Sep 8 - HIPAA et al

With our very own Sen and Kang from DBMI.

AI Agents

When it comes to models, the policy is Model = Code + Data. Don't publish publicly!

• ChatGPT Education
• Columbia University GPT
• Microsoft Copilot

Dos and Don'ts

• Learn HIPAA basics. Take the training.
• Check with your PI about the data you'll use.
• Don't take pictures inside the hospital. Just don't.
• Models are considered Code + Data. Don't stick them in Github (or Bitbucket or any public repo). There's an internal Git repository. Ask Kang for what it is.
• Use Teams instead of Zoom.
• Use OneDrive instead of Dropbox or iCloud Storage (you get 1TB of storage).
• Use Outlook instead of Apple Mail or Thunderbird.

Other Stuff

• Research is part of Ops in a medical research university.
• Columbia, Cornell and NYP have a TPO agreement. You are bound by this.
• DHS -> CMS -> OCR
• Pants on fire if more than 500 records are involved in incident
• Oz used be on the. DBMI Floor!
• Columbia is the official Yankees hospital
• Biggest breach was Celia Cruz (Cuban singer, super-famous in Wash Heights; most people went into her records!)
• Bill, Hillary, Clooney...
• "House Staff" means Residents
• Columbia and Cornell are famous and have Board Members who are wealthy and famous. Their relatives come here. CUIMC IT is paranoid for this reason too.
• It's just terrible to talk to other normal people about how their dead relatives are now also hacked :/
• Google was not signed the BSAgreement so we don't get to use LionMail like Morningside people.