Policy Compliance
To assist Feinberg faculty, staff and students in being compliant with policy, Feinberg IT has developed a brief overview of the need-to-know policy information for various applications, hardware and data. Links to additional detail is included when available.
-
Encryption:
All laptops, handheld devices and portable storage devices of all types must be encrypted. Feinberg IT will encrypt these devices prior to delivery to the end user.
Mobile devices like iPhones, iPads, Android and Windows phones are compliant if encrypted. This happens automatically with most devices when a pin is used.
-
Storage:
Feinberg data, including grant information, research data and student information, must only be stored on university-provisioned devices. Data cannot be stored on cloud services (e.g., Dropbox) without an agreement with the university. Feinberg data can be stored on medical school servers, commonly called FSMFiles or FSMResFiles. Box may be used as long as no PII or PHI is stored.
NAS devices are not permitted at Feinberg.
-
Email:
Auto-forwarding outside Northwestern University and its affiliates is not permitted. If you have previously forwarded to sites such as gmail.com, comcast.net or aol.com, you will be contacted by Feinberg IT about how to move your emails to university servers and how to stop forwarding your emails.
-
Smartphones/Tablets:
You may use a smartphone or tablet for work purposes only if the device requires that you enter a PIN to unlock it. This PIN also encrypts the device. For Android devices, encryption must also be enabled in addition to having a PIN. Please contact Feinberg IT for more information.
-
Purchasing Computers and Devices:
All devices with a hard-drive must be purchased, onboarded and deployed by Feinberg IT. These devices include laptops, desktops, tablets, flash drives (thumb drives) and external drives. We are happy to complete your order by including the purchase of accessories such as mice, connectors and keyboards, but these items can also be purchased through your department/unit personnel.
Please create a ticket with Feinberg IT for your order.
-
Electronic Health Information:
Access to the electronic medical data for research purposes is governed by the Research Use of EDW data policy. Commonly asked questions and answers about this policy can be found on the EDW FAQ page.
-
Thumb/Flash Drives:
Thumb drives must be encrypted. Please contact Feinberg IT if you require assistance.
-
Is My Machine Managed?
If you are concerned that your device is not managed (no purple Feinberg Help shield), contact Feinberg IT.
-
De-identified Data Definition:
Data are not de-identified until all 18 HIPAA identifiers are removed. They are:
1. Names
2. Geographic subdivisions smaller than a state
3. All elements of dates (except year)
4. Telephone numbers
5. Fax numbers
6. Electronic mail addresses
7. Social security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers
13. Device identifiers and serial numbers
14. Web Universal Resource Locators (URLs)
15. Internet Protocol (IP) address numbers
16. Biometric identifiers
17. Full face photographic images
18. Any other unique identifying number -
Student Email:
Remember that u.northwestern.edu, fsm.northwestern.edu and md.northwestern.edu is not secure for PHI or PII. Please use @northwestern.edu addresses if you are involved with research, patient, student or other secure data.