Roadmap. What is Big Data? Big Data for Educational Institutions 5/30/2014. A Framework for Addressing Privacy Compliance and Legal Considerations
|
|
- Marshall Cooper
- 8 years ago
- Views:
Transcription
1 Big Data for Educational Institutions A Framework for Addressing Privacy Compliance and Legal Considerations Roadmap Introduction What is Big Data? How are educational institutions using Big Data? What privacy, security and compliance risks exist? Framework for addressing risks What is Big Data? Big Data is a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications. The challenges include capture, curation, storage, search, sharing, analysis, and visualization. - en.wikipedia.org/wiki/big_data 1
2 What is Big Data? Characteristic Description Volume The sheer amount of data generated or data intensity that must be ingested, analyzed, and managed to make decisions based on complete data analysis Velocity How fast data is being produced and changed and the speed with which data must be received, understood, and processed Variety The rise of information coming from new sources both inside and outside the walls of the enterprise or organization creates integration, management, governance, and architectural pressures on IT What does Big Data mean to organizations? Analyzing Large Data Sets. The ability of the organization to access unimaginable amounts of structured and unstructured data (much more of it likely in the unstructured category) both internally and through external resources (e.g. data brokers, affiliates or partners). Purpose. Understanding the relationships within large data sets and correlations between data elements, in order to gain valuable insights (often precise and non-obvious) to improve business processes and goals. What does Big Data mean to organizations? Specialized Tools and Personnel. The need to leverage specialized tools and specialized employees (e.g. data scientists) to enable the capture, curation, storage, search, sharing and analysis of the data in a way that is valuable to the organization. Limitations and Legal Risk. Analyzing and addressing the potential limitations and legal risks and issues associated the collection, analysis and use of Big Data (and the insights derived from it). 2
3 Big Data Ecosystem Infrastructure Analytics Big Data Players Applications Integrators / consultants Data scientists Big Data In the Education Context What Data? Financial information Healthcare information Student records (grades, attendance, classes) Online activity Mobile activity / location information Social relationships Campus activity (lights on, visits to library) Data brokers 3
4 Big Data In the Education Context How Used? Admission process Student wellness/performance programs Resource allocation and budgeting Marketing? Privacy Security Compliance Key Legal Concerns Privacy and Security Compliance Optics / student relationship Compliance with internal policies Compliance with laws HIPAA GLB State law 4
5 Privacy and Security Compliance Can the institution collect? Can the institution disclose? Limitations on use? How must student data be protected? Privacy and Security Compliance Internal privacy policies concerning collection, use and disclosure of student data Multiple / inconsistent privacy policies which policy governs a particular data element? Failure to follow own policies may lead to regulatory / litigation risk or liability Policy changes may be needed Key Legal Issue Under, can personally identifiable information be disclosed to third parties to conduct the Big Data analytics? 5
6 Under, personally identifiable Information includes, but is not limited to: (a) The student's name; (b) The name of the student's parent or other family members; (c) The address of the student or student's family; (d) A personal identifier, such as the student's social security number, student number, or biometric record; (e) Other indirect identifiers, such as the student's date of birth, place of birth, and mother's maiden name; (f) Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or (g) Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates. Obtain consent (34 CFR 99.30) Key exceptions: School official exception (34 CFR 99.30(a)(1)) Studies exception (34 CFR 99.30(a)(6)) Directory information (34 CFR 99.30(a)(11)) De-identified records and information (34 CFR 99.31(b)(1)) School Officials Exception Performs an institutional service the school would otherwise use employees for Under the direct control of the agency or institution with respect to the use and maintenance of education records No redisclosure without consent (99.33(a)(1)) An educational agency or institution must limit access to only those education records in which school officials have legitimate educational interests (via technical, physical or administrative controls). 6
7 Study Exception Study purposes: Develop, validate, or administer predictive tests; Administer student aid programs; or Improve instruction. Study is conducted in a manner that does not permit personal identification of parents and students by individuals other than representatives of the organization that have legitimate interests in the information PII destroyed when no longer needed Study Exception -- Written agreement: Specify purpose, scope, and duration of the study or studies and the information to be disclosed Limits use of PII to meet purpose of study Conduct study in a manner that does not permit personal identification of parents and students, as defined in this part, by anyone other than representatives of the organization with legitimate interests PII is destroyed when no longer needed Directory Information Directory information means information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed. Examples: the student's name; address; telephone listing; electronic mail address; photograph; date and place of birth; major field of study; grade level; enrollment status (e.g., undergraduate or graduate, full-time or parttime); dates of attendance; participation in officially recognized activities and sports; weight and height of members of athletic teams; degrees, honors, and awards received; and the most recent educational agency or institution attended. SSN or Student ID (with exceptions) not included Notice and opt-out opportunity must be provided (34 CFR 99.37) 7
