• Home
  • KUMC Web Server Appropriate Use

KUMC Web Server Appropriate Use

Policy
Purpose: 

Principle

KUMC web servers are provided only for the distribution of information services and resources to the KUMC community and to the general public.

Purpose

Web servers are located outside the University's private network and, thus, are more vulnerable to intrusion and other forms of security compromise. The purpose of this policy is to assure that only information intended for general distribution (whether to the KUMC community or to the public) is stored on web servers.

Applies to: 

Resources covered

All KUMC web servers and all files, applications, forms, and other information services and resources available on those servers.

Groups covered

KUMC faculty, staff, and students and all other individuals provided accounts on KUMC web servers.

Campus: 
Medical Center, Kansas City
Wichita
Salina
Policy Statement: 

General procedures

All materials on KUMC web servers should either be accessible through menus or embedded links or should be in preparation for such accessibility. No other material of any kind should be stored on KUMC web servers, including (but not limited to) personal files, business-related files, audio and video files not linked to a web page, back-up copies of files or desktop hard-drives, commercial software, and material downloaded from other web servers.

Information intended for the KUMC community only should be IP restricted (making it inaccessible to the public). If such information is intended only for selected individuals, it should either be password-protected or distributed by other means.

All material on our web servers, linked or unlinked, will be found, indexed, and presented in response to related searches by our search engine and by public search engines unless specifically protected. Consult with the Department of Internet Development about protecting information in preparation for publication but not yet published.

Sensitive information and KUMC web servers

KUMC web servers must not be used to store or display information that is protected by law or susceptible to fraudulent use. They should be used to collect and transmit such data only when appropriate security measures have been taken. Examples of this sensitive information include:

  • Protected health information ( governed by HIPAA)
  • Personal directory data about students (governed by FERPA) and employees
  • Financial data associated with individuals (governed by the Gramm-Leach-Bliley Act)
  • Social security numbers
  • Credit card numbers
  • Bank and credit union account numbers
  • Health insurance plan identification numbers
  • Trade secrets or confidential intellectual property (for example, research-related)
  • Unauthorized copies of copyrighted materials

Files containing sensitive information should be stored only on certified computers inside the private network, and should be encrypted wherever possible.

Web forms for transactions involving sensitive information

Personal information collected from web forms must be transmitted via SSL or secure mail. Web sites collecting personal information must display a privacy statement that describes the kind of information that is collected, how it is to be used, and how it may be disclosed. Web survey subjects must be prevented from viewing any survey records other than their own. Anyone considering collecting or transmitting personal or other sensitive information via a web form must consult with the Internet Development division of the Department of Information Resources.

Credit card payments may be processed on KUMC web servers only with forms developed by the Internet Development Unit using a state approved third-party handler.

Exclusions or Special Circumstances: 

This policy applies to everyone at all campuses and sites of the University of Kansas Medical Center. There are no exemptions.

Consequences: 

All inappropriate material will be removed from KUMC web servers. Account holders who store inappropriate material will have their accounts disabled. They may also be accountable under any applicable University policies, procedures, or collective bargaining agreements, including disciplinary action.

Contact: 

For more information on this policy, please contact:

Michael Harmelink
Associate Vice Chancellor for Information Resources
Chief Information Officer
University of Kansas Medical Center
3901 Rainbow Blvd.
Kansas City, Kansas 66160
(913) 588-4900

Jameson Watkins
Director of Customer Support and Innovation
University of Kansas Medical Center
3901 Rainbow Blvd.
Kansas City, Kansas 66160
(913) 588-7387

Eric Walters
Director of Information Security
Department of Information Resources
University of Kansas Medical Center
1020 Taylor, 3901 Rainbow Blvd
Kansas City, Kansas 66160
(913) 588-0966

Approved by: 
Chief Information Officer, KUMC
Approved on: 
Thursday, July 30, 2009
Effective on: 
Thursday, July 30, 2009
Review Cycle: 
Annual (As Needed)
Definitions: 

KUMC web server: www.kumc.edu , www2.kumc.edu, elearning.kumc.edu, wichita.kumc.edu and the database servers, application servers, and other devices that provide services to them; and other domains hosted on these servers

Sensitive information: information that is protected by law or susceptible to fraudulent use, including, but not limited to: Protected Health Information (PHI), personal directory information about students and employees including home addresses and phone numbers, financial data associated with individuals, social security numbers, credit card numbers, bank and credit union account numbers, health insurance plan identification numbers, trade secrets or intellectual property, and unauthorized copies of copyrighted materials.

Keywords: 
web, server
Review, Approval & Change History: 

2014-07-17:  Updated contact information.

2014-03-03: Moved into KU Policy Library.

2013-07-30: Revised.

Information Access & Technology Categories: 
Information Technology

Policy Library Search
Can't Find What You're Looking For?
One of 34 U.S. public institutions in the prestigious Association of American Universities
26 prestigious Rhodes Scholars — more than all other Kansas colleges combined
Nearly $290 million in financial aid annually
1 of 9 public universities with outstanding study abroad programs.
—U.S. News & World Report
46 nationally ranked graduate programs.
—U.S. News & World Report
Top 50 nationwide for size of library collection.
—ALA
$260.5 million in externally funded research expenditures
23rd nationwide for service to veterans —"Best for Vets," Military Times