University of New England
Return to HomeITS - No Top Photos
Safeguarding Protected Confidential Information
The University Of New England will implement appropriate administrative, technical, and physical safeguards that will reasonably safeguard protected confidential information from any intentional or unintentional use or disclosure that is in violation of UNE Security Policies.
Following are protocols establishing minimum administrative and physical standards regarding the safeguarding of confidential information that each UNE department must enforce, if applicable. UNE departments may develop additional protocols and procedures that are stricter than the parameters set forth below. The Policy Committee must approve the development and implementation of all protocols, policies and procedures stated in this policy, as well as any additional policies or protocols safeguarding Confidential Information.
University Of New England personnel must reasonably safeguard confidential information to limit incidental uses or disclosures made pursuant to an otherwise permitted or required use or disclosure.
Oral Communications
UNE staff must exercise due care to avoid unnecessary disclosures of confidential information through oral communications. Conversations in public areas should be avoided. Voices should be modulated and attention should be paid to unauthorized listeners in order to avoid unnecessary disclosures of confidential information.
Dictation and Telephone Conversations
Telephone conversations should be conducted away from public areas, if possible. Speaker phones only should be used in secure areas.
Cellular Telephones
Digital or landline telephones rather than cell phones should be used if the conversation will involve the disclosure of particularly sensitive confidential information.
Telephone Messages and Appointment Reminders
Messages may be left on answering machines and voice mail systems. However, employees should limit the amount of confidential information that is disclosed in a telephone message. Telephone messages should never be left that include "particularly sensitive confidential information."
Faxes
The following procedures must be followed when faxing Confidential Information:
| • | Only the confidential information necessary to meet the requester’s needs should be faxed. | |
| • | "Particularly sensitive confidential information" should not be transmitted by fax, except in emergency situations or if required by a government agency. If "particularly sensitive confidential information" must be faxed, the recipient should be notified immediately prior to the transmission and the sender should immediately confirm that the transmission was completed, if possible. | |
| • | All faxes containing protected confidential information must be accompanied by a coversheet that includes a confidentiality notice. (See fax policy.) | |
| • | Reasonable efforts should be made to ensure that fax transmissions are sent to the correct destination. Frequently used numbers should be preprogrammed into fax machines or computers to avoid misdialing errors. Preprogrammed numbers should be verified on a routine basis. The numbers of new recipients should be verified prior to transmission. | |
| • | Fax machines must be located in secure areas not readily accessible to visitors and patients. Incoming faxes containing confidential information should not be left on or near the machine, but should be delivered to the recipient. | |
| • | Fax confirmation sheets should be reviewed to ensure the intended destination matches the number on the confirmation. The confirmation sheet should be attached to the document that was faxed. | |
| • | All instances of misdirected faxes containing confidential information should be investigated. |
Protected confidential information should be mailed within University Of New England in sealed envelopes. Confidential information mailed outside the University Of New England should go via first class mail and should be concealed.
Copying
Copies should be made only by authorized staff members. Photocopying confidential information should be done only when (1) necessary for University of New England operations, (2) when authorized by departmental protocols, or (3) when required by law. Photocopying of "particularly sensitive confidential information" should be strictly monitored.
Destruction Standards
Protected confidential information must be discarded in a manner that protects the confidentiality of such information. Paper and other printed materials containing confidential information should be destroyed or shredded. Magnetic media and diskettes containing confidential information should be overwritten or reformatted.
Physical Safeguards
Paper
Paper containing confidential information must be stored or filed to avoid access by unauthorized persons. Some type of physical barrier should be used to protect paper from unauthorized access and or physical hazards like fire or floods. Paper containing confidential information on desks and counters must be placed face down or concealed to avoid access by unauthorized persons. Paper containing confidential information should be secured when the office is unattended by persons authorized to have access to paper records. Paper containing confidential information should not be removed from any UNE premise, unless necessary or required by law.
UNE employees should not remove paper containing confidential information for their own convenience. Paper containing confidential information removed from University premises must not be left unattended in places in which unauthorized persons can gain access. Paper containing confidential information must not be left in unlocked automobiles or in view of passers-by.
The theft or loss of any paper containing confidential information should be reported to the University of New England officials.
Escorting Visitors
Visitors must be appropriately monitored when on University of New England’s premises where confidential information is located to ensure they do not access protected confidential information about others without permission.
Computer/Work Stations
Computer monitors must be positioned away from common areas or a privacy screen must be installed to prevent unauthorized access or observation. The screens on unattended computers must be returned to the main menu or at a password protected screen saver. This means that persons not employed by the University should not be in areas in or where confidential information is stored without appropriate supervision. This includes vendors, salespeople, and employee guests.
- Libraries
- |
- eServices
- |
- Virtual Tours
- |
- Contact Us
- |
- Events
- |
- Email a Friend
- |
- Site Map
Two Maine Campuses:
University Campus, Biddeford / Westbrook College Campus, Portland · 207.283.0171
University Campus, Biddeford / Westbrook College Campus, Portland · 207.283.0171
Copyright © 2008 University of New England