8 De-identification In general Rendering identifiable data unable to be tied back to a particular identifiable individual Risk of re-identification Too many data elements Unique combination of data elements Combination with other data elements Expertise may be needed De-identification is a process not a state of being De-identification FTC General Standard Reasonable measures to ensure that the data is de-identified. A reasonable level of justified confidence that the data cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device. Factors Available methods and technologies nature of the data at issue the purposes for which it will be used The standard is not an absolute one; rather, companies The standard is not an absolute one; rather, companies must take reasonable steps to ensure that data is de-identified. "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers" De-identification Definition of Personally Identifiable Information Research study exception Stand-alone de-identification exception 8
9 De-identification PII Defintion Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty. De-identification Exception De-identified records and information.an educational agency or institution, or a party that has received education records or information from education records under this part, may release the records or information without the consent required by after the removal of all personally identifiable information provided that the educational agency or institution or other party has made a reasonable determination that a student's identity is not personally identifiable, whether through single or multiple releases, and taking into account other reasonably available information. Research Study Exception Conduct study in a manner that does not permit personal identification of parents and students, as defined in this part, by anyone other than representatives of the organization with legitimate interests. 9
10 Making it Happen In house capabilities? De-identification at least? Use of third parties Do they need identifiable data? Assistance with de-identification Reduce risk by not relinquishing control Data Element and Flow Analysis. Understand the source and nature of the data elements that will be disclosed/analyzed Data elements and flow reveal compliance concerns Consider limiting data elements to reduce risk Statutory Basis for Disclosure & Use basis for disclosure of student personally identifiable information Consent School official Research HIPAA? GLB? 10
11 Internal Policy Compliance Which policy governs a particular data element? Internal privacy policies / statements IT acceptable use or similar policies External facing privacy policies: Intranet, Websites, Applications (online and mobile) Policy modifications / presentation De-Identification Strategies Methodology for de-identification Analyze risk of re-identification Internal versus third-party de-identification Bifurcating de-identification and data analysis Student Relations and Legal Risk Assume that Big Data activities will be revealed Communications strategy (pre- and post-) Clear, consistent and unified across channels Articulate benefits Articulate safeguards 11
12 Third Party Big Data Analytics Vendors Identify appropriate vendors Vet security and privacy practices before choosing a single vendor Draft and negotiate agreements basis for disclosure Limitations on use of student information Security and incident response requirements Audit / assessment rights Indemnification and liability Third Party Big Data Analytics Vendors Identify appropriate vendors Vet security and privacy practices before choosing a single vendor Draft and negotiate agreements basis for disclosure Limitations on use of student information Security and incident response requirements Audit / assessment rights Indemnification and liability Contract Terms basis for disclosure Basis for disclosure relative to other statutes (HIPAA, GLB, etc.) Limitations on use of student information Security and incident response requirements Audit / assessment rights Indemnification and liability 12
13 Q&A David Navetta, Esq., CIPP/US Partner, InfoLawGroup LLP
Virginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationWhat is FERPA? This act is enforced by the Family Policy Compliance Office, U.S. Department of Educational, Washington, D.C.
What is FERPA? The Family Educational Rights and Privacy Act of 1974 (FERPA), as amended (also referred to as the Buckley Amendment), is a Federal law designed to protect the confidentiality of a student
More informationFamily Educational Rights and Privacy Act Regulations
Family Educational Rights and Privacy Act Regulations 34 CFR Part 99 Subpart A-General Section 99.1 To which educational agencies or institutions do these regulations apply? 99.2 What is the purpose of
More informationJuly 2016 1101 CONNECTICUT AVENUE NW, SUITE 1100 WASHINGTON, DC 20036-4303 202.785.0453 FAX. 202.785.1487 WWW.NASFAA.ORG
July 2016 1101 CONNECTICUT AVENUE NW, SUITE 1100 WASHINGTON, DC 20036-4303 202.785.0453 FAX. 202.785.1487 WWW.NASFAA.ORG Financial Aid Data Sharing I. Introduction Financial aid professionals collect and
More informationENROLLMENT DATA SHARING AGREEMENT Between «Institution» and the Minnesota Office of Higher Education
ENROLLMENT DATA SHARING AGREEMENT Between «Institution» and the Minnesota Office of Higher Education The «Institution» is an educational agency or institution subject to the Family Educational Rights and
More informationMinnesota s Statewide Longitudinal Education Data System (SLEDS) Data Access & Management Policy
Minnesota s Statewide Longitudinal Education Data System (SLEDS) Data Access & Management Policy October 23, 2014 Approved by SLEDS Governance 1 Contents Section 1 - Overview... 5 1.1 Purpose... 5 Policy
More informationInformation Security Policy
Information Security Policy Introduction The purpose of the is policy is to protect Rider University information resources from accidental or intentional unauthorized access, modification, or damage and
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").
