Professional Documents
Culture Documents
Antonio Guerrero
Department: Radiology
Attestation Status: submitted on June 27th, 2023
High risk data contains protected health information (PHI), personally identifiable information (PII), financial data,
employment records, research data involving human subjects, and user accounts or system passwords providing
access to these data types.
Yes, it is important that you read each question carefully and respond truthfully and accurately. If you encounter
a question that describes a situation you have never been in before, please answer how you would
behave or act if you were in that situation.
This attestation is required annually of Weill Cornell Medicine workforce members. You have 45 days to complete
the attestation once the course is assigned.
Please direct all questions to its-security-compliance@med.cornell.edu. If you experience technical issues accessing
the attestation please email support@med.cornell.edu.
I am the primary user or responsible person for the following device(s) tagged by ITS, whether or not there is high
risk data on the device(s):
Laptops 1
Desktops 0
Smartphones 0
Tablets 0
Total 1
Laptops 0
Desktops 0
Smartphones 0
Tablets 0
Total 0
I access WCM high risk data through devices not owned by me, WCM, or NYP (e.g., public library, café, or
hotel kiosks).
True
False
I use the following external device(s) for storing WCM high risk data:
USB removable drives (pen drives, thumb drives, memory sticks, etc.) 0
Total 0
I use personal versions (paid or free) of cloud storage and collaboration services not provided by WCM
for storing WCM high risk data (e.g., consumer versions of Box, Dropbox, Google Drive, OneDrive, etc.).
True
False
Personally identifiable information or "PII" (an individual's SSN, date/place of birth, mother's
maiden name, and other demographic information)
Protected health information or "PHI" (data found in clinical systems, such as MRNs, account
numbers, dates, medical diagnoses, etc. See full list of 18 identifiers)
Personally identifiable financial information (credit card numbers, billing and claims information,
etc.)
Employment records (salaries, benefits, performance reviews, etc.)
Research data involving human subjects (data used in clinical trials or other research)
User accounts or system passwords that provide access to information systems containing any of
the above
Yes
No
Compliance
As you DO NOT view, save, or transmit high risk data as part of your responsibilities at WCM, please review the
following statements regarding security and privacy compliance. For each statement, please select the most
appropriate response: True, False, or Unsure.
Selecting False or Unsure will provide a box to explain your answer. Please give as much detail and be as truthful
as possible; we will use this information to help remedy the situation.
Data Access
To the best of my knowledge, I do not have access to high risk data (aside from my own) in any system
(e.g., calendar, email, file server, applications, etc.) or in paper form.
True
False
Unsure
Paper Media
I do not normally receive high risk data in electronic or paper form (e.g., email, files, faxes, post, etc.) as
part of my job. If and when I do receive such data by mistake, I immediately purge the information and
follow up with my supervisor and the Privacy Office to ensure that the mistake does not happen again.
True
False
Unsure
I do not participate in human subjects researchResearch data involving human subjects that are subject to
the Federal Policy for the Protection of Human Subjects (Common Rule) as defined in Title 45 CFR §46.101
et seq. for which I have access to subject identifiers, such as study identifications to medical record
number (MRN) tables.
True
False
Unsure
Even though I do not view, save, or transmit high risk data at WCM, I understand I am still responsible for
complying with WCM policies and procedures.
True
False
Unsure
Workstation Management
I always lock the computer or log off my session when stepping away, even if only for a few minutes.
True
False
Unsure
I do not share my device’s connection to the WCM network with other devices.
True
False
Unsure
I consider software licensing terms (End User License Agreements) before installing software on my WCM
computer. I understand that some software may not be installed in a business environment without the
appropriate license agreements in place.
True
False
Unsure
I try to refrain from storing files on my local hard drive to prevent data loss, and I instead store files on my
departmental file share, OneDrive, Box, or other storage services approved by ITS.
True
False
Unsure
Certification
Please state if you Agree or Disagree with all statements below to finish the attestation:
I Agree
I Disagree