The Health Science Colleges have devised this Information Security Program to implement information security policies, procedures, guidelines and best practices internal controls through its constituent Colleges' organizational structure in order to reduce risk to University information resources or to assets in the Colleges that are vulnerable and need protection.
The Health Sciences Colleges (Applied Health Sciences, Dentistry, Medicine, Nursing, Pharmacy and Public Health) formed a committee, "HSC HIPAA" (also known as the HSC IT Group), in early 2007 to examine Information Security issues affecting the Colleges in common. HSC HIPAA has participation from each College and is chaired by William Chamberlin, Chief Medical Officer of the University of Illinois Hospital.
One of the major initial efforts of HSC HIPAA was to review Information Security Policies created by the College of Medicine's Office of Informational Resources shortly before HSC HIPAA was constituted and modify them so that they could be used by all of the Health Sciences Colleges. These modified policies (HSC Version 1.0) were then presented to Provost R. Michael Tanner and the Health Sciences Colleges Deans on September 12, 2008 for endorsement which was given. Following that meeting, the HSC HIPAA group moved forward and began examining how to implement those Policies by creating Procedures to match them.
The current set of Policies, Version 3.0, has a revision date of 10/31/11 and is available below :
HSC Policies Summary and Hierarchy.pdf
Health Sciences Colleges Information Technology Group Security Policies Summary.pdf
HSC 0 Information Systems Security Program Policy.pdf
HSC 1 Access Controls Policy.pdf
HSC 2 Audit Controls Policy.pdf
HSC 3 Contingency Plan Policy.pdf
HSC 4 Device and Media Controls Policy.pdf
HSC 5 Facility Access Controls Policy.pdf
HSC 6 Information Access Management Security Policy.pdf
HSC 7 Workforce Security Policy.pdf
HSC 8 Transmission Security Policy.pdf
HSC 9 Security Incident Policy.pdf
HSC 10 Information Security Management Process Policy.pdf
HSC 11 Workstation Use Policy.pdf
HSC 12 Security Awareness and Training Policy.pdf
HSC 13 Messaging Security Policy.pdf
HSC 14 Information Systems Security Policy Planning.pdf
HSC 15 CISO Annual Report Policy.pdf
HSC PR14 Information Systems Security Policy Planning Procedure.pdf
Copyright 2011 Health Science Colleges, University of Illinois at Chicago