More informationPII Personally Identifiable Information Training and Fraud Prevention
PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?
More informationFamily Educational Rights and Privacy Act (FERPA) Final Rule 34 CFR Part 99. Section-by-Section Analysis December 2008
Family Educational Rights and Privacy Act (FERPA) Final Rule 34 CFR Part 99 Section-by-Section Analysis December 2008 Under FERPA, 20 U.S.C. 1232g, a parent or eligible student has a right to inspect and
More informationTechnology and Data Privacy Committee. 2014-2015 June 30, 2014
Technology and Data Privacy Committee 2014-2015 June 30, 2014 Agenda 6/30 Committee Chair FERPA Review Policies Policy Example Tech Initiative - Title 1 Schools 1-to-1 Wrap-up Calendar Data Governance
More informationLegal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA
Big Data Analytics Under HIPAA Kevin Coy and Neil W. Hoffman, Ph.D. Privacy laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule can have a significant
More informationTHE CITY UNIVERSITY OF NEW YORK FERPA RELEASE FORM PERMISSION FOR ACCESS TO EDUCATIONAL RECORDS
THE CITY UNIVERSITY OF NEW YORK FERPA RELEASE FORM PERMISSION FOR ACCESS TO EDUCATIONAL RECORDS This form allows students to grant third parties, including parents, access to their educational records
More informationFamily Educational Rights Privacy (FERPA) Act
F l o r i d a H o u s e o f R e p r e s e n t a t i v e s Family Educational Rights Privacy (FERPA) Act EDUCATION FACT SHEET 2010-11 What is the Family Educational Rights Privacy Act? The Family Educational
More informationPrivacy Impact Assessment
DECEMBER 20, 2013 Privacy Impact Assessment MARKET ANALYSIS OF ADMINISTRATIVE DATA UNDER RESEARCH AUTHORITIES Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552
More informationThe Importance of Data Exchange in Education
Addressing Student Privacy Issues Data Quality Institute November 4, 2015 Hot Topics Privacy is a national interest and high profile Congressional interest in FERPA State legislatures passing privacy laws
More informationLANDER UNIVERSITY STUDENT INFORMATION SECURITY AND PRIVACY PROCEDURE
founded in 1872 LANDER UNIVERSITY Office of Information Technology Services LANDER UNIVERSITY STUDENT INFORMATION SECURITY AND PRIVACY PROCEDURE 2012 REVISION TABLE OF CONTENTS I. PRIVACY.....................................................
More informationHIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information
More informationPrivacy Impact Assessment
MAY 24, 2012 Privacy Impact Assessment matters management system Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220 claire.stapleton@cfpb.gov DOCUMENT
More informationSOUTH DAKOTA DEPARTMENT OF EDUCATION
SOUTH DAKOTA DEPARTMENT OF EDUCATION Data Access Policy DOE Data Management Office (605) 773-3248 05/05/2015 1 P age TABLE OF CONTENTS Contents TABLE OF CONTENTS... 2 POLICY STATEMENT... 3 PURPOSE... 3
More informationBUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity
More informationBUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.
BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of
More informationVendor Management Challenge Doing More with Less
Vendor Management Challenge Doing More with Less Megan Hertzler Assistant General Counsel Director of Data Privacy Xcel Energy Boris Segalis Partner InfoLawGroup LLP Session ID: GRC-402 Insert presenter
More informationEXHIBIT C BUSINESS ASSOCIATE AGREEMENT
EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date
More informationPII = Personally Identifiable Information
PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
More informationAlphabet Soup - GLBA, FERPA and HIPAA: Security Best Practices
Alphabet Soup - GLBA, FERPA and HIPAA: Security Best Practices (Session ID: 152) Maureen Carver, Assistant Dean and Registrar, Law School, Villanova University Rita Garner, Registrar, Medical College of
More informationWinthrop-University Hospital
Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance
More informationAPPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)
APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) THIS AGREEMENT is entered into and made effective the day of, 2012 (the Effective Date ), by and between (a)
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Agreement, dated as of, 2015 ("Agreement"), by and between, on its own behalf and on behalf of all entities controlling, under common control with or controlled
More informationBusiness Associate and Data Use Agreement
Business Associate and Data Use Agreement This Business Associate and Data Use Agreement (the Agreement ) is entered into by and between ( Covered Entity ) and HealtHIE Nevada ( Business Associate ). W
More informationBUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:
BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:, City State Zip This Business Associate and Data Use Agreement ( Agreement ) is effective
More informationWhat is Covered by HIPAA at VCU?
