Policies and Procedures

The UETN Telehealth Services Network and Information Security Policy (pdf) was developed with collaboration and guidance of the UETN Telehealth Services Technical Subcommittee, the Advisory Board (now Council), the University of Utah Office of General Counsel and the University of Utah Information Security and Privacy Office. 

The policy was updated on 2/20/2015 by the UETN Governing Board at the recommendation of the Advisory Council and Technical Subcommittee, who worked with UETN Telehealth Services staff to address vulnerability remediation. The policy is intended to encourage member sites to remediate vulnerabilities within a defined timeframe.  If not, sanctions may be implemented and the UETN Telehealth Services Vulnerability Compliance Procedure must be followed.

UETN Telehealth Services Vulnerability Management Procedure (pdf), details of the procedure, also approved, include a communication plan, sanctions, and a timeline. Vulnerabilities are defined by levels 1 through 5, with level 5 being the most severe. A level 5 vulnerability can lead to the compromise of a site’s entire network security.

The communication plan includes notification of the vulnerability and guidance for remediation, written and verbal communication, multiple warnings regarding pending sanctions, and a generous timeline.