URLs and website addresses when accessing sites on the internet. Do not visit sites you wouldn’t browse during the normal course of your work. We have specific protection mechanisms in place within the UIHC environment to protect against “known bad” sites—those protections don’t extend to your home network. Use more caution when working from home or when connecting to UIHC network with a personal computer.
- Do NOT save sensitive data on your personal device. While it may make it easier to access, it is vulnerable to loss, corruption, cyber-attacks and viruses. Make patient and sensitive data is only being stored only on approved storage locations.
- When you are not using your computer, disconnect it from the network and/or shut it down. This prevents attacks and data loss, as well as unauthorized access by people who may share your space when working from home.
- Do not use random thumb drives. Loading thumb drives with viruses or other malware is a common problem. If you have a thumb drive but don’t know where it came from, DO NOT use it.
- Protect remote devices against theft. Don’t leave a laptop or cell phone in your car, even if the car is locked the devices should not be accessible. Keep laptops secured at all times.
- Use the PUSH feature when using DUO 2-factor for authentication. Using the telephone call feature costs UIHC “telephony credits” which UIHC pays for in a metered fashion. The PUSH costs UIHC nothing additional.
- Review messages being sent in email to ensure that you are sending to the correct recipient. Working on a laptop, keyboards might not respond the same way as your desktop keyboard…double-check before sending.
Additional information can be found at: https://opsmanual.uiowa.edu/community-policies/acceptable-use-information-technology-resources
For questions, please contact the Information Security and Policy Office at UI Information Security Office (it-security@uiowa.edu).