Happy Data Privacy Day!
Data Privacy Day is commemorated internationally every January 28 to globally raise privacy awareness. Although Data Privacy Day is one day dedicated to raising awareness about the importance of protecting privacy data both on and offline, you should get into the habit of protecting data every day.
Report potential privacy issues!
If you are in a component of the university HIPAA Covered entity and see something that looks like a potential privacy violation concerning Protected Health Information (PHI), say something.
Report HIPAA Privacy concerns to:
Cynthia Herrera Lindstrom
UofI HIPAA Privacy & Security Officer
1940 W Taylor St #124 Chicago, IL 60612
UofI University Ethics and Compliance Office
If you have privacy concerns about other types of data, report them to the Chief Information Security and Privacy Officer at firstname.lastname@example.org.
If you collect it, protect it!
All High Risk (such as PHI) or Sensitive data (Family Educational Rights and Privacy Act - FERPA) you gather for your job should be handled with care as if it were your own personal information.
If you must store PHI on devices such as laptops, phones, tablets and other mobile devices capable of storing data, you must use encryption. Encryption keeps the data on your device safe in the event it’s lost or stolen. If you’re not handling PHI, it’s still a great idea to encrypt your device to prevent your data from loss or theft! For more information about encryption, talk to your IT support staff or visit the ACCC encryption services webpage at https://accc.uic.edu/service/encryptionvices on which you store data. Encryption keeps the data on your device safe in case it’s ever lost or stolen. You should use encryption on devices such as laptops, phones, tablets, and other devices.
To print or not to print? That is the question:
Consider if you really need a hard copy, or if the document is more secure remaining in electronic form. If you must print, make sure you promptly retrieve the document from the printer and safeguard it, while in your possession. When it is no longer required, properly dispose of the document.
Ctrl>Alt> Delete before you leave your seat:
Always lock your computer screen when you leave your desk for any reason (e.g., retrieving a document from the printer, leaving your desk to attend a meeting, going to the break area for a quick cup of coffee, or going out for lunch).
To lock your computer on:
Windows: Press Win L key combination or Ctrl>Alt> Delete key combination and then select ‘Lock’.
Mac: select "Lock Screen" from the Apple menu or Control-Command-Q key combo
Share with care:
Whenever possible, avoid using external storage devices to store PHI. Instead, a Box Health Data Folder (BHDF) can be used to securely store PHI. For more information on BOX Health Folders and how to request one, visit the HIPAA webpage at https://hipaa.uillinois.edu/protecting-phi-with-box-health-data-folders by copying or typing the url into your web browser.
Remember to verify the person or entity you are sharing data with is authorized to receive it and provide only the minimum necessary information to accomplish the task.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may look like they’re from a friend, a co-worker, a bank, a credit card company, a social networking site, an online payment website or app, or an online store, but how do you know the message is real?
You should be suspicious if the email or text contains any of the following:
* the need for you to take immediate action or something bad will happen;
* instills a sense of urgency;
* a notice of some suspicious activity or log-in attempts on your account;
* an indication there’s a problem with your account or your payment information;
* asks you to confirm or provide personal information;
* asks you to click on a link to make a payment;
* informs you that you’re eligible to register for a government refund;
* offers a coupon or a gift card for free stuff; or
* the message includes a fake invoice.
Steps you can take to stay safe online:
If you receive an email or text message like the ones mentioned above, take a moment to examine it to verify it is legitimate.
* Is it from someone you recognize? DON’T REPLY TO THE ORIGINAL MESSAGE! Instead, call the individual or send a separate email or text to verify he/she sent the original message.
* Hover your cursor over the link provided to verify the link address is a legitimate one. If the address that appears when you hover your cursor over it doesn’t match what’s visible in the message, DON’T CLICK ON THE LINK! Instead, if you really need to visit the web site in the link, enter the web address directly into a browser window.
Remember, you are the key!
The choices you make can prevent or cause a privacy or security incident. For more ways to protect data visit the ACCC webpage at http://security.uic.edu/awareness.