Updated March 10, 2014
Our department provides guidance for IT Services including submitting requests for services, privacy and security information and purchasing information.
- IT Security Update: Frequently Asked Questions – Encryption, Privacy and Data Protection
- IT Service Request
- Privacy and Security
- Use of Department Server Drives and Access to Data
- Computer Purchasing
- Mobile Devices
- Additional Related Links
IT Security Update: Frequently Asked Questions – Encryption, Privacy and Data Protection
These FAQs address device encryption and associated topics. Related links are also provided for additional information.
All mobile devices (laptops, phones, tablets, flash drives) used for UCSF work must be encrypted. Devices provided by the department through the IT service come encrypted, those would be laptops and mobile phones. Devices purchased for personal use and also used for work – that is, purchased privately by an individual – do not come encrypted and it is the responsibility of the individual to do this. These devices cannot be used for UCSF work unless encrypted. Question #7, below, discusses encrypted flash drives, which we ask that you use.
1. Is password protection on a laptop or mobile device (phone or tablet) the same as encryption?
Password protection is not the same as encryption as a password can be breached, encryption cannot.
2. I know my UCSF-provided laptop is encrypted, but what about my UCSF-provided mobile phone or tablet?
A phone provided by the department is already encrypted by ActivSync when UCSF Exchange mail access is set up. It is the same process for a tablet.
3. Can I get my personal phone encrypted?
If you would like to encrypt a personal phone or tablet, then you need to contact the IT service desk at 514-4100 to set up ActivSync.
4. What is the process for getting personal laptops encrypted?
If the user has a premium subscription with ITFS, then an ITFS tech can encrypt a personal device. A ticket should be placed for this request. If the user does not have a premium subscription, they can go to this link and follow the instructions for encrypting a PC laptop or contact me directly for assistance in encrypting an Apple laptop. Please print, sign and return this form to assure compliance of personal computer encryption. Please follow this link to more information and resources for encrypting personal computer. http://it.ucsf.edu/category/its-categories/security?page=2
5. How do these encryption efforts relate to Privacy and HIPAA?
It is the responsibility of all who work at UCSF to protect the privacy and privileged information of patients and employees. Laptops and other mobile devices can "walk away" and if they are not encrypted, all data is vulnerable.
The Final Omnibus Rule is here!
The Final Omnibus Rule of 2013, which amends the HIPAA rules, went into effect Monday, September 23, 2013. It includes important changes that impact multiple areas.
What you need to know: Final Omnibus Rule Summary available here.
UCSF Medical Center has a new Notice of Privacy Practice!
a result of the Final Omnibus Rule changes, the UCSF Health System Notice of Privacy Practice (NPP) and Acknowledgement of Receipt Form have been updated and will be available in English, Spanish, Russian, and Chinese. Effective September 23, 2013, the updated NPP must be provided to all new patients, to patients who have recently turned 18 years of age at their next encounter, and to anyone else who requests a copy.
Click here (http://hims.ucsfmedicalcenter.org/hippa_forms.htm) to view the current versions.
6. Should office desktop computers be encrypted?
Office desktop computers are being encrypted with new deployments and re-imaging of devices in for service. There is no retroactive program for desktop encryption.
7. Do you have a link to order encrypted flash drives or do we create an IT ticket?
Encrypted flash drives are available through BearBuy/CDW. Encrypted flash drives SHOULD NOT be purchased through Office Max or Office Depot as these devices did not work correctly when someone tried. Follow this link for more information:
8. What is the process for disposing of un-encrypted flash drives?
To dispose of an un-encrypted flash drive, delete everything on the drive and then empty the trash on the computer. Then use for personal transport of non-privileged information or give as gifts to those in need of unencrypted flash drives.
9. What about Anti-virus software? Is that available through UCSF IT Services?
Yes: Symantec Endpoint Protection (SEP) is provided free of charge to faculty, staff, students, and researchers of UCSF. SEP is designed to detect, remove, and prevent the spread of viruses, spyware, and other security risks.
The SEP client combines various client security technologies under a single application to help protect your computer without sacrificing performance.