What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Addendum is made part of the agreement between Boston Medical Center ("Covered Entity ) and ( Business Associate"), dated [the Underlying Agreement ]. In connection with
More informationAdministrative Services
Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the
More informationHow to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008
How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption
More informationYoung Scholars of Central Pennsylvania Charter School 1530 Westerly Parkway State College, PA 16801. 2015-2016 School Year
Young Scholars of Central Pennsylvania Charter School 1530 Westerly Parkway State College, PA 16801 2015-2016 School Year Annual Notification of Rights under Family Educational Rights and Privacy Act (FERPA)
More informationInfinedi HIPAA Business Associate Agreement RECITALS SAMPLE
Infinedi HIPAA Business Associate Agreement This Business Associate Agreement ( Agreement ) is entered into this day of, 20 between ( Company ) and Infinedi, LLC, a Limited Liability Corporation, ( Contractor
More informationKentucky Wesleyan College Policy & Procedure Manuals - Student Information Privacy
Kentucky Wesleyan College Policy & Procedure Manual Student Information Privacy Policy Approval: President Policy Type: College Policy Owner: Registrar Responsible Office: Registrar Revision History Approval
More informationHIPAA COMPLIANCE. What is HIPAA?
HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used
More informationHIPAA BUSINESS ASSOCIATES CONTRACT FOR EYE CARE PROVIDERS 1 ST ADDENDUM
HIPAA BUSINESS ASSOCIATES CONTRACT FOR EYE CARE PROVIDERS 1 ST ADDENDUM The HIPAA BUSINESS ASSOCIATES CONTRACT FOR EYE CARE PROVIDERS ( Original Agreement ) was made available on the Visionweb website
More informationExtracting value from HIPAA Data James Yaple Jackson-Hannah LLC
Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC Session Objectives Examine the value of realistic information in research and software testing Explore the challenges of de-identifying health
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT Express Scripts, Inc. and one or more of its subsidiaries ( ESI ), and Sponsor or one of its affiliates ( Sponsor ), are parties to an agreement ( PBM Agreement ) whereby ESI
More informationNORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION. Division of Data, Research and Federal Policy July 29, 2013
NORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION Transmitting Private Information Electronically Best Practices Guide for Communicating Personally Identifiable Information by Email, Fax or Other Electronic
More informationBUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS
BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS This Business Associate Agreement (this Agreement ), is made as of the day of, 20 (the Effective Date ), by and between ( Business Associate ) and ( Covered Entity
More informationSaaS. Business Associate Agreement
SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered
More informationUPMC POLICY AND PROCEDURE MANUAL
UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1807 Ethics & Compliance SUBJECT: Honest Broker Certification Process Related to the De-identification of Health Information for Research and
More informationImplementing an HMIS within HIPAA
Implementing an HMIS within HIPAA Jon Neiditz Atlanta, GA (678) 427-7809 jneiditz@hunton.com September 14th and 15th, 2004 Chicago, IL Sponsored by the U.S. Department of Housing and Urban Development
More informationBUSINESS ASSOCIATE AGREEMENT. Recitals
BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law
More informationSynapse Privacy Policy
Synapse Privacy Policy Last updated: April 10, 2014 Introduction Sage Bionetworks is driving a systems change in data-intensive healthcare research by enabling a collective approach to information sharing
More informationProgram, you consent to the data practices described in this Privacy Policy.
Privacy Policy. To the extent Gramm-Leach-Bliley Act, 15 U.S.C. 6802 (the GLB Act ) may apply to our services, this Privacy Policy shall serve as your initial Privacy Notice as defined under the GLB Act.
