MiServer & Sensitive Data

Though server virtualization is a technology intended to leverage shared physical resources, the implementation of virtualization is designed with comprehensive security controls to provide an isolated and truly secure environment for its customers.

PCI Compliance

As per guidelines set forth by the Treasurer’s Office, departments wishing to process credit card transactions online should implement a solution where the user is redirected to an approved PCI-compliant gateway provider (e.g. PayPal, Nelnet, or Authorize.Net) and the credit card information is entered by the user directly into the gateway. MiServer can be used for this purpose, but it is strictly prohibited for any department to process, store or transmit credit data on university systems (e.g. computers, servers) without explicit approval from the Treasurer’s Office and Information Assurance (IA). Please contact the Treasurer’s Office for more information.

HIPAA Compliance

A wide range of university units and non-Michigan Medicine research projects maintain, process, or store Personal Health Information (PHI) data regulated by HIPAA. ITS has put in place administrative, physical, and technical safeguards allowing some ITS services to be categorized as HIPAA-compliant.

ITS partnered with Michigan Medicine to ensure MiServer follows HIPAA guidelines. MiServer is approved for PHI data regulated by HIPAA.