What do I need to know about security and privacy?

As part of the University of Washington (UW), our policy is to lead from a position of compliance when it comes to protection of sensitive Protected Health Information (PHI) and Personally Identifiable Information (PII) as well as Health Insurance Portability and Accountability Act (HIPAA) regulations. Therefore, we encourage all Sprout members and employees to review the UW Security and Privacy 101 course links below before they request an account:

FLASH or HTML 5 or iPad

We also encourage all Sprout members to review the DCYF Privacy and Security Policies as stated in your contracts with DCYF, or as published at https://dcyf.wa.gov.  

Best Practices

There are a some recommended practices and policies when it comes to safety and security for Sprout users when accessing the platform. 

1. Always log out of Sprout when you are finished using the application.  The sign out button can be found in the upper right hand corner of the screen in Sprout under the MENU button.  If the MENU button is not visible from the screen you are on, simply click the X button on the top right hand corner of the screen (for the Family Time application) or the x in the top left hand corner of the screen (for the CANS-F application.) 

2. Make sure that any device you are using to access Sprout is "locked" when not in use.  Typical device locks require you to enter a password, scan a fingerprint or your face, etc. in order to unlock the device.

3. Do not auto-save your Sprout password.  Internet browsers will sometimes offer to automatically save and enter a website password for you, however you should not take advantage of this feature to log in to Sprout. Always hand type in your Sprout password when accessing the site. 

4. Never log in to Sprout using someone else's user name and password. Every time you log in to Sprout, you should be doing so with your own Sprout account and using your own unique username and password. Additionally, you should not have a Sprout account that two or more people use or access. 

5. Do not use a "recycled" password for Sprout.  Make sure the password you use to access Sprout is not one that you also use for another internet site. 

6. Disable Sprout accounts as soon as the user no longer has a business need to access the site. This is the responsibility of the Sprout Organization Administrator in each agency or organization and it should be done promptly once a user leaves the agency or no longer needs access to Sprout for some other reason. 

 

Security and Privacy is everyone's responsibility!

Comments