Overview

Patient data or images for clinical usage should not be stored within the O or Z drives and should be stored within clinical application systems that have been designed to provide adequate security and legislative compliance, as well as meeting appropriate storage and retention requirements.

Purpose

Provide standard concerning the appropriate usage and purpose of the O and Z drives which provide a secured storage area for file access and sharing between departments and customer clients.

Scope

This standard applies to UVa Health System employees and associated entities, and personnel

Description

All requests for new shared folders or an increase in space on an existing folder on the O or Z drive for educational, or research purposes will be referred to ITS who has the resources established to provide these services.

http://www.its.virginia.edu

All folders directly under O and Z are privately-shared folders requested by departments or workgroups. Each folder stores files that are to be shared amongst a specific group of individuals and only those individuals have access to the files. Each folder has an owner, who can define access rights, and a list of individuals with varying levels of access (read, write, create, and/or delete) to the files. Any department or group who has a need to share files on a permanent basis should contact the HSTS LAN group (MCCLANID in the Global Address Book).

Owner Responsibility:

  • Access rights: The owner should define who has access to the folder as well as the level of access (defined above) each person should have to the folder.
  • Annual review: The folder's owner should review content stored, access rights, and oversee a annual cleanup of the folder.
  • When a shared folder is going to store PHI information the owner must follow the procedure outlined below.

Folders Containing PHI:

When requesting Shared folders on the O and Z drive that will contain PHI, please contact the Information Security Office.

For further information please see Medical Center Policy No. 0163 for files containing PHI.

Document Supporting Resources