IT Security Reminder

Dear Colleagues,

When team members leave a clinic or research team, their access needs to be removed immediately to prevent former team members from accessing records they should no longer have access to.

Why is removing access so important?

How is access removed at BU?

Like most things that are security related – it is a team effort.  Generally, faculty and staff are responsible for asking to remove access to network drives (aka BUMC Y Drive).  Similarly, faculty and staff are responsible for removing access to BU Microsoft apps, such as Teams, SharePoint, and OneDrive.

Why is access removal not automatic?

University culture often encourages continued access.  For example, because we want to maintain relations with alumni and retirees, their BU Kerberos account is not disabled.  So, anyone who has taken a class or retires from BU may continue to have access to BU services after they have left.  This makes sense for our academic mission, but not for healthcare and some research activities.

We ask that you please do your part and remember to remove access immediately.  We also encourage you to periodically send an email to and ask who has access to your network drive and folders, and check who has access to applications you control, such as BU Microsoft or BU REDCap.

Please reach out with any questions.


David Corbett
BUMC InfoSec Officer and HIPAA Security Officer