Scribd Logo
Upload

Welcome to Scribd!

  • High Risk Data Attestation

    Uploaded by

    boxerito
    13 views5 pages

    Original Title

    HighRiskDataAttestation

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views5 pages

    High Risk Data Attestation

    Uploaded by

    boxerito

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    High Risk Data Attestation

    Antonio Guerrero
    Department: Radiology
    Attestation Status: submitted on June 27th, 2023

    About High Risk Data

    What is high risk data?

    High risk data contains protected health information (PHI), personally identifiable information (PII), financial data,
    employment records, research data involving human subjects, and user accounts or system passwords providing
    access to these data types.

    Do I need to answer every question?

    Yes, it is important that you read each question carefully and respond truthfully and accurately. If you encounter
    a question that describes a situation you have never been in before, please answer how you would
    behave or act if you were in that situation.

    How often will I need to complete this attestation?

    This attestation is required annually of Weill Cornell Medicine workforce members. You have 45 days to complete
    the attestation once the course is assigned.

    Who do I contact if I have questions about the attestation?

    Please direct all questions to its-security-compliance@med.cornell.edu. If you experience technical issues accessing
    the attestation please email support@med.cornell.edu.

    Devices and Storage

    Devices tagged by ITS

    I am the primary user or responsible person for the following device(s) tagged by ITS, whether or not there is high
    risk data on the device(s):

    Laptops 1

    Desktops 0

    Smartphones 0

    Tablets 0

    Total 1

    Other Personal Devices (not tagged by ITS)

    I access WCM high risk data through devices owned by me or my family.

    Laptops 0

    Desktops 0

    Smartphones 0
    Tablets 0

    Total 0

    Other Public Devices (not tagged by ITS)

    I access WCM high risk data through devices not owned by me, WCM, or NYP (e.g., public library, café, or
    hotel kiosks).

    True

    False

    External Storage Devices

    I use the following external device(s) for storing WCM high risk data:

    USB removable drives (pen drives, thumb drives, memory sticks, etc.) 0

    External hard drives (USB, FireWire, eSATA, etc.) 0

    Optical media drives (CDs, DVDs, BDs) 0

    Total 0

    Cloud Storage Services

    I use personal versions (paid or free) of cloud storage and collaboration services not provided by WCM
    for storing WCM high risk data (e.g., consumer versions of Box, Dropbox, Google Drive, OneDrive, etc.).

    True

    False

    High Risk Data


    In your role at Weill Cornell Medicine, do you work with or could you receive any of the following
    information (excluding your own personal information)?

    Personally identifiable information or "PII" (an individual's SSN, date/place of birth, mother's
    maiden name, and other demographic information)
    Protected health information or "PHI" (data found in clinical systems, such as MRNs, account
    numbers, dates, medical diagnoses, etc. See full list of 18 identifiers)
    Personally identifiable financial information (credit card numbers, billing and claims information,
    etc.)
    Employment records (salaries, benefits, performance reviews, etc.)
    Research data involving human subjects (data used in clinical trials or other research)
    User accounts or system passwords that provide access to information systems containing any of
    the above

    Yes

    No

    Compliance
    As you DO NOT view, save, or transmit high risk data as part of your responsibilities at WCM, please review the
    following statements regarding security and privacy compliance. For each statement, please select the most
    appropriate response: True, False, or Unsure.

    Selecting False or Unsure will provide a box to explain your answer. Please give as much detail and be as truthful
    as possible; we will use this information to help remedy the situation.

    Data Access

    To the best of my knowledge, I do not have access to high risk data (aside from my own) in any system
    (e.g., calendar, email, file server, applications, etc.) or in paper form.

    True

    False

    Unsure

    Paper Media

    I do not normally receive high risk data in electronic or paper form (e.g., email, files, faxes, post, etc.) as
    part of my job. If and when I do receive such data by mistake, I immediately purge the information and
    follow up with my supervisor and the Privacy Office to ensure that the mistake does not happen again.

    True

    False

    Unsure

    Human Subjects Research

    I do not participate in human subjects researchResearch data involving human subjects that are subject to
    the Federal Policy for the Protection of Human Subjects (Common Rule) as defined in Title 45 CFR §46.101
    et seq. for which I have access to subject identifiers, such as study identifications to medical record
    number (MRN) tables.

    True

    False

    Unsure

    Policies and Procedures

    Even though I do not view, save, or transmit high risk data at WCM, I understand I am still responsible for
    complying with WCM policies and procedures.

    True

    False
    Unsure

    Workstation Management

    I always lock the computer or log off my session when stepping away, even if only for a few minutes.

    True

    False

    Unsure
    I do not share my device’s connection to the WCM network with other devices.

    True

    False

    Unsure
    I consider software licensing terms (End User License Agreements) before installing software on my WCM
    computer. I understand that some software may not be installed in a business environment without the
    appropriate license agreements in place.

    True

    False

    Unsure
    I try to refrain from storing files on my local hard drive to prevent data loss, and I instead store files on my
    departmental file share, OneDrive, Box, or other storage services approved by ITS.

    True

    False

    Unsure

    Certification
    Please state if you Agree or Disagree with all statements below to finish the attestation:

    I certify that the information I provided is complete and accurate.


    I certify that I am aware of and will comply with all WCM security and privacy policies around high
    risk or confidential data.
    I also understand that protection of the devices I have declared and any sensitive data I use as
    part of my role at WCM is a personal and professional responsibility.
    I understand that I am required to follow state, federal, and WCM policies in order to safeguard
    and protect regulated data.
    I understand that I will not be retaliated against for responding accurately to this attestation.
    I also certify that I will update this attestation if there are any future changes.

    I Agree
    I Disagree

    You might also like