Information Security


Employees of the Department of Community Health and Family Medicine are expected to read and abide by University of Florida policies with regard to appropriate use of University computers and networks found at these web locations:

UF Acceptable Use Policy UF Privacy UF Information Security Florida Computer Crime Act

Family Education Rights and Privacy Act of 1974 UF Intellectual Property

After reviewing these policies employees are required to print and sign the Appropriate Use Policy form and return it to:

UF Department of CHFM 
Attn: AUP Form
Box 100237
Gainesville, FL 32610-0237

Healthcare Information Security Program

On April 14, 2003, a proposal to initiate a project for developing a security program for the information and computing environment of the Academic Health Center (AHC) was presented to Dr. Douglas Barrett, Vice President for Health Affairs. Subsequent presentations were made to the Health Science Center Deans and Dr. Chuck Frazier, University of Florida Vice Provost for Information Technology. The security program for the information and computing environment (SPICE) was subsequently approved and efforts to assess and secure the AHC data infrastructure were undertaken. Healthcare Security Policies that were once those of the original SPICE Program are now under the leadership of the  UF Information Security Office. (more)

Workforce Security Training Requirement

Everyone is responsible for information security including AHC leadership, management, faculty, staff, students and volunteers. The UF Health security policy requires annual training of the workforce in information security concepts, securing protect information and security best practices.

Security Orientation Information Security Checklist

Information Classification

The University of Florida is the owner of information generated or used by University employees while in the employ and conducting the business of the University, no matter where that information resides. As Owner, the University of Florida is responsible for prescribing certain levels of protection for information whose loss, corruption or unauthorized disclosure results in some level of adversity for the University or an individual. Levels of protection can be costly and not all types of information need to be protected at the same level. Going through a thoughtful effort to classify information types can help a College, Department or Unit decide on a rational information security implementation. According to current UF policy, information must be classified into one of three classifications; Restricted, Sensitive, or Open (unrestricted). When classifying information consider, how important (high, medium or low) it is to keep it confidential, how important (high, medium or low) its integrity is, and how important (high, medium or low) it is to be available. (UF Data Classification Policy)

Information Classification Tables for CHFM

Contingency Planning

Each Unit shall maintain a written contingency plan. The format of standard CP0001 may be used. It is the intent that Standard CP0001 provides a format that facilitates meeting all requirements of contingency planning policy. It is the responsibility of the Unit Information Security Administrator to ensure that all requirements of the contingency planning policies are satisfied.

Contingency Plan for CHFM

Departmental Policies

Each Unit shall must adhere to the UF Policies for Information Security. In addition each Unit may create additional policies to comply with accepted Security Policies and Technical Standards.