For Faculty and Staff

As School of Medicine faculty and staff, it's vitally important for your work and your safety that you properly secure your digital information. The easiest way to do that is to start with the right foundation, and then maintain your secure status on a daily basis.

1. Educate Yourself: Look over the information classification guidelines (dataclass.stanford.edu) to make sure you know the difference between High Risk, Moderate Risk, and Low Risk information, and that you have a sense of what kinds of information you encounter in your Stanford work. (If you work with PHI or other medical data, or with Stanford personnel records and payment information, there's a high probability you work with High Risk information.)
   
2. Encrypt: With information classification in mind, make sure that all the devices—computers, phones, and tablets—that you use on the Stanford network are properly encrypted and secured. Visit encrypt.stanford.edu for a step-by-step guide to setting up proper security on each of your computers and devices.
3. Secure: If any of the devices that are critical to your work cannot be properly encrypted because of hardware or software obsolescence, file a Help Ticket with TDS Security. We may be able to assist you either by placing your device on a special network, or by helping mitigate risk in other ways.
   

Some faculty and staff designations also have specific security requirements depending on location or affiliation:

• VA Hospital:
  If you work from the VA Hospital and wish to use the Stanford network, see the security requirements for the Stanford LAN Extension (SLE).
• Adjunct Clinical Faculty:
  If you are a member of the adjunct clinical faculty, there are specific security instructions for you: see For Adjunct Clinical Faculty
  

Next Steps: Sending and Sharing Information Securely

Once your computer and your devices are properly secured, take care of the information inside those devices—and the information on the entire Stanford network—by using secure methods to send, share, and store.

Use Stanford Secure Email to send emails discussing High, Moderate, and Low-Risk Information

Use the Stanford VPN when connecting to the network from off-campus.

Use cloud computing services responsibly; make sure you know which services are approved for what levels of sensitive information.

Use encrypted external hard drives and USB drives to carry and store your Stanford information. (TDS Security is working to provide them free of charge.)

Stanford Information and Research

As we are at a School of Medicine, we have two kinds of information which must have extra layers of security: student/university information, and health/patient information. Be aware of how to deal with these special categories of information.

Know your Risk Classification: Learn what kinds of information belong in which categories: High, Moderate, and Low Risk (previously Prohibited, Restricted, and Confidential information).

Properly handle Stanford Information: As a member of the university, you are personally liable for data breaches. See what's at stake, and how you can reduce your risks.

Research and Security help: If you are applying for a grant, are trying to budget for computer security, or are looking for other help with research and data management, we've got resources for you.

HIPAA: Visit our page to learn about HIPAA rules and regulations, and find out how to properly anonymize data for publication.

Moving on from Stanford? Here's how to prepare your devices for departure: how to properly remove Stanford information, and what to do about the various Stanford-required security measures.

Leaving Stanford?