Report It
This icon appears on ISD employees' desktops and is utilized to report breaches.
What is the HPS Icon?
This is the only AI tool UPMC employees are approved to use.
What is Copilot?
This U.S. healthcare privacy law, passed in 1996, protects personal health information (PHI), and includes both a Privacy Rule and a Security Rule.
What is HIPAA (Health Insurance Portability and Accountability Act)?
This role is responsible for ensuring data quality, integrity and proper usage of data within a specific domain.
What is a data steward?
This must be in the subject line or assigned to all emails that contain PHI.
What is a "Secure" tagline or sensitivity label?
This is the first step upon discovery of a known or suspected breach.
What is notify the privacy department as soon as possible?
This type of data must never be entered into unsanctioned AI tools, as it could be stored or reused.
What is Protected Health Information (PHI)?
This federal regulation increases protections for records related to substance use disorder (SUD) treatment.
What is 42 CFR Part 2?
Aside from legal, IT Security, and privacy, this data governance role is responsible for approving data being shared outbound.
What is the information owner?
This action must be taken whenever an employee steps away from their desk to keep sensitive information secure.
What is locking their computer?
In addition to the HPS Icon, this UPMC Privacy Office page can be used to report incidents.
What is Viva Engage?
UPMC employees must follow this overarching set of principles when posting online.
What is the Code of Conduct?
This California law, passed in 2018, was the first major U.S. consumer privacy law giving residents rights over their personal data.
What is the CCPA (California Consumer Privacy Act)?
This department is responsible for managing offsite records storage and retention schedules.
What is records management?
This is the proper place for employees to dispose of any paper PHI.
What is a shred bin?
This term describes the process of informing affected individuals after a data breach.
What is a breach notification?
This UPMC page is where you can locate policy HS-IS0243, which outlines the acceptable use of AI technology.
What is the Infonet?
This law restricts telemarketing calls, robocalls, and text messages, and requires businesses to get consent before contacting consumers.
What is the TCPA (Telephone Consumer Protection Act)?
Commonly referred to as a DTA, this approves and documents the use of any data classified as Business Confidential or higher.
What is a data transfer authorization?
This document must be reviewed and approved before any data is shared.
What is a data transfer authorization?
This federal agency enforces consumer privacy protections and investigates data breaches.
What is the Federal Trade Commission (FTC)?
This UPMC division establishes standards regarding the adoption and acceptable use of AI.
What is the Information Technology division?
This European law, enacted in 2018, set a global standard for data privacy and includes rights like data portability and the right to be forgotten.
What is the GDPR (General Data Protection Regulation)?
To prevent unauthorized access to sensitive business information, this method must be used when disposing of physical UPMC documents.
What is shredding?
This form is necessary for an employee to send out information to a member.
What is a member request to use/disclose PHI form?