DOM IT supports the following departments, institutes, and centers that reside in the Health Care Component (HCC): Department of Medicine, UW Carbone Cancer Center, Department of Emergency Medicine, Center for Women’s Health, Wisconsin Alzheimer’s Institute, The Office of Clinical Trials and the Center for Human Genomics and Precision Medicine.
As part of the Health Care Component (HCC), DOM IT is required by the UW-Madison HIPAA compliance office, SMPH Dean's Office and DOM IT to enforce HIPAA privacy and security rules, regulations, and policies. Refer to the important information below and contact DOM IT with any questions.
DOM IT = EPHI Environment
DOM IT services operate in an environment that has ePHI on servers. DOM assigned login credentials access ePHI from managed assets such as desktops, laptops and tablets. DOM IT operates with the expectation that all data and assets store and/or access ePHI, even if an employee or researcher thinks they do not store or have access to ePHI, DOM IT manages all assets as if all DOM authorized users, and every DOM managed asset has access to ePHI.
Read this link to do your part: Safeguarding Workstations from Unauthorized Access to Protected Health Information (PHI)
HIPAA Training required prior to establishing DOM login
All employees in the HCC must complete HIPAA training prior to provisioning DOM login accounts and access to computers and data. The campus HIPAA privacy officer General HIPAA training requirement is found here: https://compliance.wisc.edu/hipaa/training/
Only approved computers allowed on DOM IT Network
Only approved devices are allowed on the wired network managed by DOM IT. Nonstandard devices (not ordered by the helpdesk) used for research requires this form to be submitted initially and annually thereafter: The Request for Non-Standard Device connection to DOM IT wired network
Where to store your Data
You should store all your data to DOM file shares (e.g. drives G, K) which is a secure location
Data should only be stored on the network file shares and NOT on laptops and desktop computers local drive (C: drive on windows). Data on network drives is BACKED UP daily. Storing data on local laptops and desktops run the risk of losing data if the hardware malfunctions or stops working. If laptops are lost or stolen and contain PHI on the local drive a HIPAA security incident must be filed by DOM IT.
UW Data Storage Finder is a campus tool to help identify storage options supported by centralized campus.
DOM IT Helpdesk Orders computers, software and accessories
All requests to order devices (desktop computers, laptops, tablets, peripherals, monitors, printers, scanners, etc.) require review, approval, and procurement by the DOM IT Helpdesk. Orders can only be procured with university funding. University funded (i.e. federal, grants, startup, gifts, UWMF faculty professional funds) items ordered are owned by the University. Under no circumstances do the items ordered become the property of the faculty and staff.
Devices and software use are prohibited from use for anyone that is not supported by DOM IT (including colleagues, friends, family, and neighbors).
Refer to the links below for standards and costs:
Read this link: What you need to know about software in the DOM IT environment
- Only DOM IT can install software, this is enforced by removing administrative rights on DOM computers to prevent malicious code and programs from running and starting a ransomware attack
- Removing administrative rights is required for all data service requests at UW-Madison
- Removing administrative rights satisfies the UW-Madison Cybersecurity requirements for the risk management framework and cybersecurity operations (National Institute for Standards and Technology (NIST) and the Center for Internet Security control
DOM IT is required to review all software purchases, and if approved place the order. This includes purchase orders and 3rd party software or software services. Cloud services such as Amazon, Google, Azure, and including 3rd party vendors that use these Cloud services are prohibited without prior evaluation and approval from the SMPH HIPAA Security Coordinator, DOM IT, and UW Cybersecurity.
DOM IT identifies the standard manufacturers and models of computers supported. State contracts, security enforcement, performance with encryption, enterprise support, warranty service and DOM IT resources all are significant factors in selecting and maintaining the standard manufacturers and models. DOM IT participates with campus wide IT partners and procurement agents to identify manufactures and models that meet the needs of the university, capable of enforcing HIPAA technical controls, and are on the state contracts. This partnership allows campus to leverage deeply priced bundled discounts based on the combined purchases across the institution (i.e. if Dell and Apple products are the only choices that DOM IT procures and supports, those are the only products to be ordered).
During the ordering process, DOM helpdesk, will ask if a new order is replacing a current computer and verify the amount of computers currently associated with the person the computer order is for. DOM IT only supports up to 3 electronic devices (desktop, laptop, and a tablet) per person.