SEHD Wiki

A source for policies, procedures, handbooks and other resources from the School of Education and Human Development

User Tools

Site Tools

You are here: Welcome to the SEHD Wiki! » SEHD Policies and Procedures » data_privacy
policy:data_privacy

This is an old revision of the document!

Data Privacy Policies

Privacy and Security Policies and Procedures

APS-6005 https://www.cu.edu/ope/aps/6005

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Identification of a Privacy and Security Board and Officer Server/OIT

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Management Oversight of Privacy and Security Programs Server/OIT

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Sanctions for Violations of Policies and Procedures User/SEHD Server/OIT

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

APS-6005 https://www.cu.edu/ope/aps/6005

Reporting Potential Problems in Privacy and Security User/SEHD Server/OIT

APS-6005 https://www.cu.edu/ope/aps/6005

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Incident Response and Incident Response Mitigation User/SEHD Server/OIT-same as #5

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

See attached Incident Response Process Flow Diagram for unit/department responsibility.

Privacy and Security Training User/SEHD

Access Control, Minimum Necessary Access and Verification for Access to Data User/SEHD Database Server/OIT

APS-6005 https://www.cu.edu/ope/aps/6005

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

APS-6001 https://www.cu.edu/ope/aps/6001

Password Management User/SEHD Database Server/OIT – complying with university policy

University Password Policy http://www.ucdenver.edu/faculty_staff/employees/policies/Policies%20Library/Admin/fp5-13.pdf

Transmitting Sensitive Information Securely including Faxing and Email User/SEHD—duplicative with #1

Email and Webmail Stay Secure https://www1.ucdenver.edu/offices/office-of-information-technology/software/how-do-i-use/email-and-webmail

HIPAA Policy 7.1 Safeguards https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6

Log-in Monitoring Database Server/OIT

Needs to be implemented and documented

OIT has an internal standard for logging, monitoring and auditing that applies to all servers managed by CU Denver OIT.

HIPAA Policy 9.3 Auditing http://www.ucdenver.edu/research/Research%20Administration%20Documents/9.3%20Auditing.pdf

Workstation Security Configuration User/SEHD, Server/OIT – duplicative with #1

APS-6005 https://www.cu.edu/ope/aps/6005

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Device and Media Control Database Server/OIT – duplicative with #1

APS-6005 https://www.cu.edu/ope/aps/6005

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Securing Materials with Data User/SEHD-duplicative with #1

Security and Compliance Hard Drive Disposal https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6

Encryption Database Server/OIT

Encrypt Your Laptop Guidance https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/encryption

Guide to Secure Devices https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/guide-to-secure-devices

APS-6005 https://www.cu.edu/ope/aps/6005

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Authorizations for Personal Health Information, if applicable User/SEHD –NA

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Permitted Uses and Disclosures of PHI, if applicable User/SEHD—NA

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

HIPAA Status, if applicable Server/OIT

UC Denver’s File servers are HIPAA compliant.

Units/Departments can request assistance from the RAC team on the security of data usage. https://www1.ucdenver.edu/offices/office-of-information-technology/services/security-and-compliance

Business Associate Status, if applicable

NA

Designating Sensitive Information User/SEHD – may be duplicative

University Data Classifications and Impact https://www.cu.edu/ois/data-classifications-impact

Risk Assessments and Management User/SEHD – duplicative

University HIPAA Policy http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx

Change Control Procedures User/SEHD – user access/retiring users

OIT is also working on a process flow diagram to guide units/departments on their role in this process and how the OIT CAB process fits into the process.

Audit and Evaluation Procedures User/SEHD Server/OIT – designated liaison and form for auditors

Units/Departments can request assistance from the RAC team on the security of data usage, but we are not auditors, nor do we have a specific form.

policy/data_privacy.1553789789.txt.gz · Last modified: 2019/03/28 16:16 by tonyromero