If you were asked to give someone your bank card and PIN number, would you do it? How about the keys to your home? If your answer is “no,” then you are on the right track to understanding the importance of securing your personal assets.
Securing Protected Health Information (PHI) and Personal Identifiable Information (PII) within our enterprise is a team effort that we take on when we work within the health care environment.
An easy way to mishandle PHI/PII is to send it through email or enter it into a website that is outside of the “.gru.edu” domain. For example, you submit an incident or request to the service desk and you receive a response requesting further information. Although the request is coming from the IT Service Desk, your email response is sent to the “.cerner.com” domain. By sending PHI/PII outside of the gru.edu domain, there is a risk that it could be intercepted during transit.
The important take away is never (under any circumstances), enter PHI or PII into an incident or service request ticket or any other open/non-approved network (e.g. internet). If a need arises where sensitive information must be shared, contact the IT Help Desk and/or visit the MOVEit page at: gru.edu/compliance/moveit.php.