Skip to Content Skip to Local Navigation Skip to Global Navigation
Stanford Medicine Information Resources
& Technology

Innovative technology solutions
  • Health Care
    • Find a doctor

    • Adult-care doctor
    • Pediatrician or pediatric specialist
    • Obstetrician
    • Clinics & Services

    • Adult care
    • Pediatric care
    • Obstetrics
    • Clinical trials
    • Locations

    • Stanford Health Care
    • Stanford Children's Health
    • Emergency Department
    • Dial 911 in the event of a medical emergency

    Explore Health Care

    Learn how we are healing patients through science & compassion

    Back
  • Research
    • Basic science departments
    • Clinical science departments
    • Institutes
    • Research centers
    • See full directory
    • Research Resources

    • Research administration
    • Academic profiles
    • Clinical trials
    • Funding opportunities
    • See all
    • Professional Training

    • Postdoctoral scholars
    • Clinical research fellows

    Research News

    Clearing clumps of protein in aging neural stem cells boosts their activity

    Clearing clumps of protein in aging neural stem cells boosts their activity

    Explore Research

    Learn how we are fueling innovation

    Back
  • Education
    • MD program
    • PA Programs
    • PhD programs
    • Masters programs
    • Continuing Medical Education
    • Postdoctoral scholars
    • Residencies & fellowships
    • Summer & youth programs
    • See all
    • Education Resources

    • Academic profiles
    • School Administration
    • Basic science departments
    • Clinical science departments
    • Alumni services
    • Faculty resources
    • Diversity programs
    • Lane Library
    • Student resources

    Education News

    And the envelope, please: Graduating med students match to residencies

    And the envelope, please: Graduating med students match to residencies

    Explore Education

    Learn how we empower tomorrow's leaders

    Back
  • Give

    Support Stanford Medicine

    • Support teaching, research, and patient care.

    • Ways to give
    • Why giving matters
    • Make a gift online

    Support Children's Health

    • Support Lucile Packard Children's Hospital Stanford and child and maternal health

    • Ways to give
    • How your gift helps
    • Make an online gift
    Back
  • About
    • About us
    • News
    • Contacts
    • Maps & directions
    • Leadership
    • Vision
    • Diversity
    • Global health
    • Community engagement
    • Events
    • How you can help

    Stanford School of Medicine

    Stanford Health Care

    Stanford Children's Health

    Back
  • Site Search

Information Privacy and Security Policies

Below are some Stanford-enforced policies regarding information security, for the School of Medicine and for the University in general:

Data Security Program

The updated School of Medicine Data Security policy further increases computing security across campus. The SoM now requires most Windows XP devices to be eliminated, as Microsoft ceased support on April 8, 2014*. The Data Security Policy also now mandates encryption of all computers used for Stanford business by faculty, staff, residents, fellows and students. All personal, shared and multi-user computers must be encrypted, no matter what kinds of data the users access. Further, all mobile devices (tablets, phones, etc.) used by individuals who may access or receive High, Moderate, or Low Risk data must be enrolled in Stanford's Mobile Device Management (MDM) program.

All faculty, staff, students, residents and fellows are required to complete an attestation process declaring their access to PHI and other High Risk data and that their computers and mobile devices are compliant with this policy. To complete the attestation process, to find out whether your devices are compliant, and to read all the details of the policy, visit med.stanford.edu/datasecurity.

* While exceptions can be approved for devices with specific, critical, scientific software or applications, controls must be implemented to compensate for the risk of leaving these devices in use.

Compromised System Policy

Any computer or device on the School of Medicine network that is posing a threat to other computers or network resources may have its network access disabled until the problem is addressed.  Threats include: signs of malware infection, system compromise, attempts to exploit vulnerabilities on other systems, excessive use of network bandwidth, or other malicious network activity. Compromised systems will generally need to be rebuilt with a new installation of the operating system and updated security patches before their network access can be re-enabled.

Network Security Policies

IRT owns, controls and supports the School of Medicine network. The Network Access group enforces a list of security policies and standards in order to keep the network secure and operational.

Administrative Guide Memos

The Administration Guide (http://adminguide.stanford.edu) is the University's official administration policy manual. Chapter 6, Computing, specifically defines your responsibilities regarding network and computer utilization, information security, chatrooms and electronic commerce. Read on for summaries of each section; click the links to download the entire policy as a PDF.

Section 1, Administrative Computing Systems, outlines the hierarchy of administrators and users of an academic computing system—any computerized system that uses administrative information at Stanford—and identifies "ownership, development and management responsibilities."

Section 2, Computer and Network Usage Policy, lays out guidelines for users of Stanford's computers, networks and information on the proper use of information technologies, including:

  • Users are bound to respect copyright law and licenses
  • Users are bound to respect the integrity of information resources, both hardware and software
  • Users are prohibited from seeking to gain unauthorized access to resources
  • Users must respect the rights of other computer users, and neither violate their privacy nor broadcast inappropriate content
  • University information resources must not be used for political, commercial or personal use except when in compliance with laws and University policies

Section 3, Information Security, states the requirements for the protection of Stanford's information assets, and the principles of information security (the following is quoted from the Guide):

  1. Information Resource Availability — The information resources of the University, including the network, the hardware, the software, the facilities, the infrastructure and any other such resources, are available to support the teaching, learning, research or administrative roles for which they are designated.
  2. Information Integrity — The information used in the pursuit of teaching, learning, research or administration can be trusted to correctly reflect the reality it represents.
  3. Information Confidentiality — The ability to access or modify information is provided only to authorized users for authorized purposes.
  4. Support of Academic Pursuits — The requirement to safeguard information resources must be balanced with the need to support the pursuit of legitimate academic objectives.
  5. Access to Information — The value of information as an institutional resource increases through its appropriate use; its value diminishes through misuse, misinterpretation, or unnecessary restrictions to its access.