SEP provides Windows, Macs, and Linux computers with anti-virus (AV) and anti-spyware. SEP scans local hard disks and monitors file access to detect potential threats and blocks any unnecessary access until the threat has been resolved. On Windows computers, for added protection against network-related threats, SEP also provides intrusion prevention (IPS), proactive threat scanning, and personal firewall capabilities.
In addition, the UCSF SEP clients will automatically keep both the client software and security definitions (AV and IPS) updated for the most complete protection. For more information on SEP Anti-virus software and to download, follow this link: https://it.ucsf.edu/services/symantec-endpoint-protection-sep
IT Service Requests
There are three ways to contact ITS for service on your computer, to ask a question or to submit a request such as a computer move:
Telephone Contact – For Urgent Requests
Call the IT Service Desk at 514-4100. This will get you to a service desk technician quickly. A technician can usually remote into the computer and attempt to fix the problem or can quickly dispatch a field technician.
Service Now – For Standard Requests
You will need a My Access account to use Service Now. Follow this link to get a My Access account.
Submit a Service Now ticket. Service Now is the new on-line ticketing system. The benefit of using this method is that you have a record of the request, which will come to you as an e-mail. Keep this e-mail for your records. Any follow up correspondence should be send using this intital e-mail.
Documentation on the use of Service Now is available here.
E-mail contact – Also for Standard Requests
Privacy and Security
Link here to IT privacy and security information.
Additional Items to Consider for E-mail and General IT Security (bullets and links provided by department IT management):
Please consider your audience. If in doubt, ask department IT management or administrative management about the most appropriate list to use.
Never use a third-party, non-UCSF e-mail address for university work—EVER. Please do not ask that one be used for any reason, including international travel. The request will be denied.
Please do not request that a third-party, non-UCSF e-mail address be added to any department list. That request will always be denied. The department cannot vouch for the security of a third-party account and does not want to assume the liability. Nor should you as an individual.
E-mail and general IT security is every employee's responsibility. There are no exceptions.
HIPAA compliance is everyone's responsibility. If you have a question, please refer to one of the web links below.
Use of Department Server Drives and Access to Data
Every permanent employee is provided with access to a home or 'I' server drive folder, which is used for storage of protected data, such as an Outlook archive and also highly confidential documents
Temporary employees are given specific access to 'S' drive folders as requested by their supervisor.
Access to the 'S' or shared drive is provided upon request to the Technology Manager. This server is for collaborative work.
All department servers are always accessible through VPN and are backed up daily. Your data is safe and easily accessible from anywhere with an Ethernet or wireless connection.
The department does not recommend nor support the use of a computer hard drive as the sole source of data storage. The server drives are backed up daily.
CrashPlan: CrashPlan cloud back up is provided to all laptop users with ITFS Premium subscription. The CrashPlan service backs up computer data on an on-going basis, as long as the computer is connected to Ethernet or wireless, whether at home or at work. While CrashPlan is effective, it is not infalliable. CrashPlan will always alert a user when a computer has not been backed up or if there is a connectivity issue. It is the responsiblility of the user to contact the IT Service Desk to respond to the alert. Ignoring alerts can result in lost data in the event of a hard drive failure or any other reason.
Desktop computer hard drives are not backed up. If you work off of your hard drive for any reason, please make sure and move your work to the server at the end of your workday. Each user is responsible for the protection of their files.
Please consult with with the department Technology Manager about storage of especially large amounts of data on our server drives.
UCSF Box, available through My Access, is a excellent source for data storage. Each UCSF employee is given 60gb of capacity. If a user requires more, up to 100gb can be made available upon request with supporting documentation.Each employee shall sign an Access with Consent form, provided by the department, to assure that all work-related data is available if a person is not available or is leaving the department. All incoming employees should sign this form, or if not, should sign at the same time that a resignation occurs.
All orders for computers will now be processed through BearBuy by Brian Auerbach. We are centralizing this process to better track our inventory.
Please contact Brian directly to coordinate any computer purchase.
Exception to this are all groups associated with our SFGH division.
Judy Louie of our Finance team will continue to manage all purchases for phones and tablets (e.g., iPads).
UCSF Privacy and Confidentiality:
UCSF Information Technology Security Services: https://it.ucsf.edu/services/category/security
ITFS Support Team:
Other IT-related information: http://obgyn.ucsf.edu/deptadmin/admin/it_services.aspx/