Project SIR: Help protect our sensitive information

Read a letter from Paul Godley, MD, PhD, MPP, vice dean, finance and administration, on Project SIR, an ongoing effort to help faculty and staff identify, correctly store or delete sensitive information.

UNC and the School of Medicine have partnered on an initiative designed to help ensure we are protecting the sensitive information that we have either created or has been entrusted to us. To aid in this responsibility, UNC has commissioned Project SIR, the Sensitive Information Remediation Project, to help faculty and staff identify, correctly store or delete sensitive information.

One vital component of this project requires all School of Medicine faculty and staff members to perform a scan of their computer using the program Identity Finder.

Initial scans of School of Medicine computers have already discovered: patient letters saved locally with name, MRN and diagnosis information; clinical data including spreadsheets of clinic patients, appointments and health information; reimbursement forms with internal and external social security numbers; and a host of files with user’s personal information including passwords, credit card numbers and tax return information.

This, coupled with recent high profile breaches at the United States Office of Personnel Management and Target, should reinforce the importance of protecting all sensitive information.

Project SIR is an opportunity to fulfill our professional and institutional responsibilities to protect the sensitive information stored electronically at UNC.

Both ITS and OIS have provided numerous resources to support you and our IT support staff through this process, including help documents, frequently asked questions, and a how-to video that can be found here.

In addition to scanning our computers, it is important to always be diligent about protecting Patient Health Information (PHI) and Personally Identifying Information (PII) by:

  • Storing sensitive information (PHI/PII) in a secure location (DO NOT STORE DATA LOCALLY).
  • Updating your system and your system software, automatically when possible.
  • Keeping a clean machine by limiting installation of unknown outside programs that can open security vulnerabilities in the network.
  • Following good password practices by using long, strong passwords that are changed routinely.
  • Deleting suspicious links, posts, ads, messages or attachments.
  • Being aware of suspicious activities that may indicate a compromised system
  • Finally, use caution when saving Sensitive Information and know your Department's secure storage.

We appreciate your cooperation in this matter.

Respectfully yours,

Paul A. Godley, MD PhD, MPP
Vice Dean for Finance & Administration
Professor of Medicine
University of North Carolina at Chapel Hill
School of Medicine
Division of Hematology/Oncology