Protection of Patient Data

Johns Hopkins has multiple IT policies regarding the protection of patient data. Diana Gumas, Senior Director for Clinical Research Information Technology, is responsible for working with the Johns Hopkins Medicine Data Trust, the Institutional Review Boards, and the clinical research community to facilitate compliance with policies and address and resolve special data protection needs. The goals of our data protection policies are to ensure compliance with all applicable federal, state, and local law; to safeguard and protect all IT Resources from anything other than authorized and intended use; and to provide protection to academic, clinical, financial, research, and all other systems that support the mission and functions of Johns Hopkins.

Johns Hopkins has specific policies to protect patient data in the following areas:

  • Email use
  • Anti-Virus Policy
  • Disaster Recovery
  • Network Security
  • Wireless Security
  • Access Control
  • Physical Security of IT Resources
  • Mobile Device/Smart Phone Security
  • Electronic Information Backup, Recovery, and Disposal
  • Workstation and Device Security
  • Data Transmission
  • Security Administration of Restricted Systems
  • Vendor Access
  • Incident Response