HSC Information Security Office
The HSC Information Security Office manages security safeguard in a balanced approach, protecting privacy and information systems while supporting business objectives. IT security works to maintain privacy by safeguarding Protected Health Information (PHI), sensitive business data and critical systems, while enabling the use of innovative technologies to achieve HSC business goals. By building partnerships with business leaders, HSC departments and user communities, the HSC Information Security Office helps improve awareness of how IT security supports and enables business functions that are critical to the HSC mission.
Compliance with the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)* is one outcome of an effective HSC information security program. The HSC Information Security Officer (ISO) is available to help workforce members* understand information security policies, standards and regulatory requirements applicable to HSC systems and users. Security awareness updates, notices and alerts are issued on a periodic basis to inform HSC workforce members about threats to HSC information assets. These updates and security training materials are also available on this website.
What Is “Information Security”? (Also referred to as "CyberSecurity".)
Information security is about the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. The CIA triad (confidentiality, integrity and availability) encompasses the core principles of information security. The goals are the same for IT Security, Information Security or CyberSecurity: protect confidential information and systems and ensure the integrity and availability of business information assets.
IT Security Analysts are information technology specialists who are accountable for designing and maintaining safeguards that secure electronic data as it is stored, processed, transmitted and/or shared. IT Security Analysts at the HSC provide the following IT security services and support:
- Administrative safeguards—Management of the selection and execution of security measures
- Technical safeguards—Automated processes to provide data protection and access control
- Physical safeguards—Protection of electronic systems, related buildings and equipment from environmental hazards and unauthorized intrusion
* Under HIPAA, "workforce member" includes employees, volunteers, trainees and other persons whose conduct, in the performance of work for a covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity. A person is acting under the authority of a covered entity or business associate if he or she is acting on its behalf. This may include a workforce member of a covered entity, an employee of a business associate or even a business associate of a covered entity.