We are at a heightened level of security due to creditable security threats to academic medical centers and health care providers. We are part of the Health Care Component for HIPAA and must enforce technical controls to protect PHI.
The UW–Madison IT Security Baseline Program in conjunction with the Secure End Point Configuration Matrix defines the minimal system security criteria. The unit’s departmental IT professionals are required to provide compliance verification to the HIPAA Security Coordinator and the Office of Cybersecurity.
- Users do not have local administrative privileges unless an exception is made by the department head, documented and reviewed annually
- specficies administrator access must be removed and end user permissions are not local admins