SEHD Wiki

A source for policies, procedures, handbooks and other resources from the School of Education and Human Development

User Tools

Site Tools

You are here: Welcome to the SEHD Wiki! » SEHD Policies and Procedures » data_privacy
policy:data_privacy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
policy:data_privacy [2019/03/28 17:41] tonyromeropolicy:data_privacy [2020/02/06 22:29] (current) – removed Matt Mitchell
Line 1: Line 1:
-====== Data Privacy Policies ====== 
- 
-  - [[:policy:data_privacy:privacy_and_security|Privacy and Security Policies and Procedures]] 
-  - [[:policy:data_privacy:board_and_officer|Identification of a Privacy and Security Board and Officer]] 
-  - [[:policy:data_privacy:management_and_oversight|Management Oversight of Privacy and Security Programs]] Server/OIT 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-  - [[:policy:data_privacy:sanctions_for_violations|Sanctions for Violations of Policies and Procedures]] User/SEHD Server/OIT 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]] 
-  - [[:policy:data_privacy:reporting_problems|Reporting Potential Problems in Privacy and Security]] User/SEHD Server/OIT 
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]] 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-  - [[:policy:data_privacy:response_and_mitigation|Incident Response and Incident Response Mitigation]] User/SEHD Server/OIT-same as #5 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-      - See attached Incident Response Process Flow Diagram for unit/department responsibility. 
-  - [[:policy:data_privacy:security_training|Privacy and Security Training]] User/SEHD 
-  - [[:access_control_minimum_necessary_access_and_verification_for_access_to_data|Access Control, Minimum Necessary Access and Verification for Access to Data]] User/SEHD Database Server/OIT 
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]] 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-      - APS-6001 [[https://www.cu.edu/ope/aps/6001|https://www.cu.edu/ope/aps/6001]] 
-  - [[:password_management|Password Management]] User/SEHD Database Server/OIT – complying with university policy 
-      - University Password Policy [[http://www.ucdenver.edu/faculty_staff/employees/policies/Policies Library/Admin/fp5-13.pdf|http://www.ucdenver.edu/faculty_staff/employees/policies/Policies%20Library/Admin/fp5-13.pdf]] 
-  - [[:transmitting_sensitive_information_securely_including_faxing_and_email|Transmitting Sensitive Information Securely including Faxing and Email]] User/SEHD—duplicative with #1 
-      - Email and Webmail Stay Secure [[https://www1.ucdenver.edu/offices/office-of-information-technology/software/how-do-i-use/email-and-webmail|https://www1.ucdenver.edu/offices/office-of-information-technology/software/how-do-i-use/email-and-webmail]] 
-      - HIPAA Policy 7.1 Safeguards [[https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6|https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6]] 
-  - [[:log-in_monitoring|Log-in Monitoring]] Database Server/OIT 
-      - Needs to be implemented and documented 
-      - OIT has an internal standard for logging, monitoring and auditing that applies to all servers managed by CU Denver OIT. 
-      - HIPAA Policy 9.3 Auditing [[http://www.ucdenver.edu/research/Research Administration Documents/9.3 Auditing.pdf|http://www.ucdenver.edu/research/Research%20Administration%20Documents/9.3%20Auditing.pdf]] 
-  - [[:workstation_security_configuration|Workstation Security Configuration]] User/SEHD, Server/OIT – duplicative with #1 
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]] 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-  - [[:device_and_media_control_database|Device and Media Control Database]] Server/OIT – duplicative with #1 
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]] 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-  - [[:securing_materials_with_data|Securing Materials with Data]] User/SEHD-duplicative with #1 
-      - Security and Compliance Hard Drive Disposal [[https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6|https://www1.ucdenver.edu/docs/default-source/offices-oit-documents/it-related-policies/hipaa-7-1-safeguards.pdf?sfvrsn=48bb7b8_6]] 
-  - [[:encryption|Encryption]] Database Server/OIT 
-      - Encrypt Your Laptop Guidance [[https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/encryption|https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/encryption]] 
-      - Guide to Secure Devices [[https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/guide-to-secure-devices|https://www1.ucdenver.edu/offices/office-of-information-technology/software/secure-campus/guide-to-secure-devices]] 
-      - APS-6005 [[https://www.cu.edu/ope/aps/6005|https://www.cu.edu/ope/aps/6005]] 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-  - [[:authorizations_for_personal_health_information|Authorizations for Personal Health Information]], if applicable User/SEHD –NA 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-  - [[:permitted_uses_and_disclosures_of_phi|Permitted Uses and Disclosures of PHI]], if applicable User/SEHD—NA 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-  - [[:hipaa_status|HIPAA Status]], if applicable Server/OIT 
-      - UC Denver’s File servers are HIPAA compliant. 
-      - Units/Departments can request assistance from the RAC team on the security of data usage. [[https://www1.ucdenver.edu/offices/office-of-information-technology/services/security-and-compliance|https://www1.ucdenver.edu/offices/office-of-information-technology/services/security-and-compliance]] 
-  - Business Associate Status, if applicable 
-      - NA 
-  - [[:designating_sensitive_information|Designating Sensitive Information]] User/SEHD – may be duplicative 
-      - University Data Classifications and Impact [[https://www.cu.edu/ois/data-classifications-impact|https://www.cu.edu/ois/data-classifications-impact]] 
-  - [[:risk_assessments_and_management|Risk Assessments and Management]] User/SEHD – duplicative 
-      - University HIPAA Policy [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx|http://www.ucdenver.edu/research/ORC/HIPAA/Pages/Policy.aspx]] 
-  - [[:change_control_procedures|Change Control Procedures]] User/SEHD – user access/retiring users 
-      - OIT is also working on a process flow diagram to guide units/departments on their role in this process and how the OIT CAB process fits into the process. 
-  - [[:audit_and_evaluation_procedures|Audit and Evaluation Procedures]] User/SEHD Server/OIT – designated liaison and form for auditors 
-      - Units/Departments can request assistance from the RAC team on the security of data usage, but we are not auditors, nor do we have a specific form. 
- 
-Sample Local Education Agency Policy Links: [[http://www.cde.state.co.us/dataprivacyandsecurity/sampleitpolicies|http://www.cde.state.co.us/dataprivacyandsecurity/sampleitpolicies]] 
- 
  
policy/data_privacy.1553794907.txt.gz · Last modified: 2019/03/28 17:41 by tonyromero