Section Three also outlines the University's Data Classification Guidelines, the responsibilities of each person with regards to information security, and includes a list of University security resources.

Section 4, Identification and Authentication Systems, discusses University policy regarding SUNet IDs, Stanford ID cards, Kerberos and other forms of ID; and recommendations and guidelines for computer systems requiring ID or authentication.

Section 6, Chat Rooms and Other Forums, states that any websites, chats or other forums that include discussions and contributions, if connected to the stanford.edu or stanford.org domains, must be related to legitimate University activities, and be subject to the University Terms of Use.

Section 7, Information Security Incident Response, describes the procedures to be followed when a computer security incident is discovered, or when High or Moderate Risk Data may have been inappropriately accessed. This policy outlines the procedures for decision-making regarding emergency actions taken for the protection of Stanford's information resources from accidental or intentional unauthorized access, disclosure or damage. For a more detailed outline of this section, also see Reporting an Incident.

 

SUMCnet Policies

SUMCnet is a highly specialized network that was created to provide a secure environment for users who need access to clinical applications from the School of Medicine to Stanford Hospital and Clinics (SHC) and the Lucille Packard Children’s Hospital (LPCH).  All desktop computers (servers are prohibited) must meet specific requirements before they are allowed to connect to SUMCnet.  Desktops not in compliance will be removed from the SUMCnet.

Specific information regarding the desktop security requirements can be found on the SUMCnet page.

HIPAA Policies

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996 mandating specific requirements for protected health information (PHI).  Stanford University has established policies to ensure compliance with the HIPAA regulations. HIPAA was enacted in order to:

Streamline medical insurance claims by eliminating paper

Help reduce fraud with insurance claims

Define privacy requirements for patients

Define security requirements for electronic health information

Define patients' rights

Additional information regarding HIPAA at Stanford can be found at:  http://hipaa.stanford.edu.

Quick Links

Menu
Innovative technology solutions
  • Desktop Computing
    • IT Support
      • Requesting IT Support
      • Get a SUNet ID
      • New Computer Setup
      • Printer Setup
      • Print Resources
      • Training Resources
      • Maintaining Your Computer
      • Hardware Support
      • Software Support
      • Remote Support
      • Database Support
      • Server Support
      • SUMCnet
      • SUMCnet Subnets
    • Tech Bar
    • Recommended Software
    • Computer Recommendations
    • Mobile Devices: Apple
    • Printer Recommendations
    • Using Clinical Applications & Data
    • Network Access
      • Policies
      • Off-campus Access
      • Gaining Access to the Network
      • Guest Access
      • How to find the Hardware Address of Your Device
      • Wireless Access
  • Research Technology
  • Web Services
    • Websites
  • Application Services
  • Business Analytics
  • Infrastructure Services & Communications
    • Firewalls
      • IRT Information Security Services
    • Desk & Mobile Phones
      • VoIP Transition
      • VoIP Deployment Schedule
    • Web Conference & Video
    • Networking
      • Network Details, Performance, & Testing
      • 802.11b Wireless Coverage
      • Off-Campus Network Access
    • Server Management
      • System Administration
      • Basic Hosting
      • Service Level Agreement
      • Facilities: Data Center
      • Customer Status Report
    • Cloud Infrastructure
    • Application & Database Management
  • Information Security Services
    • Reporting a Security Incident
    • Encryption
    • Research & Security
    • For Adjunct Clinical Faculty
    • Leaving Stanford?
    • Reducing Your Risk: Handling Stanford Information
    • HIPAA Identifiers: Anonymizing Data
    • Data Classification
    • Cloud Computing
    • Mobile Device Management For Your Phone
    • Good Practices
    • How to Secure Your Information
      • Encryption Tools
      • Creating a strong password
      • Securing Laptops and Mobile Devices
      • Encryption Frequently Asked Questions
      • Encryption Exceptions
      • Encryption Deadlines
    • Why You Need to Secure Your Information
      • Information Privacy and Security Policies
    • Connecting Securely: Secure Networks and VPN
      • Stanford LAN Extension (SLE)
      • VPN Service
      • WinSecure Network
      • WinSecure - FAQ
      • Unsupported Systems
    • Server Security
      • How To Tell if Your Server Has Been Compromised
      • About SUSI
    • SPAM
    • Messaging Scams
    • Sending Information Securely
    • MedSecureSend: Sending Large Files Securely
    • Backing Up Your Information
    • FAQ: IRT Information Security Services
    • Contact Information Security
    • Security Assessments
    • Bastion Access
      • Request Bastion Access
      • Installing Junos Pulse
      • Logging in with Pulse
    • Security Quick Reference Guide
  • About Us
    • The IRT Team
    • Maps & Directions
      • Porter Drive
    • Key Contacts
  • Help
  • Administrative Technology
    • Guide to Administrative Systems at Stanford
    • LPCH Admin Guide to Managing Stanford Calendars
    • Guide to Systems By Topic
    • Acquiring or Developing a New Administrative System
    • Request a Consultation for Administrative Systems
    • Scheduled Standard Reporting
    • Scheduled Standard Reporting: Fixed Schedule - Technology for Administrative Staff - Services - Information Resources & Technology (IRT) - Stanford University School of Medicine
©2018 Stanford Medicine
  • Terms of Use
  • See us on Facebook
  • See us on Twitter
  • Stanford University
  • Stanford School of Medicine
  • Stanford Health Care
  • Stanford Children's Health
  • Lucile Packard Children's Hospital Stanford
  • University Healthcare Alliance