Adams School of Dentistry: Policy on Personally-Owned Smartphones

Unit Policy

Title

Adams School of Dentistry: Policy on Personally-Owned Smartphones

I. Introduction

A. Purpose

The University of North Carolina at Chapel Hill ("UNC-Chapel Hill" or "University") Adams School of Dentistry has a legal and ethical responsibility to safeguard patient information. This responsibility includes ensuring that devices storing Protected Health Information ("PHI") or other Sensitive Information ("SI") are properly encrypted and are serviced by an appropriate vendor. The purpose of this Policy is to ensure that all Smartphones used by personnel will meet institutional security requirements.

B. Scope

This Policy applies to all Adams School of Dentistry personnel including faculty, staff, residents, and students.

II. Definitions

1. Computing Device - any electronic equipment controlled by a central processing unit (CPU), including desktop and laptop computers, tablets, and smartphones.
2. Encryption - the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a "key."
3. Sensitive Information - information that must be protected against unwarranted disclosure under applicable laws and/or University policies. For more details on what is considered Sensitive Information, visit the UNC-Chapel Hill ITS Sensitive Data website.
4. Smartphone - a type of Computing Device that also functions as a mobile phone, typically having a touchscreen interface, Internet access, and an operating system capable of running downloaded applications.
5. Student/Resident - any individual enrolled in an Adams School of Dentistry educational program, including the DDS, Dental Hygiene, and Resident programs.

III. Policy

Personnel are permitted to use their personally-owned Smartphones for Adams School of Dentistry business, subject to the following requirements:

1. Personnel are not permitted to store PHI or other SI locally on their Smartphone.
   1. Examples of prohibited conduct include storing patient images, downloading files containing PHI from Outlook or OneDrive, or saving patients as contacts in your phone.
   2. The use of Smartphones for the creation of patient images is governed by the Adams School of Dentistry's Policy on Photography of Patients.
2. Access to University or UNC Health systems must occur using approved mobile device applications (e.g., Teams, Outlook, Epic MyChart, Haiku/Jabber). If you need assistance identifying approved mobile applications, submit a help desk ticket via help.unc.edu.
3. Electronic messaging of PHI or other SI must occur using an approved mobile application (e.g., Epic MyChart, Haiku/Jabber for patient and inter-office communications) and not via text message from a personally-owned phone.

IV. Related Requirements

A. External Regulations and Consequences

1. 45 CFR Parts 160, 162 & 164 - Administrative Data Standards and Related Requirements
2. North Carolina General Statutes §130A-12 - Confidentiality of Records
3. UNC-Chapel Hill Information Security Policy
4. UNC-Chapel Hill Information Classification Standard
5. UNC-Chapel Hill Information Security Controls Standard
6. UNC-Chapel Hill Information Security Incident Management Standard
7. UNC-Chapel Hill Transmission of Sensitive Information Standard
8. UNC-Chapel Hill Acceptable Use Policy
9. UNC-Chapel Hill Policy on Privacy of Electronic Information

B. Unit Policies, Standards, and Procedures

1. Adams School of Dentistry: University-Owned Device Policy
2. Adams School of Dentistry: Policy on Photography of Patients
3. Adams School of Dentistry: Policy on the Use of Social Media

V. Contact Information

Name: Doug Edmunds
Email: edmunds@unc.edu