Boilerplate Documentation

Data Access Description from Duke Compliance

Technical controls  The electronic source data are under strict access control. The server containing the EHR data is password protected and behind the Duke firewall, managed by DHTS (Duke Health Technology Services), with access only by DHTS computer support and the designated data steward. The firewalls are continually monitored. Registration of authorized users on the network is controlled by the system administrator. To access the network, the user must have an authorized user ID, an approved two factor device (cell phone with Duo application installed or a provided hardware token), and a password. Network privileges are established which set access rights and restrictions to network resources. Access privileges to sensitive, PHI data and operating systems within the network are controlled by user ID. Authorized users have specific levels of access including "read only" or “read and write” privileges as appropriate. Procedures are in place to ensure the safety and integrity of all data and programs within control. These procedures include virus prevention, hardware and software configuration management, backup management, disaster recovery, and incident response.

References

• Add link for Duke Compliance web site