BUY.IU is an open system. This means that all IU users have the same level of access and visibility to attachments uploaded to a check request form, requisition, or any other BUY.IU document.
Because of this, it’s essential that critical and sensitive data is redacted from documents before they are uploaded. Redacting is the process of securely and completely removing sensitive information. Visit the Properly Redact Information at IU article in the Knowledge Base to learn more about this process.
Here are some examples of data that must be protected and should never be uploaded to BUY.IU:
Protected Health Information (PHI)
PHI can be anything from a date of birth, to notes on care the patient received, to patient initials. Any information that could help an individual identify the subject of the documentation or services that were performed. When in doubt, redact the information.
Personally Identifiable Information
This category contains data such as Social Security Numbers, driver’s license numbers, or passport information. Financial data, such as bank account numbers, and credit or debit card numbers also fall into this category.
Not sure if the data you’re seeing is okay to upload? Visit the Data Management site for more examples of critical data and to contact the group for support.
If you see critical data in BUY.IU, report it to Purchasing so it can be removed as soon as possible. On the Support Form, select the “Technical Support” and “Critical Data” options.