Policies & Procedures
Duke University Policies
Please click the line above to view Duke's internal standards and procedures (NetID required).
Departmental policy templates (referenced in the above standards)
Back up policy template (pdf)
Patching policy template (pdf)
- HHS HIPAA Security rule guidance (Administrative, Physical, Technical, & Organizational Safeguards)
- NIST's HIPAA Security rule toolkit
- campus machines collecting, storing, or using ePHI in any way must comply with the ITSO technical standards (above) requirements for Sensitive data.
Duke Service Provider Risk Assessment (for service and application vendors) (pdf)