Memorandum
TO: Council of Deans, Provost's Area Department Chairs,
Information Technology Steering Committee, Council on
Academic Computing, and IAIMS
FROM: James V. Maher, Provost and Senior Vice Chancellor
Arthur S. Levine, Senior Vice Chancellor and Dean, School of Medicine
DATE: May 15, 2002
Network Security Agreement
With this memo we enclose an agreement that we have reached with the UPMC Health System (UPMCHS) to formalize the coordination of the computer networks of the University of Pittsburgh and the UPMCHS in areas in which the utilization of patient data dictates a high degree of security. This agreement sets out the framework to ensure that appropriate network resources and services are provided for in the research environment while ensuring the highest level of network security. Since the agreement contemplates that each research server that contains sensitive information will have an academic administrator who bears responsibility to restrict access to the server to appropriate researchers who have been trained in the maintenance of security and who have committed themselves to maintaining that security, it is essential that all deans and department chairs study the attached agreement and work with Computing Services and Systems Development (CSSD) to learn to discharge their responsibilities.
The training in maintenance of security and privacy will require careful thought from an appropriate group who understand faculty needs as well as security and privacy needs. The IAIMS (Integrated Advanced Information Management Systems) group is clearly the right group to develop the extensive education program for all researchers who have access to sensitive data, but we charge them to maintain communication with the Council on Academic Computing during the process.
Providing an effective environment for research in the presence of security of the level required for modern standards of patient-record confidentiality is very difficult and a problem with which all major academic health centers are wrestling. The attached agreement was reached only after careful study of the best practices throughout the nation, and we can take pride that our agreement, implemented carefully and intelligently, will almost certainly be a model for others. Mr. Dan Drawbaugh, the Chief Information Officer of the UPMCHS, has shown great sensitivity in helping us to protect our ability to do excellent research under conditions where he is under great pressure to attend to pressing information security issues. We appreciate his partnership in reaching the attached agreement and the very strong underlying partnership in all our health-related endeavors between the University and UPMCHS.
Attachment
cc: Chancellor's Senior Staff
Michael Crouch, Office of Research Director
Randy Juhl, Office of Research Conduct and Compliance
Dennis Swanson, IRB Director
Philip Troen, IRB Chair
Charles P. Friedman, Center for Biomedical Informatics Director
Jinx Walton, CSSD Director
Network Security Agreement