Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

Personal health information is private and confidential. You can help prevent unauthorized access to health data by taking a few critical security steps whenever you access health records online.

• Use a strong password or passphrase that you can remember. A strong password is long (eight characters or more). It should include both alphanumeric characters and special characters. The application you are using should give you the requirements for your passwords.
• Avoid writing down your password or saving it in plaintext on your computer. A password manager might be useful for storing your passwords and creating strong passwords.
• Always log off before you close your web browser whenever you finish checking health information.
• Keep your browser (plus its extensions or plugins) up to date with the latest security updates. 
• Shred printed documents with health information before discarding them and don’t leave health information in plain sight.
• Securely erase health-sensitive data from your electronic files when you can discard it. Follow guidelines from the Penn Office of Audit, Compliance and Privacy when protecting Penn data, including shredding paper records and disposing of computers.
• Understand Penn Data Risk Classification when handling Penn health information, and know how to properly and securely handle the health data of students, staff, and patients.

If you need help determining the type of information you are handling or where to store it, check with your IT support staff.

Resources:

• Penn data risk classification: www.isc.upenn.edu/security/data-classification
• Protecting Penn data: https://oacp.upenn.edu/privacy/penndata/

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.