Search and Secure

Search and Secure Initiative

One of Emory's fundamental responsibilities is to secure the personal, financial, and medical information entrusted to us by our faculty, staff, students, parents, alumni, donors, patients, and research participants. In order to further this goal, President Wagner has initiated a comprehensive Search and Secure initiative across both Emory University and Emory Healthcare to identify, inventory, and secure any sensitive information stored on unsecured media. Each school, business unit, and clinical unit at Emory has been tasked with this responsibility.

What you can do to help

The leadership within your school, business unit, or clinical unit will be communicating more specific instructions to you about how your area will perform the search and secure process, if they have not done so already. You can help this process along by thinking about the types of data that you handle on a regular basis.

Do you ever work with any of the following types of data, or other sensitive information?

  • Social security numbers, including partial social security numbers (last 4 digits)
  • Protected health information (PHI) as defined by HIPAA
  • Student records and prospective student records (see http://www.registrar.emory.edu/students/ferpa.html for more information)
  • Credit/debit card numbers, P-Card numbers, and other PCI cardholder data
  • Financial aid information
  • Bank account numbers
  • Information protected by non-disclosure agreements (NDAs) or other third party data that Emory is legally or contractually obligated to protect. (Note: the security provisions contained in NDAs and contractual agreements may vary significantly, so robust security measures may not be required in all situations)
  • Law enforcement and investigative records

Documents that are likely to contain this sensitive information, include:

  • Clinical records
  • Employee-related data (HR forms, insurance information, etc.)
  • Research information related to sponsorship, funding, and human subjects
  • Donor and alumni records

Do you have any of this information stored on electronic or physical media (hard drives, CDs/DVDs, paper, flash drives, etc.) that could be easily lost or stolen? If so, you must work with the leadership in your area to physically secure the information and create a long term plan for safeguarding the information going forward. Additionally, ensure that this media is added to the inventory for your area.

An FAQ with additional information may be found at the following address: http://it.emory.edu/security/search_secure.html. This FAQ will be updated periodically as this effort proceeds across Emory University and Emory Healthcare.