Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

ITS Exemption from Encryption Form - University of Texas

advertisement 
UTHealth at Houston
Exemption from Encryption Form
Revision 11/2013
Exemption from Encryption
Form
Device Information
Does the device store PHI? (PHI refers to Protected Health Information. See Appendix 1 for the
types of information classified as PHI)
Yes ☐
No ☐
Device description. What is the device type, model, etc.?
Click here to enter text.
Device location:
Click here to enter text.
Department or business unit owning/leasing the device:
Click here to enter text.
What sort of information is stored on the device? Provide details:
Click here to enter text.
UTHealth at Houston
Exemption from Encryption Form
Revision 11/2013
Requestor Information
Who uses the device? Supply name(s):
Click here to enter text.
Who supports the device: Provide IT Support Personnel name(s):
Click here to enter text.
Reason why encryption cannot be performed:
Click here to enter text.
Reason why the device cannot be retired or replaced:
Click here to enter text.
List compensating controls that are in effect or are proposed, e.g. no PHI will exist, restricted and
limited access to the device, prominently displaying a label on the device to state that it is NOT
encrypted and it should NOT be used to store any confidential information, etc.
The likelihood of exemption approval improves when compensating controls are in effect:
Click here to enter text.
-----------------------------------------------------Print name and sign here
--------------------------Date
I understand that by signing this form I affirm that the information provided on this form is
accurate and complete.



The form should be signed by someone other than IT, unless the device is owned by IT.
Expect a response within two weeks from submission to IT Security.
Submit the signed form – after the reviewers section is completed – to
ITS@UTH.TMC.EDU
UTHealth at Houston
Exemption from Encryption Form
Revision 11/2013
Exemption Reviewers
VP name (for central administration and UTP requests): Click here to enter text.
Approval comments: Click here to enter text.
Dean or Department Chair name (for school requests): Click here to enter text.
Approval Comments: Click here to enter text.
Exemption Approval
UTHealth CISO name: Click here to enter text.
Date Approved: Click here to enter a date.
Expiration Date: Click here to enter a date.
UT System Security Office Reviewer name (optional): Click here to enter text.
Approval comments: Click here to enter text.





Exemptions are no longer valid if any of the information provided on this form are
changed.
Exemptions from encryption cannot be permanent. They must have an expiration date.
Exemptions are no longer valid past the expiration date.
If an extension beyond the expiration date is needed then it is the requestor’s
responsibility to request an extension before the expiration date by resubmitting the form.
All approved exemptions shall be reported to the President in the Information Security
Program Annual Report to the President.
UTHealth at Houston
Exemption from Encryption Form
Revision 11/2013
Appendix I
Identifiable Information - Protected health information (PHI) is any information in the medical
record or designated record set that can be used to identify an individual and that was created,
used, or disclosed in the course of providing a health care service such as diagnosis or treatment.
There are 18 Identifiers according to HIPAA:
1. Names;
2 All geographical subdivisions smaller than a State, including street address, city, county,
precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code,
if according to the current publicly available data from the Bureau of the Census - the geographic
unit formed by combining all zip codes with the same three initial digits contains more than
20,000 people; and the initial three digits of a zip code for all such geographic units containing
20,000 or fewer people is changed to 000
3. All elements of dates (except year) for dates directly related to an individual, including birth
date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates
(including year) indicative of such age, except that such ages and elements may be aggregated
into a single category of age 90 or older;
4.
Phone numbers;
5.
Fax numbers;
6.
Electronic mail addresses;
7.
Social Security numbers;
8.
Medical record numbers;
9.
Health plan beneficiary numbers;
10. Account numbers;
11. Certificate/license numbers;
12. Vehicle identifiers and serial numbers, including license plate numbers;
13. Device identifiers and serial numbers;
14. Web Universal Resource Locators (URLs);
15. Internet Protocol (IP) address numbers;
16. Biometric identifiers, including finger and voice prints;
17. Full face photographic images and any comparable images; and
18. Any other unique identifying number, characteristic, or code (note this does not mean the
unique code assigned by the investigator to code the data)
Related documents
Non Hazardous Expired Chemical Exemption Request This request
Non Hazardous Expired Chemical Exemption Request This request
Application form for academic credit and exemption
Application form for academic credit and exemption
Description
Description
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
Hwk #11
Hwk #11
Mobile device
Mobile device
Syllabus - Polk School District
Syllabus - Polk School District
Walz saw the tax exemption for religious organizations as forcing
Walz saw the tax exemption for religious organizations as forcing
2013 Fire Safety Report - University of Texas Health Science Center
2013 Fire Safety Report - University of Texas Health Science Center
Download
advertisement