UCSF home page UCSF home page About UCSF UCSF Medical Center
UCSF navigation bar

Explore

Guide to Information Security

For more information about information security policy and practices, please see our Knowledgebase. If you ever have a question or need advice about securing your data, please contact the Department of Medicine Helpdesk at 415-476-6827, or email helpdesk@medicine.ucsf.edu.


Compliance with Security Policies

HIPAA, SB 1386, AB 211, SB 541, IS-3, 650-16, FERPA, etc.: don't know where to start with information security compliance? If you follow the Department of Medicine's basic policy statement and minimum security standards (PDF) you're covered!

Why should you care about information security? When you lose your unencrypted laptop or phone, or give someone your password, it typically takes 100 staff-hours just to determine if restricted information was exposed. If it was then the clock starts on $100 per day fines until we notify the state and the people whose data was released. Then the state decides whether to impose fines of $250,000 or more on both the University and the individual responsible for the exposure. Finally, there's the cost to UCSF's reputation, and the time it takes to rebuild the community's trust. Trust us, it's simple to avoid all of this time, effort, and money by just following some simple rules (PDF).

Never Email Your Password!

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations that you can use to avoid becoming a victim of these scams.

Free Antivirus Software for the UCSF Community

Everyone knows that the first thing you should do when you set up a computer is install antivirus software (well, at least that's what we do). But with so many options, which antivirus software do you choose? UCSF has made that decision simple by providing a community license for Sophos Antivirus, the best antivirus product on the market. You can use Sophos for free on all of your computers, whether or not they are owned by UCSF, and regardless of where you use them. You can download Symantec Endpoint Protection (SEP) for Macs and Windows PCs here.

Introduction to Spyware, or "Why is my computer so slow?"

Spyware is any program that either monitors your online activities, or installs programs without your consent, for profit or the capture of personal information. Research indicates that 9 out of 10 Internet-connected PCs are infected with spyware. Spyware can be used to track your computer use, transmit personal or confidential information to companies or identity thieves, and exploit your computer's security to open the door to more spyware, viruses, trojans, and worms.

There are several indications that your PC might have spyware:

  • Your computer suddenly begins to run slowly.
  • You start to see pop-up advertisements, strange dialog boxes, or new programs in Windows.
  • Programs begin to crash or "hang".
  • Your web browser's home page changes, or you see new toolbars.

Luckily, there's something you can do about spyware. UCSF has a site license for Symantec Endpoint Protection (SEP), and it is free to the UCSF community. When you install it, the software is automatically configured to scan your computer for spyware, and provides active monitoring of your system's security. You can download SEP from the ITS Software Download page, or you can contact the DOM Helpdesk for help with installing and using SEP.

If you would like to read more about spyware, please see the Wikipedia Spyware article.

Guide to VPN

When your work takes you away from the UCSF network and you need to access UCSF resources, the solution is VPN. VPN stands for "Virtual Private Network" and is essentially a secure tunnel directly from your computer to the UCSF network. UCSF has deployed a free, web-based VPN solution that works on almost any operating system. More information on this solution and how to use it is available in our KnowledgeBase.

Secure Email

In order to correspond securely with your patients and colleagues you should use UCSF's secure email solution. We have put together an Introduction to Secure Email to help you get acquainted with the system.

Tips for Avoiding Laptop Theft

  • When on the move, keep your belongings in sight and never leave your laptop unattended.
  • Try not to leave your laptop in a vehicle. If you must, ensure it's in the trunk or covered up - not in plain view.
  • Don't leave a meeting or conference room without your laptop. Take it with you, or it may not be there when you return.
  • Lock your laptop in your office or work area during off-hours. When possible, put the laptop in a locked closet or cabinet.
  • Use a cable and lock for your laptop when left unattended.

Tips for Avoiding Data Exposure

  • Follow our Mac and PC Security Tips for securing your computer
  • Encrypt all sensitive data on portable devices.
  • Frequent, HIPAA-compliant backups

Relevant Information Security Policies


Security Incident Response

We have put together an overview of how to respond in the event of the loss or exposure of sensitive electronic information. This document is available in our KnowledgeBase.

Security and Policy Articles from DOM IT Services Newsletters

We publish a quarterly newsletter, and always include articles about security policy and compliance.

Protecting Your Privacy

The United States Computer Emergency Readiness Team (US-CERT) has put together a great article on Protecting Your Privacy, which we recommend to all computer users.


Comments, questions, or problems with our new site? Please send all feedback to webmaster@medicine.ucsf.edu
Copyright 2012 The Regents of the University of California