Safeguarding our data

September 10, 2024

To the UT Southwestern Community:

We recognize that in the course of your work or education, you may identify software options, digital applications, and artificial intelligence (AI) tools – often at no cost – that appear to be convenient and helpful. However, using unauthorized software can lead to noncompliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Family Education Rights and Privacy Act (FERPA), and other data protection laws, which could result in legal consequences and fines for our institution. Unauthorized software may not have the necessary security measures, increasing the risk of data breaches that can compromise sensitive information. Software companies may also use data entered into unauthorized tools for their own purposes, potentially infringing on intellectual property rights.

It is imperative that each of us complies with all of UTSW’s institutional policies and standards designed to protect the integrity of our systems and the privacy of our patient, employee, and student data. We must take steps individually to minimize risks, but it is important to remember that protecting our data is a shared responsibility. By working together, we can ensure the highest level of data protection for our campus community.

Software options discovered online are likely not approved for handling UTSW data and should only be used with express prior permission via the Information Systems Acquisition Committee (ISAC) approval process. Please familiarize yourselves with these policies and standards. If you have questions about the appropriate use of software, please contact the Information Resources (IR) service desk at 214-648-7600 or via ServiceDesk@UTSouthwestern.edu.

Programs growing in popularity, such as ChatGPT, can be effective AI generative tools; however, users can inadvertently pass sensitive information to the public domain, creating security and privacy concerns. Sharing confidential data with unapproved third parties is prohibited, and mishandling UTSW data carries consequences, including discipline. More details are available on the UTSW intranet (on-campus network or VPN connection required).

Even when well intentioned, online and downloaded software programs that have yet to undergo extensive security and privacy reviews by UT Southwestern can pose significant risks. By adhering to approved software protocols, we can maintain the highest standards of privacy, security, and trust within our academic medical center. We appreciate your vigilance and cooperation.

Natalie Ramello, J.D.
Vice President for Institutional Compliance, Chief Compliance Officer, and
Interim Vice President for Internal Audit and Chief Audit Executive

Tony Lakin, M.S.I.T., B.S.C.S., CISSP, CDPSE, CHISL, CRISC
Vice President and Chief Information Security Officer

Russell Poole, M.B.A.
Vice President of Information Resources and Chief Information Officer