The University of Virginia (UVA) Health Information and Technology (HIT) Security office is responsible for supporting the Health System's objectives by protecting the confidentiality, integrity and availability of data.  The effectiveness of security administration relies on the design, review, and maintenance of reasonable and appropriate security controls that accommodate the complex interactions and business processes across and within UVA agencies and departments. 

A particularly important aspect of healthcare information security is the regulatory framework established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which identified administrative, technical and physical safeguards to protect electronic information and information systems and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 which promotes the adoption and meaningful use of health information technology.  Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information and includes provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

The strategy of HIT Security includes a multi-layered model for the protection of all highly sensitive data. The strategy incorporates life cycle management concepts to ensure that ongoing processes and procedures protect sensitive data while detecting and reacting to information security risks resulting from new and evolving threats and vulnerabilities.

Key areas of focus include:

  1. Information Security Policy (Risk Assessment and Treatment)
  2. Organizing Information Security (Internal and External Organizations)
  3. Asset Management
  4. Human Resources Security
  5. Physical and Environmental Security
  6. Communications and Operations Management
  7. Access Control
  8. Information Systems Acquisition, Development, and Maintenance
  9. Information Security Incident Management
  10. Information Security Aspects of Business Continuity Management
  11. Compliance (Legal requirements, Security Policies, Standards, and Technical Compliance; Information Systems Audit Considerations)
Request LAN Account

You can request a LAN account here.

Online Access Request (OAR)
Computer Security Incident Report

Note:  To report a compromised password, please call the HIT Help Desk at 434-924-5334 then complete this form.

This form is used to report all potential electronic information (computer) security incidents including but not limited to, misuse by authorized users, unauthorized access, computer viruses, worms, hacking, information system failure, and theft. In the event of computer equipment theft, timely notification of internal law enforcement and Health IT Security is critical. All incidents involving theft should be reported directly to the UVA Police Department On-Duty Supervisor (434) 924-7166, or if theft is still in progress dial 911. If the incident did not occur in the Charlottesville-Albemarle area, it should be reported to the appropriate police jurisdiction instead.

FAQs
Guides, Tools and Forms
How Tos
Additional Resources