Differences

This shows you the differences between two versions of the page.

--- policy:data_privacy:management_and_oversight [2019/04/05 20:35] – tonyromero
+++ policy:data_privacy:management_and_oversight [2019/06/05 19:28] (current) – [University of Colorado Denver Security Management HIPPA Policy] tonyromero
@@ Line 1: / Line 1: @@
 ====== Management Oversight of Privacy and Security Programs ======
-===== Applicable University of Colorado Denver Policies =====
+==== University of Colorado IT Security Program Policy ====
-University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
+All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. Within the policy it describes the management roles and responsibilities:
+> The Program shall be managed and monitored collaboratively by the Chief Information Security Office (CISO), campus Information Security Officers, Security Advisory Committee (SAC), and other University representatives as appropriate.
+==== University of Colorado Denver HIPPA Policy ====
+As applicable, the most secure SEHD data are subject to the UCD HIPPA policy. As stated on the [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/WhatIsHIPAA.aspx|UCDenver HIPPA Website]]:
+> Responsibility for HIPAA compliance is coordinated by the Office of Regulatory Compliance under the direction of the Associate Vice Chancellor for Regulatory Compliance, Dr. Alison D. Lakin, RN, LLB, LLM, PhD.
+==== SEHD Secure Data Server ====
+The SEHD Secure Data Server's security program is monitored collaboratively by the SEHD Data Governance Manager, a representative from the SEHD Assessment Office, and a representative from the SEHD IT Office.