Policies and Procedures
The Utah Telehealth Network Network and Information Security Policy (pdf) was developed with collaboration and guidance of the Utah Telehealth Network Technical Subcommittee, the Advisory Board (now Council), the University of Utah Office of General Counsel and the University of Utah Information Security and Privacy Office.
The policy was updated on 2/20/2015 by the UETN Governing Board at the recommendation of the Advisory Council and Technical Subcommittee, who worked with Utah Telehealth Network staff to address vulnerability remediation. The policy is intended to encourage member sites to remediate vulnerabilities within a defined timeframe. If not, sanctions may be implemented and the Utah Telehealth Network Vulnerability Compliance Procedure must be followed.
Utah Telehealth Network Vulnerability Management Procedure (pdf), details of the procedure, also approved, include a communication plan, sanctions, and a timeline. Vulnerabilities are defined by levels 1 through 5, with level 5 being the most severe. A level 5 vulnerability can lead to the compromise of a site’s entire network security.
The communication plan includes notification of the vulnerability and guidance for remediation, written and verbal communication, multiple warnings regarding pending sanctions, and a generous timeline.