Adams School of Dentistry: Policy on Personally-Owned Smartphones

Unit Policy

Title

Adams School of Dentistry: Policy on Personally-Owned Smartphones

I. Introduction

A. Purpose

The University of North Carolina at Chapel Hill ("UNC-Chapel Hill" or "University") Adams School of Dentistry has a legal and ethical responsibility to safeguard patient information. This responsibility includes ensuring that devices storing Protected Health Information ("PHI") or other Sensitive Information ("SI") are properly encrypted and are serviced by an appropriate vendor. The purpose of this Policy is to ensure that all Smartphones used by personnel will meet institutional security requirements.

B. Scope

This Policy applies to all Adams School of Dentistry personnel including faculty, staff, residents, and students.

II. Definitions

  1. Computing Device - any electronic equipment controlled by a central processing unit (CPU), including desktop and laptop computers, tablets, and smartphones.
  2. Encryption - the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a "key."
  3. Sensitive Information - information that must be protected against unwarranted disclosure under applicable laws and/or University policies. For more details on what is considered Sensitive Information, visit the UNC-Chapel Hill ITS Sensitive Data website.
  4. Smartphone - a type of Computing Device that also functions as a mobile phone, typically having a touchscreen interface, Internet access, and an operating system capable of running downloaded applications.
  5. Student/Resident - any individual enrolled in an Adams School of Dentistry educational program, including the DDS, Dental Hygiene, and Resident programs.

III. Policy

Personnel are permitted to use their personally-owned Smartphones for Adams School of Dentistry business, subject to the following requirements:

  1. Personnel are not permitted to store PHI or other SI locally on their Smartphone.
    1. Examples of prohibited conduct include storing patient images, downloading files containing PHI from Outlook or OneDrive, or saving patients as contacts in your phone.
    2. The use of Smartphones for the creation of patient images is governed by the Adams School of Dentistry's Policy on Photography of Patients.
  2. Access to University or UNC Health systems must occur using approved mobile device applications (e.g., Teams, Outlook, Epic MyChart, Haiku/Jabber). If you need assistance identifying approved mobile applications, submit a help desk ticket via help.unc.edu.
  3. Electronic messaging of PHI or other SI must occur using an approved mobile application (e.g., Epic MyChart, Haiku/Jabber for patient and inter-office communications) and not via text message from a personally-owned phone.

IV. Related Requirements

A. External Regulations and Consequences

  1. 45 CFR Parts 160, 162 & 164 - Administrative Data Standards and Related Requirements
  2. North Carolina General Statutes §130A-12 - Confidentiality of Records
  3. UNC-Chapel Hill Information Security Policy
  4. UNC-Chapel Hill Information Classification Standard
  5. UNC-Chapel Hill Information Security Controls Standard
  6. UNC-Chapel Hill Information Security Incident Management Standard
  7. UNC-Chapel Hill Transmission of Sensitive Information Standard
  8. UNC-Chapel Hill Acceptable Use Policy
  9. UNC-Chapel Hill Policy on Privacy of Electronic Information

B. Unit Policies, Standards, and Procedures

  1. Adams School of Dentistry: University-Owned Device Policy
  2. Adams School of Dentistry: Policy on Photography of Patients
  3. Adams School of Dentistry: Policy on the Use of Social Media

V. Contact Information

Name: Doug Edmunds
Email: edmunds@unc.edu

100% helpful - 1 review
Print Article

Details

Article ID: 131292
Created
Thu 4/8/21 9:05 PM
Modified
Thu 4/4/24 8:45 AM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Adams School of Dentistry
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Assistant Dean for IT
Policy Contact
Person who handles document management. Best person to contact for information about this policy. In many cases this is not the Issuing Officer. It may be the Policy Liaison, or another staff member.
Next Review
Date on which the next document review is due.
04/03/2025 12:00 AM
Last Review
Date on which the most recent document review was completed.
04/03/2024 10:51 AM
Last Revised
Date on which the most recent changes to this document were approved.
03/02/2022 10:51 AM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
03/02/2022 10:51 AM
Origination
Date on which the original version of this document was first made official.
01/24/2020 11:54 AM

Related Articles (1)

The UNC-Chapel Hill Adams School of Dentistry has a legal and ethical responsibility to safeguard patient information. This responsibility includes ensuring that devices storing Protected Health Information ("PHI") or other Sensitive Information are properly encrypted and are serviced by an appropriate vendor. The purpose of this Policy is to ensure that all Computing Devices used by students will meet institutional security requirements.