Cvent at Duke is subject to the overarching governance and policies of all Duke policies. Specifically, Cvent users at Duke must adhere to the following:
Duke Confidentiality Agreement
I agree to protect the confidentiality, privacy and security of patient, student, personnel, business and other confidential, sensitive electronic or proprietary information (collectively, “Confidential Information”) of Duke University, Duke University Health System and the Private Diagnostic Clinic (collectively, “Duke”) from any source and in any form (talking, paper, electronic). I understand that the kinds of Confidential Information that I may see or hear on my job and must protect include the following, among others:
- PATIENTS AND/OR FAMILY MEMBERS (such as patient records, conversations and billing information)
- MEDICAL STAFF, EMPLOYEES, VOLUNTEERS, STUDENTS, or CONTRACTORS (such as social security numbers, evaluations, salaries, other clinical information, employment records, disciplinary actions)
- BUSINESS INFORMATION (such as financial records, research or clinical trial data, reports, contracts, computer programs, technology) • THIRD PARTIES (such as vendor contracts, computer programs, technology)
- OPERATIONS, PERFORMANCE IMPROVEMENT, QUALITY ASSURANCE, MEDICAL OR PEER REVIEW (such as utilization, data reports, quality improvement, presentations, survey results)
I AGREE THAT:
- I WILL protect Duke Confidential Information in any form. I WILL follow Duke policies, procedures and other privacy and security requirements.
- I WILL NOT post or discuss any Duke Confidential Information, including patient information, patient pictures or videos, Duke financial or personnel information on my personal social media sites such as Facebook or Twitter. I WILL NOT take any pictures of patients for personal use with my cell phone or similar methods. I WILL NOT post Confidential Information including patient pictures on Duke-sponsored social media sites without the appropriate patient authorization in accordance with management approval and Duke policies and procedures.
- I WILL complete all required privacy and security of Confidential Information training.
- I WILL ONLY access information that I need for my job or service at Duke.
- I WILL NOT access, show, tell, use, release, e-mail, copy, give, sell, review, change or dispose of Confidential Information unless it is part of my job or to provide service at Duke. If it is part of my job or to provide service to do any of these tasks, I will follow the correct procedures (such as shredding confidential papers using confidential, Shred-it™ lock bins) and only access/use the minimum necessary of the information to complete the required task.
- When my work or service at Duke ends, I will not disclose any Confidential Information, and I will not take any Confidential Information with me if I leave or am terminated.
- If I must take Confidential Information off Duke property, I will do so only with my supervisor’s permission and in accordance with Duke policies and procedures. I will protect the privacy and security of the information in accordance with Duke policies and procedures, and I will return it to Duke.
- If I have access to Duke computer system(s), I WILL follow their Secure System Usage Memos, which are available from the System’s Information Security Administrator(s).
- I WILL NOT use another’s User ID (Net ID) and password to access any Duke system, and I will not share my User ID (Net ID) password or other computer password with anyone.
- I WILL create a strong password* and change it in accordance with Duke policies and procedures. I will notify DHTS Security Office and change my password at once if I think someone knows or used my password. I will ask my supervisor if I do not know how to change my password.
- I WILL tell my supervisor and OIT or DHTS if I think someone knows or may use my password or if I am aware of any possible breaches of confidentiality at Duke.
- I WILL log out or secure my workstation when I leave the computer unattended.
- I WILL ONLY access Confidential Information at remote locations with consent from my supervisor.
- If I am allowed to remotely access Confidential Information, I AM RESPONSIBLE for ensuring the privacy and security of the information at ANY location (e.g., home, office, etc.).
- I WILL NOT store Confidential Information on non-Duke systems including on personal computers/devices.
- I WILL NOT maintain or send Confidential Information to any unencrypted mobile device in accordance with Duke policies and procedures.
- I UNDERSTAND that my access to Confidential Information and my Duke e-mail account may be audited.
- If I receive personal information through Duke e-mail or other Duke systems, I AGREE that authorized Duke personnel may examine it, and I do not expect it to be protected by Duke.
- I UNDERSTAND that Duke may take away or limit my access at any time.
Duke IT Security Standards
Physical Addresses and Phone Numbers
The IT Security Office requires that physical address or phone number information about a registrant not be stored permanently on the contact record in Cvent. If this information is required for your event in order to physically mail something or anticipation that a registrant will need to be contacted via telephone number instead of email address, you can collect this information using registration questions.
Duke Communications Policy and Standards
Duke Opt-Out/Subscribe Policy
All departments should provide both Unsubscribe and Opt Out options in the footer of all event emails. Invitees who unsubscribe will stop receiving emails sent from the related event. However, they will still receive emails triggered by their own actions (such as a registration confirmation). Unsubscribe is a built-in function in Cvent and can be inserted into the email using a data tag. Opt Out is a built-in function in Cvent that prevents emails from being sent for all future events in the Duke Cvent account. Because Cvent is being used by multiple departments across Duke, invitees the opt out feature must be handled individually for each department to ensure the invitee is removed only from that department’s communications and not from all Duke events in Cvent. Providing Opt Out to registrants is dependent upon how the department manages their email communications. It is the responsibility of the department to ensure that no unsolicited emails are sent to that individual from their department.
Duke OIT is a resource for departments and groups using Cvent. Groups and departments must have support staff for technical, reconciliation and ecommerce security. These resources are not provided by Duke OIT.