All faculty, staff, trainees, students and others in Loyola’s HIPAA Covered Components must comply with the following policies:

• Everyone must use “strong” passwords (12 – 14 characters, with at least two letters and two non-letters) for computer and application access and must comply with ITS password security standards.

• Everyone must immediately report incidents that may involve the loss of, improper disclosure of, or improper access to PHI or ePHI (for example, the loss or theft of paper PHI; the loss or theft of a computer, smartphone, or thumb drive storing ePHI; or an electronic intrusion into a computer storing ePHI).

• You may never store ePHI on thumb drives or other portable media, unless they meet Loyola ITS encryption standards.

• If you must forward or exchange ePHI data files or datasets outside the University network, you must use the ITS Secure File Transfer Facility.