Health Insurance Portability and Accountability Act (HIPAA) | Yale University
Workstations
HIPAA Security Policy & GuidelinesThere is no silver bullet. In the event of a breach Yale is required to notify HHS, the patient, and in some cases, the media. The goal of these policies and guidelines is to enhance the security of our patients’ health information. These policies address the security of paper records and especially address electronic protected health information (ePHI). These policies apply to all faculty, staff, trainees and students in Yale University Covered Components (Schools of Medicine and Nursing, University Health Services, Department of Psychology clinics and the Group Health Plan Component) who store, access, transmit or receive ePHI. You are responsible for complying with these policies.
- Whole Disk Encryption
- Automatic distribution of security and other patches via central computer management software
- Installation and update of anti-virus /anti-spyware software
- Automatic locking and password protection of desktops after 15 minutes of inactivity
- Registration in the ITS backup service
- Protection via proxy servers or removal of administrative privileges
- Removal of applications that increase the vulnerability of computers such as Peer to Peer (P2P) file sharing
- A locking cable or equivalent device for physical security
- All new desktop and laptop computers must be purchased from Yale's Managed Workstation portfolio.
- Other safeguards as they become technically feasible.
If you are responsible for administration of an “above-threshold” system or responsible for controlling the access by other people to such a system, you need to register the system.
Copyright © 2011 Yale University. All rights reserved. Privacy Policy.
Health Insurance Portability and Accountability Act (HIPAA) – Contact us at hipaa@yale.edu. Site comments