{"id":90329,"date":"2020-11-23T15:45:26","date_gmt":"2020-11-23T20:45:26","guid":{"rendered":"http:\/\/www.bumc.bu.edu\/busm\/?p=90329"},"modified":"2020-11-23T15:45:26","modified_gmt":"2020-11-23T20:45:26","slug":"it-security-reminder","status":"publish","type":"post","link":"https:\/\/www.bumc.bu.edu\/camed\/2020\/11\/23\/it-security-reminder\/","title":{"rendered":"IT Security Reminder"},"content":{"rendered":"<p>Dear Colleagues,<\/p>\n<p>When team members leave a clinic or research team, their access needs to be removed immediately to prevent former team members from accessing records they should no longer have access to.<\/p>\n<p><strong>Why is removing access so important? <\/strong><\/p>\n<ul>\n<li>We have told patients and research subjects through Privacy Practice Notices and research consent forms that we will protect their data and only allow authorized individuals to have access<\/li>\n<li>Former employees may steal information about patients to persuade them to move to a new practice<\/li>\n<li>Former employee accounts are more susceptible to abuse because former employees are less likely to notice or report suspicious activity<\/li>\n<li>State and federal agencies who enforce HIPAA impose penalties for failure to immediately remove access: <a href=\"https:\/\/www.hhs.gov\/about\/news\/2020\/10\/30\/city-health-department-failed-terminate-former-employees-access-protected-health-information.html\">https:\/\/www.hhs.gov\/about\/news\/2020\/10\/30\/city-health-department-failed-terminate-former-employees-access-protected-health-information.html<\/a><\/li>\n<\/ul>\n<p><strong>How is access removed at BU?<\/strong><\/p>\n<p>Like most things that are security related &#8211; it is a team effort.\u00a0 Generally, faculty and staff are responsible for asking <a href=\"mailto:bumchelp@bu.edu\">bumchelp@bu.edu<\/a> to remove access to network drives (aka BUMC Y Drive).\u00a0 Similarly, faculty and staff are responsible for removing access to BU Microsoft apps, such as Teams, SharePoint, and OneDrive.<\/p>\n<p><strong>Why is access removal not automatic? <\/strong><\/p>\n<p>University culture often encourages continued access.\u00a0 For example, because we want to maintain relations with alumni and retirees, their BU Kerberos account is not disabled.\u00a0 So, anyone who has taken a class or retires from BU may continue to have access to BU services after they have left.\u00a0 This makes sense for our academic mission, but not for healthcare and some research activities.<\/p>\n<p>We ask that you please do your part and remember to remove access immediately.\u00a0 We also encourage you to periodically send an email to <a href=\"mailto:bumchelp@bu.edu\">bumchelp@bu.edu<\/a> and ask who has access to your network drive and folders, and check who has access to applications you control, such as BU Microsoft or BU REDCap.<\/p>\n<p>Please reach out with any questions.<\/p>\n<p>Sincerely,<\/p>\n<p>David Corbett<br \/>\nBUMC InfoSec Officer and HIPAA Security Officer<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dear Colleagues, When team members leave a clinic or research team, their access needs to be removed immediately to prevent former team members from accessing records they should no longer have access to. Why is removing access so important? We have told patients and research subjects through Privacy Practice Notices and research consent forms that [&hellip;]<\/p>\n","protected":false},"author":903,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[298],"tags":[],"_links":{"self":[{"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/posts\/90329"}],"collection":[{"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/users\/903"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/comments?post=90329"}],"version-history":[{"count":2,"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/posts\/90329\/revisions"}],"predecessor-version":[{"id":90331,"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/posts\/90329\/revisions\/90331"}],"wp:attachment":[{"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/media?parent=90329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/categories?post=90329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bumc.bu.edu\/camed\/wp-json\/wp\/v2\/tags?post=90329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}