UCSF home page UCSF home page About UCSF UCSF Medical Center
Department of Medicine
  Education   Patient Care   Research   Divisions   Giving   Administration  
DOM IT Services
Administrative Services Home
DOM IT Services Home
Help!
Services
Services FAQ
Pricing
Expertise
Purchasing
Resources
Security
Guide to Information Security
Policy & Standards
Encryption
Secure Email
Questions & Comments
Quick Links
Webmail
VPN
Division Admin login
OLHD Home
DOM IT Services News
Information Security is Everyone's Responsibility

Information Security is Easy.  Ignoring it is Hard — and Expensive!

FERPA. HIPAA. SB 1386! AB 211 and SB 541? IS-3? 650-16?!

Don't know where to start with information security compliance? With so many policies and standards, and seemingly a new one every year, it's no wonder so many people are confused about information security. It's as easy as 1-2-3!

1. Secure Your Computer

The Department of Medicine has a simple, easy-to-read information security policy statement and list of minimum security standards. If you comply with these standards you are complying with all relevant information security policies. Your IT service provider will take care of this for you. If you don't have an IT service provider please contact the DOM Helpdesk at 476-6827 or helpdesk@medicine.ucsf.edu.

2. Work Safely

Most information security is achieved by working smarter, not by using the latest technology. Some simple behaviors can save you a lot of trouble later.

  • Always be suspicious of any email with urgent requests for personal or financial information. See a sample phishing email for some tips on what to look for.
  • Don't use the links in an email or instant message to get to any web page if you don't know the sender.
  • Don't ever provide an account number, Social Security Number, password or PIN via email.
  • Don't trust public computer terminals. If you must use one, quit the web browser before leaving.

3. When In Doubt, Ask

Trust your instincts. If something feels wrong, or if you're just not sure, contact the DOM Helpdesk at 476-6827 or helpdesk@medicine.ucsf.edu, or ask your IT service provider if it's OK.

Why Should I Care About Information Security?

When you lose your unencrypted laptop or phone, or give someone your password, it typically takes 100 staff-hours from the time you report the loss to the police just to determine if restricted information was exposed. At that point the clock starts on $100 per day fines until we notify the state and the people whose data was released. Then the state decides whether to impose fines of $250,000 or more on both the University and the individual responsible for the exposure. Finally, there's the cost to UCSF's reputation, and the time it takes to rebuild the community's trust. It's easier to avoid all of this wasted time, effort, and money by following some simple rules.

Keeping restricted information safe is everyone's responsibility. Thanks for doing your part!
Home | Education | Patient Care | Research | Divisions | Giving | Webmaster
Copyright 2009 The Regents of the University of California