Our Entire Primary Data Center Is Now HIPAA Compliant

This is an email that went out from the university CIO on September 8, 2016

Since the primary data center opened about 5 years ago, we had a number of cabinets with card readers to secure health information protected by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA was enacted in 1996 and addresses the security and privacy of health information.

 The University Data Center (UDC) organization achieved a significant milestone last week, when the Information Security Office (ISO) gave HIPAA Security Physical Compliance Approval for our entire primary production data center. All customers who use the data center can rest assured that all compliance procedures--physical and security measures--as well as training to store HIPAA data on premises are in place.

 Exhaustive physical security and procedural audits were performed. Remediation had to be completed and vulnerabilities mitigated before the ISO would be able to approve the data center as HIPAA compliant. After ISO reviewed and approved we had met all requirements, UT Austin attorney in Legal Affairs, Jeff Graves, reviewed the audit and agreed that the primary data center can now be designated as HIPAA approved.

 Special thanks to Brad Fawver, who led this effort; Ron Williams and his team, who worked to improve and harden many of the locks and doors around that site; and to everyone who completed the required HIPAA training. Over the course of the past year almost everyone on the UDC team contributed to this effort. Congratulations on a job well done, and thank you for all your hard work to help us reach this goal!

 Now that the entire primary data center is HIPAA-approved for systems that contain health information, we can look to the future. Within the next year, all other data centers that we manage will be brought up to the same level of compliance and will become HIPPA approved. Our commitment is to continually improve physical security on our campus data centers and network operating centers to maintain the safety of University data.

 As we approach Cyber Security Awareness Month (CSAM) in October it is good to remember that physical security is also a vital component for protecting data and meeting a variety of compliance and policy requirements and standards.

--- Brad Englert, Chief Information Officer

The University of Texas at Austin

Questions or comments? The best and easiest way to contact us is via the CNS Help Desk form.

See also: General, Security, UDC