IT Security

UMMS Security Policies:

System wide security policies supercede Member Organization specific policies on the same topics. For additional questions surrounding this, please contact the Member Organization IT site leadership.

UMMS IT Security Standards

UMMS Password Standard

UMMS Production Network Access

Please refer to this guide for instructions on how to access the UMMS Production Network via Wired or Wireless Connection. More information on UMMS Enterprise Wi-Fi Networks can be found here.

Email Security

University of Maryland Medical System information security policies and guidelines require that any messages containing restricted or protected health information must be sent securely. UMMS uses Symantec Email Encryption for the secure encryption of outgoing email messages. Refer to the User Guide for information on how to use this tool.

UMMS provides a Phish Alert Button in Outlook for reporting suspicious messages. Refer to this guide for instructions on using the Phish Alert Button.

Trusted Macros

As a protection against concealed Malware, UMMS blocks externally-created Microsoft Office Macros by default. If your job requires use of Macros from external sources that you know to be safe, this guide contains instructions to enable those Macros using a “Trusted Location”.

Vendor Onboarding

Prior to contracting with each new vendor, risk associated with that vendor is assessed. To learn more about the process, go to this page.

UMMS IT Security

The UMMS IT Security team is responsible for putting safeguards into place to support the confidentiality, integrity, and availability of information. They strive to protect the personal information of patients and employees as well as the computer systems where this information resides. Working with Corporate Compliance and other entities across the organization, the security team ensures UMMS is following the laws and regulations that have been put into place while continuing to embrace the benefits of new technology.

The Information Security Council, which is comprised of UMMS Leadership, provides governance and strategic directions for the UMMS IT Security Team. The council meets monthly. To view the Information Security Council charter, click here.

For a list of the security team's objectives, click here.

Contact Information:

IT security incidents, including suspected HIPAA violations and other privacy issues should always be reported to Corporate Compliance. Operational issues with IT Security tools, including web filtering, passwords, and malware issues, should be directed to the IS&T Helpdesk, click here.

Questions, concerns, and/or comments for the IT Security Council or the UMMS IT Security Team can be sent by email to ITS-SecurityTeam@umm.edu

This content is for Internal Use only.