WashU’s Core Security Package and HIPAA Compliance

WashU workstations are carefully designed to have a core set of security applications to protect them from unauthorized access and comply with the HIPAA Security Rule. Equipment not sourced from our IT Depot, and WashU IT equipment with missing or disabled security controls, significantly increases the risk of an incident including ransomware or other loss of […]

Security Responsibilities for PHI Handlers 

All WashU community members who handle PHI are responsible for maintaining a secure environment and patient privacy. This includes faculty, staff, volunteers, trainees, and students. WashU’s core technology systems are designed to safely store and transmit PHI for safety and compliance with HIPAA. Before using external websites or cloud services to store, create, or transmit WashU Confidential […]

The Risk of Running Unsupported Operating Systems

HIPAA Health Insurance Portability and Accountability Act

What if you are still running Windows XP or 7 on some of your computers? Extended support for Windows 7 ended on January 14, 2020, over 10 years after the release of Windows 7. Now the operating system no longer receives security updates. Some versions of Windows 10 and 11 are already unsupported. Devices with an […]

What is Full Disk Encryption and why should I care about it?

security icon

Did you know that all hard drives and any permanent storage must contain disk encryption if they stored PHI in the past, present or future? Why is this important? Sensitive and/or regulated data on encrypted drives in a computer that is lost, stolen, or improperly disposed of cannot be viewed without a special “key” only available […]

7.6 million reasons to not share logins or passwords 

passwords written on sticky notes

The Cleveland Clinic Foundation (CCF) recently agreed to pay $7,600,000 to resolve allegations that it violated the False Claims Act (FCA) by submitting to the National Institutes of Health (NIH) federal grant applications and progress reports in which CCF failed to disclose that a key employee involved in administering the grants had pending and/or active […]