Feb 262013

Related topics: Protected Health Information (PHI) | HIPAA security policies | HIPAA identifiers | Network storage

HIPAA security regulations define Protected Health Information (PHI) as any oral or recorded information created or received by a health care provider, health plan, employer, insurer, school or university, health care clearing house or a business associate that relates to the past, present or future physical or mental health or condition, provision of health care or health care payment of an individual.

There are eighteen “HIPAA Identifiers” that can be used to identify an individual, an individual’s family, employers or household members. Examples include names, telephone numbers, email addresses, medical record numbers, photographic images and home address. To see all eighteen identifiers, visit the HIPAA Identifiers page.

Please note that it is a VIOLATION of HIPAA law to store PHI on any personal device, such as a USB drive, external hard drive, home computer, iPhone or iPad. Such violations can cost ECU a fine of up to $1.5 million dollars, and you could be criminally liable for such a breach, including termination, fine and imprisonment.

Protected Health Information (PHI) must only be stored on university-approved and authorized devices. If you are unsure about your storage device, please contact the IT Security Team at ITSecurity@ecu.edu.

In the News

The State of Alaska announced in June 2012 that it is paying $1.7 million to the Federal Government for a 2009 security breach of patient data.  A federal investigation following the breach found inferior security measures in place at Alaska’s Department of Health and Social Services.  In October 2009, a portable hard drive was stolen from the car of an employee who worked for the State Health Department.

Jan 232013

Related topics: Data encryption | map a drive | network storage | information security | safe computing practices | virtual private network (VPN)

Your personal ECU Piratedrive is a versatile tool that keeps your files secure, creates an automatic backup, and provides off-campus access to your work files.

But there’s more—with a department Piratedrive, multiple users can share data, update files (while controlling versions) and avoid that dreaded “email blizzard.”

Personal Piratedrive (The “U” drive)
A 40-GB Piratedrive folder is created for every faculty, staff and student at ECU. When logged in to the INTRA network on campus or remotely connected to the INTRA network through a virtual private network (more on that in a bit), you have access to this folder, which is labeled as “U.”  Piratedrive folders are secure and backed up nightly.

So, rather than storing your work files on your work computer or laptop—systems more susceptible than ever to compromise and data loss—save all your work to the “U” drive.  In this way, your ECU data is secure, automatically backed up with files easily retrieved on campus or off. To learn more about this versatile tool, visit the Mac or Windows information page:

While 40GB of storage sounds like a lot, it may not be enough to store all your documents.  Video and music files, for example, can quickly eat up your storage space. To request more storage, contact the ITCS Help Desk at 252.328.9866/1.800.340.7081.

Department Piratedrive
Upon request, the university also provides departments with a 50GB Piratedrive folder. Each folder requires a department administrator who manages data and user permissions. Share data but avoid the hassle of multiple emails and multiple document versions. Like personal Piratedrive folders, department folders are backed up nightly and secure. But unlike personal Piratedrives, users must manually map a drive (create a shortcut) to a department folder. To learn more, visit the piratedrive website.

Off-Campus Access
You can access your Piratedrive off campus through the university VPN (Virtual Private Network) service. The VPN provides a secure tunnel through which you can connect to your Piratedrive without worrying about someone intercepting your data. Your Piratedrive (U) appears in your folder directory, just as it does on your office workstation.

For instructions on using this service, visit the Virtual Private Network website.

Frequently Asked Questions

Who has access to the files on my personal Piratedrive?
Your personal Piratedrive security is set up so that the “U” drive is only accessible by you as the owner of that folder. Nobody else can access your “U” drive data.

How is access to the files on our departmental Piratedrive managed?
For departmental Piratedrive data, a designated administrator in your area maintains security access controls through file and folder permissions. Security is set so that only those users designated by the admin can access the folder data.

Are the files and data stored on my Piratedrive safe from hackers?
No computer system can prevent every hacker attack, but your Piratedrive is firewall-protected, and access is only allowed to those persons connected to ECU’s network. However, a compromise of your PirateID or local computer can lead to a compromise of the files on your Piratedrive. The entire ECU community should follow safe computing practices  both on and off campus.

Are my files backed up?
Yes, data on Piratedrive is backed up nightly.

What if I delete some files and realize I still need them?
ITCS maintains disk images of Piratedrive for 14 days, and users can restore data using the “Previous Versions” tab in Windows Explorer. If it has been longer than 14 days, a monthly backup is retained for 3 months. This can also be accessed through the “Previous Versions” tab in Windows Explorer.

How can I find out more about Piratedrive options?
Visit the ITCS Piratedrive web page for information on the Piratedrive. Jump to the specific topic for which you need assistance. If you have questions, please contact the ITCS Helpdesk 252.328.9866/1.800.340.7081.

Jan 092013

Data Privacy Month is an annual EDUCAUSE effort to empower people to protect their privacy and control their digital footprint, as well as escalate the protection of privacy and data as everyone’s priority. This year’s Data Privacy Month Planning Task Force selected weekly themes for the higher education community to focus on. Several free Webinars will also be offered throughout the month of January.

View the month’s schedule of live Webinars at EDUCAUSE: www.educause.edu/dpm.

Register at the EDUCAUSE Live Web site with either your EDUCAUSE account or your e-mail address by visiting http://www.educause.edu/conferences-events/educause-live-webinars.
Register for this webinar
Webinar Overview: Do you really want everyone to know you are out alone at midnight by “checking in” at your local donut shop? Do you use your phone for banking, without password protecting the device?

This free hour-long Webinar will outline the steps you need to take to protect your data privacy when using a mobile device.