• Notification: Important changes to access Clinical Follow-Me-Desktop (FMD) coming – Immediate action required

    Computers used to access the clinical FMD environment will be required to have a new software product called VMWare View installed in order to access the environment after March 29, 2017. 

     

    For University Owned Computers - On March 11, 2017, the Medical School IT department is deploying the required software to most university owned computers that need this software.  If your university owned computer does not receive this software, you may visit the IT SoftStore after March 17 to request an automatic installation of the software title “FMD Client”.

     

    For Student and/or Personally Owned Computers – Please visit this link to locate instructions for downloading and installing the software on your computer.

     

    For more information, please visit this website hosted by UMMHC.

  • Notification: Important changes to access Clinical Follow-Me-Desktop (FMD) coming – Immediate action required

    Computers used to access the clinical FMD environment will be required to have a new software product called VMWare View installed in order to access the environment after March 29, 2017. 

     

    For University Owned Computers - On March 11, 2017, the Medical School IT department is deploying the required software to most university owned computers that need this software.  If your university owned computer does not receive this software, you may visit the IT SoftStore after March 17 to request an automatic installation of the software title “FMD Client”.

     

    For Student and/or Personally Owned Computers – Please visit this link to locate instructions for downloading and installing the software on your computer.

     

    For more information, please visit this website hosted by UMMHC.

Protect the Cloud

Cloud9 Securing IT

Connectivity and Security Enabling an Evolution

Information Technology department announced new summer initiative — Cloud9 to improve connectivity services to the medical school community, students, faculty and administration. Cloud9 is launching with ServiceNow, Outlook 365, Dropbox, and ultra-speed wireless connection!

To ensure that our cloud partners comply with the legal and compliance needs of the Medical School, a multi-departmental team was formed to apply necessary due-diligence. Microsoft’s Office 365 and Dropbox Business have been identified as appropriate solutions for specific types of use. The matrix below identifies the key areas that were reviewed and presents our guidance for the proper use of Office 365 and Dropbox.


Cloud9 Product


Contract Review


Business Associate Agreement Review


Security Assessment


Privacy Assessment

Type of Information Approved

Office 365

Cloud9-complete

Cloud9-complete

Cloud9-complete

Cloud9-complete

Based on the reviews and assessments:

Confidential, Internal and Public data is acceptable. This means PHI and PII is acceptable. For example, research data.

Dropbox

Cloud9-complete

Cloud9-complete

Cloud9-not-complete

Cloud9-not-complete

Based on the reviews and assessments:

Internal and Public data is acceptable.

No PHI or PII can be stored in Dropbox.
For example, meeting agendas.

 

Contract Review:
The University of Massachusetts Medical School Information Technology Department engages the President’s Office General Counsel’s Department for any contract review. Contracts are reviewed by General Counsel both generally for any legal terms that are acceptable or not, as well as specific Information Technology related terms to ensure the Medical School is agreeing to appropriate terms as acceptable to both the Medical School and General Counsel’s Office.

Business Associate Agreement Review
The University of Massachusetts Medical School Information Technology Department engages the Senior Privacy Officer, Commonwealth Medicine’s Office of Compliance and Review, as well as the Office of General Counsel, to ensure a Business Associate Agreement is in place when necessary and required, and includes agreed upon language.

Security Assessment
The University of Massachusetts Medical School Information Technology’s Information Security Office conducts security assessments of IT vendors when requested. The security assessment is not a one size fits all, however, a baseline security review is applied for IT vendors. For example, the Information Security Office assists with the contract review. In addition, various third party attestation reports are obtained to verify controls are designed appropriately and functioning effectively, including: HITRUST CSF, SOC2 or SOC3 (AT101), NIST, etc.

Privacy Assessment
The University of Massachusetts Medical School Information Technology Department engages the Senior Privacy Officer to ensure an assessment of the privacy requirements for the IT vendor is complete.

*Acronym Definitions:
PHI: Protected Health Information
PII: Personally Identifiable Information
SOC2 Type II: Report on Controls at Service Organization Relevant to Security, Availability, Processing Integrity, and Confidentiality
HITRUST: The Health Information Trust Alliance – Common Security Framework

Save

Save

Save

Save

▴ Back To Top