SMPH IIT supports the following departments, institutes, and centers that reside in the Health Care Component (HCC): Department of Medicine, UW Carbone Cancer Center, Department of Emergency Medicine, Center for Women’s Health, Wisconsin Alzheimer’s Institute, the Center for Human Genomics and Precision Medicine, and the Center for Health Disparities Research.
As part of the Health Care Component (HCC), SMPH IIT is required by the UW-Madison HIPAA compliance office, SMPH Dean's Office and DOM IT to enforce HIPAA privacy and security rules, regulations, and policies. Refer to the important information below and contact DOM IT with any questions.
SMPH IIT = EPHI Environment
SMPH IIT services operate in an environment that has ePHI on servers. DOM assigned login credentials access ePHI from managed assets such as desktops, laptops and tablets. SMPH IIT operates with the expectation that all data and assets store and/or access ePHI, even if an employee or researcher thinks they do not store or have access to ePHI, SMPH IIT manages all assets as if all DOM authorized users, and every SMPH managed asset has access to ePHI.
Read this link to do your part: Safeguarding Workstations from Unauthorized Access to Protected Health Information (PHI)
HIPAA Training required prior to establishing DOM login
All employees in the HCC must complete HIPAA training prior to provisioning DOM login accounts and access to computers and data. The campus HIPAA privacy officer General HIPAA training requirement is found here: https://compliance.wisc.edu/hipaa/training/
Only approved computers allowed on SMPH IIT Network
Only approved devices are allowed on the wired network managed by SMPH IIT. Nonstandard devices (not ordered by the helpdesk) used for research requires this form to be submitted initially and annually thereafter: The Request for Non-Standard Device connection to DOM IT wired network
Warning Banner
Computers managed by SMPH IIT include a Warning banner at the pre-login text window that advises authorized and legitimate users of their obligations related to acceptable use of the computerized or networked environment(s) and their consent thereof. A pre-login warning banner also provides a definitive warning to any possible intruders that may want to access your system that certain types of activity are illegal.
Where to store your Data
You should store all your data to DOM file shares (e.g. drives G, K) which is a secure location
Learn more about what is a Network File Share and how to request one Network File Share Request Form
Data should only be stored on the network file shares and NOT on laptops and desktop computers local drive (C: drive on windows). Data on network drives is BACKED UP daily. Storing data on local laptops and desktops run the risk of losing data if the hardware malfunctions or stops working. If laptops are lost or stolen and contain PHI on the local drive a HIPAA security incident must be filed by SMPH IIT.
For use cases that require data to be stored on the local computer we highly recommend purchasing (via the helpdesk) Code42 backup service which costs approximately $45 annually.
UW Data Storage Finder is a campus tool to help identify storage options supported by centralized campus.
SMPH IIT Helpdesk Orders computers, software and accessories
All requests to order devices (desktop computers, laptops, tablets, peripherals, monitors, printers, scanners, etc.) require review, approval, and procurement by the DOM IT Helpdesk. Orders can only be procured with university funding. University funded (i.e. federal, grants, startup, gifts, UWMF faculty professional funds) items ordered are owned by the University. Under no circumstances do the items ordered become the property of the faculty and staff.
Devices and software use are prohibited from use for anyone that is not supported by DOM IT (including colleagues, friends, family, and neighbors).
Refer to the links below for standards and costs:
Cost of Windows OS - Standard Computers and Accessories
Cost - Apple computers & accessories
Can I keep or buy computers, tablets, or accessories?
Computers, tablets, and accessories purchased by DOM IT use University funds, therefore, it belongs to the University, and cannot be given or sold to the department, division, team, or individual. At the end of its supported life, it must be disposed of in accordance with University requirements and guidelines (including destruction of its internal storage, for security).
If you leave the Department, SMPH IIT will collect your computer, back up your files to a secure location (if you or your supervisor requests it) and, depending on its age, either reformat it for reuse or send it to SWAP (https://swap.wisc.edu/) .
Software
Read this link: What you need to know about software in the DOM IT environment
- Only SMPH IIT can install software, this is enforced by removing administrative rights on DOM computers to prevent malicious code and programs from running and starting a ransomware attack
- Removing administrative rights is required for all data service requests at UW-Madison
- Removing administrative rights satisfies the UW-Madison Cybersecurity requirements for the risk management framework and cybersecurity operations (National Institute for Standards and Technology (NIST) and the Center for Internet Security control
SMPH IIT is required to review all software purchases, and if approved place the order. This includes purchase orders and 3rd party software or software services. Cloud services such as Amazon, Google, Azure, and including 3rd party vendors that use these Cloud services are prohibited without prior evaluation and approval from the SMPH HIPAA Security Coordinator, DOM IT, and UW Cybersecurity.
Computer Standards
SMPH IIT identifies the standard manufacturers and models of computers supported. State contracts, security enforcement, performance with encryption, enterprise support, warranty service and DOM IT resources all are significant factors in selecting and maintaining the standard manufacturers and models. SMPH IIT participates with campus wide IT partners and procurement agents to identify manufactures and models that meet the needs of the university, capable of enforcing HIPAA technical controls, and are on the state contracts. This partnership allows campus to leverage deeply priced bundled discounts based on the combined purchases across the institution (i.e. if Dell and Apple products are the only choices that SMPH IIT procures and supports, those are the only products to be ordered).
Computer limit
During the ordering process, SMPH helpdesk, will ask if a new order is replacing a current computer and verify the amount of computers currently associated with the person the computer order is for. SMPH IIT only supports up to 3 electronic devices (desktop, laptop, and a tablet) per person.
Computer Replacement
SMPH IIT determines when the standard computers can no longer be supported and must be replaced. Manufacturer support, security risks, and interoperability with SMPH IIT infrastructure determine when certain make and models are no longer supported. SMPH IIT will provide annual inventory to divisions, departments, institutes and centers and will identify the computers that need to be replaced. The reports are planned for early in the calendar year to help with budget preparation. You may at some point be informed that your device is reaching the end of its serviceable life, and that you should talk to your supervisor about ordering its replacement. If you feel hesitant to do that, we can make that request for you. We want you to always have up-to-date and well-functioning equipment to work with.
Personal Devices
SMPH IIT does not support personal devices such as cell phones owned and paid for with personal funds.
Offsite Office Space
If your unit, department, center or institute is looking to move to a new facility outside of the UW-Madison campus area, please contact help@medicine.wisc.edu to schedule an assessment. SMPH IIT will assist with evaluating internet connectivity options and provide guidance.