UIC Health Science Colleges - Information Security


Information Security Policies, Procedures and Guidelines


The Health Science Colleges have devised this Information Security Program to implement information security policies, procedures, guidelines and best practices internal controls through its constituent Colleges' organizational structure in order to reduce risk to University information resources or to assets in the Colleges that are vulnerable and need protection.

The Health Sciences Colleges (Applied Health Sciences, Dentistry, Medicine, Nursing, Pharmacy and Public Health) formed a committee, "HSC HIPAA" (also known as the HSC IT Group), in early 2007 to examine Information Security issues affecting the Colleges in common. HSC HIPAA has participation from each College and is chaired by William Chamberlin, Chief Medical Officer of the University of Illinois Hospital.

One of the major initial efforts of HSC HIPAA was to review Information Security Policies created by the College of Medicine's Office of Informational Resources shortly before HSC HIPAA was constituted and modify them so that they could be used by all of the Health Sciences Colleges. These modified policies (HSC Version 1.0) were then presented to Provost R. Michael Tanner and the Health Sciences Colleges Deans on September 12, 2008 for endorsement which was given. Following that meeting, the HSC HIPAA group moved forward and began examining how to implement those Policies by creating Procedures to match them.

The current set of Policies, Version 3.0, has a revision date of 10/31/11 and is available below :

HSC Policies Summary and Hierarchy.pdf

Health Sciences Colleges Information Technology Group Security Policies Summary.pdf

HSC Policies mapped to complete HIPAA Security Standard and to HIPAA Privacy Rule part 164.530(c).pdf

HSC 0 Information Systems Security Program Policy.pdf

HSC 1 Access Controls Policy.pdf

HSC 2 Audit Controls Policy.pdf

HSC 3 Contingency Plan Policy.pdf

HSC 4 Device and Media Controls Policy.pdf

HSC 5 Facility Access Controls Policy.pdf

HSC 6 Information Access Management Security Policy.pdf

HSC 7 Workforce Security Policy.pdf

HSC 8 Transmission Security Policy.pdf

HSC 9 Security Incident Policy.pdf

HSC 10 Information Security Management Process Policy.pdf

HSC 11 Workstation Use Policy.pdf

HSC 12 Security Awareness and Training Policy.pdf

HSC 13 Messaging Security Policy.pdf

HSC 14 Information Systems Security Policy Planning.pdf

HSC 15 CISO Annual Report Policy.pdf

HSC PR14 Information Systems Security Policy Planning Procedure.pdf

HSC Policy Definitions.pdf



Home | Contact Health Science Colleges Representatives

Copyright 2011 Health Science Colleges, University of Illinois at Chicago