What’s PII and how do we protect it?

As USA Health employees, we are trained regularly on how to protect the health information of others. But there are many other types of personal information on our computers – from photographs to mailing addresses – that also must be protected from misuse.

“Obtaining an address, phone number and email address, or a combination of these, can lead to identity theft,” said Mark Wilson, director of information security at the University of South Alabama. “Since we deal with a lot of information at the university and health system, it’s important that this information is protected and stored properly.”

Personal identifiable information, or PII, includes any information that can be used to identify a particular person.

Common PII includes Social Security numbers, credit card numbers and bank account numbers. However, driver’s license numbers, mailing addresses, phone numbers and even photos can be used in combination to create an identity profile for someone, with the intent to cause harm

“As employees, we are responsible for how personally identifiable information gets handled,” said Blake Hadley, manager of information security at USA Health.

To protect PII:

• After using a document containing PII, delete it from your computer, encrypt or move it to a protected network.
• Encrypt a file by configuring password protection, if available.
• Send the file to a password-protected 7Zip archive.
• Save the file on a protected network such as the university’s Google account (campus employees) or a departmental network shared folder.
• Clear your downloads folder monthly, and protect files you want to keep.
• Make sure to update anti-virus programs and system software.

Hadley said that instructions on how to encrypt each type of file can be requested through the IT Help Desk found on the USA Health Intranet at https://usahealthemployeehub.com/it-service-desk.