Policy Number: 179

Responsibilities for the Use of Digital IDs

Subject:

Digital IDs

Scope:

Employees, students and contractors

Date Reviewed: October 2008

Responsible Office: Information Technology

Responsible Executive: Vice President and Chief Information Officer

I.     POLICY AND GENERAL STATEMENT

The use of networked electronic resources to securely transact business and exchange information among known parties often requires that the physical identities of individuals be strongly authenticated and that certain information exchanges be strongly encrypted. Digital IDs, i.e. cryptographic credentials, that are each uniquely associated with and solely controlled by a specific individual are a corner stone in the provision of secure, trusted services among networked resources. Digital IDs permit users to:

All patient information, some student and human resource information is classified as confidential at The University of Texas Health Science Center at Houston ("university") and must be digitally signed and encrypted for transmission using a digital ID to ensure that the message is sent and received only by intended confidants and cannot be altered or viewed during transmission. This policy applies to all confidential electronic communications that are sent over the Internet or other electronic network that is acceptable to the university, for which the identity of the sender or the contents of the message must be authenticated.

II.     PROCEDURE

Employees, students or contractors are required to obtain a digital ID if they:

A digital ID consists of a private/public key pair in which the public key is certified by a university approved certification authority ("CA").

Digital ID Obligations:

Prerequisites to Obtaining a Digital ID:

To obtain a digital ID, access http://www.uth.tmc.edu/netcenter/middleware/digital-id/index.html.

Safeguarding Digital IDs:

Storage and Transfer of Digital IDs - Digital IDs are stored on your personal computer in your "Personal Security Environment (PSE)" and/or on an E-Token. If the digital ID is stored in a computer's PSE, you must export your certified key set onto a flexible disk or other storage if you wish to use it in the PSE on another computer. This storage media containing the digital ID must be stored by you in a locked physical location not accessible to anyone else.

Using Digital IDs:

III.     CONTACTS

ContactTelephoneEmail/Web Address
Information Technology 713-486-2220 http://it.uth.tmc.edu/contact.htm