SEHD Wiki

A source for policies, procedures, handbooks and other resources from the School of Education and Human Development

User Tools

Site Tools

You are here: Welcome to the SEHD Wiki! » SEHD Policies and Procedures » Data Privacy Policies » Privacy and Security Policies and Procedures
policy:data_privacy:privacy_and_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
policy:data_privacy:privacy_and_security [2019/03/28 17:20] tonyromeropolicy:data_privacy:privacy_and_security [2019/05/20 17:22] (current) – old revision restored (2019/03/29 20:05) tonyromero
Line 1: Line 1:
 ====== Privacy and Security Policies and Procedures ====== ====== Privacy and Security Policies and Procedures ======
  
-  -+  - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]
  
-APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]]+===== Overview =====
  
-  -+Data privacy is a critical component of the School of Education & Human Development (SEHD) operations. The protection and management of the various types of student, staff, faculty, and research subject Personally Identifiable Information (PII) is critical to the SEHD's operations. SEHD computer systems and related devices collect and record data as required for educational delivery, management, administration, reporting, assessment, and research purposes. This type of information is protected should never be disclosed to unauthorized individuals.
  
-University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]]+===== Purpose =====
  
-====== Policy Template ======+<font 10pt/Arial,sans-serif;;inherit;;inherit>This policy reiterates the SEHD's comitment to the general privacy requirements for information captured or generated by the SEHD's operations, systems, network devices, or communications as specified by University of Colorado system and the University of Colorado Denver.</font>
  
-Here's some formatting stuff to show off what a policy could look like.+----
  
-===== Sub Heading =====+===== Applicable University-wide policies related the Data Privacy and Policies =====
  
-:!: **Important: **Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean eu eleifend orci, vel scelerisque nisi. Praesent finibus euismod auctor. Cras leo massa, auctor eu cursus nec, volutpat eu sapien. Cras mollis euismod diam, eu viverra elit ornare sit amet. Mauris vel dolor vel magna molestie eleifend tempor vitae massa. Phasellus at lacus a libero pharetra imperdiet vitae sed lorem. Pellentesque eu dictum sem.+==== University of Colorado IT Security Program Policy ====
  
-**Note:**  Lorem ipsum dolor sit ametconsectetur adipiscing elit.+All data and information resources of the SEHD are subject to University of Colorado's IT Secuirty Program policy[[https://www.cu.edu/ope/aps/6005|APS-6005]].
  
-===== Headline =====+=== The goals of the University IT Security policy are as follows: ===
  
-Lorem ipsum dolor sit amet, consectetur adipiscing elitAenean eu eleifend orcivel scelerisque nisi. Praesent finibus euismod auctor. Cras leo massaauctor eu cursus nec, volutpat eu sapienCras mollis euismod diam, eu viverra elit ornare sit ametMauris vel dolor vel magna molestie eleifend tempor vitae massa. Phasellus at lacus libero pharetra imperdiet vitae sed lorem. Pellentesque eu dictum sem.+  - All members of the University community are aware of and are sufficiently trained to carry out their responsibilities for protecting University Infromation and IT Resources. 
 +  - University information is regarded as a strategic organizational asset and is treated in a manner consistent with that of other strategic assetssuch as financial and facility assets 
 +  - IT Secuity is not considered a technical concernbut is addressed as a strategic business issue by integrating IT security safeguards into University business processes. 
 +  - University resources are applied judiciously to IT security issues by focusing on those that represent the greatest risk to University operations and information. 
 +  - IT security incidents are promptly detected and responded to in manner that limits the impact to the security of University information and the operations of the University.
  
-----+Please proceed to [[https://www.cu.edu/ope/aps/6005|APS-6005]] to learn how the university meets these goals.
  
-===== Various Underlines =====+==== University of Colorado Denver Security Management HIPPA Policy ====
  
-Lorem ipsum dolor sit ametconsectetur adipiscing elit. Aenean eu eleifend orcivel scelerisque nisiPraesent finibus euismod auctorCras leo massa, auctor eu cursus nec, volutpat eu sapienCras mollis euismod diam, eu viverra elit ornare sit ametMauris vel dolor vel magna molestie eleifend tempor vitae massaPhasellus at lacus a libero pharetra imperdiet vitae sed loremPellentesque eu dictum sem.+As applicablethe most secure SEHD data are subject to the UCD Security Management HIPPA policy[[http://www.ucdenver.edu/research/Research Administration Documents/9.1-Security_Management.2018-02-21.POLICY.FINAL.pdf|HIPPA Policy 9.1]].
  
-===== List Items ===== +=== Purpose of the UCD Security Management HIPPA policy: ===
- +
-  - One +
-  - something +
-  - three +
-  - eleven +
-  - five hundred((I'm adding a footnote to this list item, it will show up at the bottom.)) +
- +
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean eu eleifend orci, vel scelerisque nisi. Praesent finibus euismod auctor. Cras leo massa, auctor eu cursus nec, volutpat eu sapien. Cras mollis euismod diam, eu viverra elit ornare sit amet. Mauris vel dolor vel magna molestie eleifend tempor vitae massa. Phasellus at lacus a libero pharetra imperdiet vitae sed lorem. Pellentesque eu dictum sem. +
- +
-----+
  
-==== Slightly Lower Header ====+This security policy outlines minimum standards for ensuring the confidentiality, integrity, and availability of electronic protected health information (ePHI) received, maintained or transmitted by all UNIVERSITY HIPAA Covered Components (outlined in APS #5055 – HIPAA Hybrid Entity Designation), as well as other offices which support these entities (listed below as "Support Services"). Covered Components shall meet or exceed these standards by implementing the necessary administrative, physical and technical safeguards as appropriate based on their assessments of risk. Compliance with these standards by the offices which support the Covered Components is limited to their activities that directly involve creation or receipt of ePHI in support of Covered Components and not activities related to services provided to non-covered areas of the university
  
-|We can also use tables|for describing various policies| +=== Applicability of the UCD Security Management HIPPA policy ===
-| | | +
-| | |+
  
-\\+While application of this policy to any sensitive data is considered "best practice" and should be considered by all areas of the UNIVERSITY when storing or transmitting such information, it is only mandated for those areas the UNIVERSITY has designated as HIPAA "Covered Health Care Components" (Covered Components). In addition to the Covered Components, offices that support such covered activities carried out by the Covered Components must also do so according to this policy. Certain data is specifically excluded from coverage under HIPAA, most importantly: (1) student records, except for student patient data (Family Educational Rights and Privacy Act (FERPA)) ; (2) employment records, except for health benefits records; and (3) information "de-identified" under HIPAA standards.
  
  
policy/data_privacy/privacy_and_security.1553793651.txt.gz · Last modified: 2019/03/28 17:20 by tonyromero