axiUm Remote Access HIPAA Compliance Policies & Privacy, Confidentiality, and Information Security Management Form

As a user of University of Minnesota computing resources and data, I understand that I have the following responsibilities: • Comply with U of M policies; • Support compliance with federal and state statutory and regulatory requirements; • Protect access accounts, privileges, and associated passwords; • Maintain the confidentiality of information to which I am give access privileges; • Accept accountability for all activities associated with the use of my individual user accounts and related access privileges; • Not to change the computer configuration unless specifically approved to do so; • Not to disable or alter the anti-virus and/or firewall software; • Not to download, install or run unlicensed or unauthorized software; • Use only licensed and authorized software; • Ensure that my use of U of M computers, e-mail computer accounts, networks, and information accessed, stored or used on any of these systems is restricted to authorized duties or activities; • Report all suspected security and/or policy violations to: abuse@umn.edu, privacy@umn.edu, or 612-624-7447 I understand that where I have access to or use of information classified as PRIVATE, additional protections are expected. Protected health information is an example of PRIVATE information. I understand that any PRIVATE information collected or obtained from, analyzed, or entered into any U of M information management system(s) or database(s) is the property of the U of M unless otherwise specified by contract. I understand that I must maintain and safeguard the confidentiality of any and all U of M PRIVATE information accessed or obtained in the performance of my authorized duties or activities. I will not access, use, and/or disclose PRIVATE information for any purpose other than the performance of authorized activities or duties. I will limit my access, use and disclosure to the minimum amount of information necessary to perform my authorized activity or duty. I will safeguard all PRIVATE information by holding it in the strictest confidence and by refusing to allow others to access information unless my authorized activities require that I do so. In such cases, I will disclose or allow access only to individuals having appropriate authority to access, receive and use such information. I understand that my access to systems that have PRIVATE information may be monitored to assure appropriate access and compliance with system integrity. I understand that authorized use carries with it the responsibility to follow the U of M Privacy and Security policies that govern the use of PRIVATE information, computers, and networks. I understand that authorized use carries with it the additional responsibility to follow the University of Minnesota axiUm Remote Access HIPAA Compliance Guide. I understand that failure to comply with the above Privacy, Confidentiality, and Information Security agreement may result in disciplinary action up to and including denial of access to information and termination of my employment at the University to Minnesota. Additional axiUm Remote Access HIPAA Compliance Policies • Downloading of Electronic Protected Health Information (EPHI) and/or axiUm data onto non AHC-supported computers or other devices is strictly prohibited. • In the event that your username and/or password are lost, stolen or compromised, contact axiumsod@umn.edu immediately and new information will be assigned to you. • Report theft of device used to connect to axiUm immediately to the University Police (612-624-2677). Additionally, contact the following for the loss/theft of a device used to connect to axiUm: Privacy Office (privacy@umn.edu) Violations of Security, Acceptable Use, Technology Resources and Threats of Violence Email (abuse@umn.edu) AHC-IS (612-626-5100) Dental IT Team (axiumsod@umn.edu) • Only employees who are allowed access to access EPHI while offsite will be granted access to the DTS00 terminal server. Do not share your remote access username and password with any other users. • When not actively using axiUm, you are required to log out of the axiUm system, and then log off the remote DTS00 terminal servers. • Devices that connect remotely to axiUm must have the security defined in OIT's Enhanced Security for Computers and Other Electronic Devices. • Review all compliance guidance in the axiUm Remote Access HIPAA Compliance Guide. By e-signing this Agreement, I understand and agree to abide by the conditions imposed above.
* Required




Never submit passwords through Google Forms.