search the site
did you know?
- It is your responsibility as an NYU community member to know and abide by ITS and NYU policies, regardless of whether you have actually read them. It is therefore a good idea to familiarize yourself with the policies and other information on this page.
ITS General Policies
- A Note on Illegal Downloading (March 2007)
- Data Classification at NYU (June 2008)
- Policy on Responsible Use of NYU Computers & Data (February 2006)
- Understanding Your Obligations for the Responsible Use of NYU Computers & Data (340K PDF) (Adobe Reader required)
- NYU Student Email Policy (September 2003)
- Guidelines for Student Email Use (September 2003)
- Responsibilities of All NYU Computer and Network Users (July 2006)
- ITS Scheduled Maintenance Guidelines (April 2003)
- NYUHome: Specific Policies and Information (June 2002)
- ResNet Accounts: Specific Policies and Information (September 2004)
- Responsibilities of Students Using the NYU Phone System (August 2006)
- Responsibilities of Faculty, Administrators, and Staff Using the NYU Phone System (August 2004)
- World Wide Web Policies and Procedures for All NYU Computer and Network Users (August 2006)
- Suspended Accounts (June 1998)
- Policies and Guidelines for Sending Bulk Email at NYU (October 2004)
- Personal NYU Email Address Policy (October 2004)
NYU-NET Guidance
- Security Scans on NYU-NET (August 2004)
- Operational Principles (November 2002)
- Providing Network Access to Outside Organizations (September 1993)
- Configuration of Modem Pools on NYU-NET (May 1994)
- Authenticated Access to the Internet (February 1995)
- Restrictions on the Use of Napster (June 1998)
- Frequently Asked Questions about Napster (August 2006)
- Mail Anti-Relaying Policy (December 1998)
- Network Distribution of Copyrighted Materials (December 1998)
- Operating DNS Servers on NYU-NET (October 1999)
- Internet Domain Names Outside NYU.EDU (August 2006)
- Windows 2000 Active Directory Disrupts NYU-NET (May 2000)
HIPAA Policies
The Health Insurance Portability and Accountability Act (HIPAA), signed into law on August 21, 1996, includes complex regulations especially regarding the privacy and security of health information. NYU's Board of Trustees designated the University as a "hybrid entity" under HIPAA with three health care delivery units (covered components): the School of Medicine, College of Dentistry, and University Health Center. NYU's 12 non-health care delivery units consist of other designated University administrative units to the extent that each performs activities that may involve access to individually identifiable health information in supporting the three covered components. In order to comply with the standards and implementation specifications that comprise the administrative, physical, and technical safeguards and the organizational, procedural, and documentation requirements of the HIPAA Security Regulations, NYU has developed a set of 19 policies and accompanying definitions.
If you are downloading one or more policies, please also download "Policy 1. Overview: Policies, Procedures, and Documentation" (which includes information applicable to all the policies) and the definitions (which clarify the meanings of various terms in the policies).
Click the links below to download a PDF version of each policy and the accompanying definitions file (Adobe Reader required).
- Definition of Terms (40K PDF)
- Policy 1. Overview: Policies, Procedures, and Documentation (40K PDF)
- Policy 2. Security Management Process (72K PDF)
- Policy 3. Assigned Security Responsibility (32K PDF)
- Policy 4. Workforce Security (52K PDF)
- Policy 5. Information Access Management (40K PDF)
- Policy 6. Security Awareness and Training (52K PDF)
- Policy 7. Security Incident Procedures (32K PDF)
- Policy 8. Contingency Plan (56K PDF)
- Policy 9. Evaluation (32K PDF)
- Policy 10. Business Associate Contracts and Other Arrangements (48K PDF)
- Policy 11. Facility Access Controls (52K PDF)
- Policy 12. Workstation Use (32K PDF)
- Policy 13. Workstation Security (28K PDF)
- Policy 14. Device and Media Controls (36K PDF)
- Policy 15. Access Control (48K PDF)
- Policy 16. Audit Controls (28K PDF)
- Policy 17. Integrity (32K PDF)
- Policy 18. Person or Entity Authentication (32K PDF)
- Policy 19. Transmission Security (36K PDF)
Related University Policies
- Policy on Personal Identification Numbers
- Family Education Rights and Privacy Act (FERPA)
- Computer Disposal
Page last reviewed: August 19, 2008