NOTE: The policies below are excerpted from the full CMU Administrative Policies Manual.  You can view the full manual at this link.

OIT-Related Policies

3-12   Disposal or Transfer of Computers and Other Digital Assets

3-23  Digital Communications 

3-30  Data Stewardship 

3-31   Responsible Use of Computing 

3-33  SAP Security – Authority, Rights, and Responsibilities 

3-38  Web Policy 

3-42  Information Security Policy 

3-45  Record Management Policy 

3-48  Password Policy  

3-49  Secure Configurations Policy – Workstations 

3-53  Information Security Incident Response Policy

3-54  Secure Configuration Policy - Printers

3-57  Secure Server Configurations Policy

4-6  Listservs and Announcements for Faculty And Staff

6-2  Accepting Credit Card Payments

6-3  Identity Theft Red Flags

7-7  Listservs and Announcements for Students

HIPAA-Related Policies

12-1  Organization for Compliance 

12-2  Hybrid Entry Defined

12-3  Notice of Privacy Practices

12-4 Client Complaints Related to Protected Health Information and Reports of Breach of Privacy and Security of PHI

12-5  Investigation of Complaints & Reports of Breach of Privacy and Security of PHI; Sanctions for Breach of Privacy and Security of PHI

12-6 Use and Disclosure of Protected Health Information

12-7  Contingency Plans for Electronic Protected Health Information

12-8  Workforce Security and Information Access Management

12-9  Workstation and Personal Security Policy

12-10 Protected Health Information Network Policy

12-11  Individual Rights

12-12 Psychotherapy Notes

12-13 Safeguards

12-14 Using or Accessing Protected Health Information Outside the Office

12-15 False Claims Act