More information2. Privacy Policy Guidance Memorandum 2008-02, OHS Policy Regarding Privacy Impact Assessments (December 30, 2008)
3/30/2016 IV. Definitions 1. Privacy Policy Guidance Memorandum 2008-01, The Fair Information Practice Principles: Framework for Privacy Policy at the Department of Homeland Security (December 29, 2008)
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationNote to Users: Page 1 of 5
Note to Users: The subsequent pages contain a Sample Business Associate Agreement that may be used by healthcare facilities. Be advised that this is strictly a sample and any formal Business Associate
More information2015 NMSBA SCHOOL LAW CONFERENCE
2015 NMSBA SCHOOL LAW CONFERENCE NETWORK SECURITY, DISTRICT POLICIES ON INTERNET USE, AND THE LAW Andrew M. Sanchez David A. Richter Cuddy & McCarthy, LLP 1 FEDERAL LAWS The Family Educational Rights and
More informationHow To Protect Data At Northeast Alabama Community College
Information Systems Security Policy Northeast Alabama Community College Center for Information Assurance Northeast Alabama Community College 138 AL Hwy 35, Rainsville, AL 35986 (256) 228-6001 1 5/22/2014
More informationHIPAA COMPLIANCE INFORMATION. HIPAA Policy
HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas
More informationWheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009
Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009 Late last year, the Federal Trade Commission (FTC) and Federal banking agencies issued a regulation
More informationData Governance and Big Data - A Necessary Convergence. Richard Goldberg Chief Data Governance Officer Citibank Global Consumer Bank
Governance and Big - A Necessary Convergence Richard Goldberg Chief Governance Officer Citibank Global Consumer Bank Governance and Big A Necessary Convergence As our businesses continue to expand its
More informationAPPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT
APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 20 (the Effective Date ), by and between (a) THE SOCIETY OF GYNECOLOGIC
More informationDe-identification, defined and explained. Dan Stocker, MBA, MS, QSA Professional Services, Coalfire
De-identification, defined and explained Dan Stocker, MBA, MS, QSA Professional Services, Coalfire Introduction This perspective paper helps organizations understand why de-identification of protected
More informationAm I a Business Associate?
Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have
More informationPreparing to Serve: Online Training Modules
Preparing to Serve: Online Training Modules MASSEN, A. AND KOWALEWSKI, B. (EDS.) COPYRIGHT 2010. WEBER STATE UNIVERSITY PREPARING TO SERVE: ONLINE TRAINING MODULES PROFESSIONALISM CULTURAL SENSITIVITY
More informationHow To Respond To The Nti'S Request For Comment On Big Data And Privacy
Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Docket No. 140514424 4424 01 RIN 0660 XC010 Comments of the Information Technology Industry
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred
More informationA Privacy and Data Security Checklist for All
July 2015 Many companies know they have to follow privacy and data security rules. Companies in the health care industry know about Health Insurance Portability and Accountability Act (HIPAA). Financial
More informationRed Flag Rules and Aging Services: What You Need to Know
Red Flag Rules and Aging Services: What You Need to Know Late in 2007, six federal agencies, including the Federal Trade Commission ( FTC ), jointly issued final rules and accompanying guidelines to implement
More informationHIPAA Privacy: Refining Your Implementation. Presented by Rhys W. Jones HCCA Compliance Institute April 28, 2003
HIPAA Privacy: Refining Your Implementation Presented by Rhys W. Jones HCCA Compliance Institute April 28, 2003 Designated Record Sets (DRS) Covered entities must document contents of DRS For Providers:
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ), is made effective as of the sign up date on the login information page of the CarePICS.com website, by and between CarePICS,
More informationSTANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT
STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 2014 (the Effective Date ), by and between (a) GI Quality Improvement Consortuim,
More informationHIPAA-Compliant Research Access to PHI
HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for
More informationHIPAA and Big Data Twenty Third National HIPAA Summit. March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer
HIPAA and Big Data Twenty Third National HIPAA Summit March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer Overview HIPAA and Big Data Big Data Definitions Big Data and Health Care Benefits
More informationINTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT
INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between The Board of Trustees of the University of Alabama, on behalf of INTERMACS Registry ( Business Associate
More informationPrivacy and Data Breach Issues
15-013 Privacy and Data Breach Issues Konstantin Dino Tsibouris Founding Principal Tsibouris & Associates Columbus, Ohio Kirk Herath Associate General Counsel Nationwide Insurance Columbus, Ohio Table
More informationThis Instruction implements Department of Homeland Security (DHS) Directive 110-01, Privacy Policy for Operational Use of Social Media.
I. Purpose Department of Homeland Security DHS Directives System Instruction Number: 110-01-001 Revision Number: 00 Issue Date: 6/8/2012 PRIVACY POLICY FOR OPERATIONAL USE OF SOCIAL MEDIA This Instruction
More informationThis form may not be modified without prior approval from the Department of Justice.
This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate
More informationHIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS
HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units
More informationBUSINESS ASSOCIATE ADDENDUM
BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate
More informationBUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION
BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION This Agreement governs the provision of Protected Health Information ("PHI") (as defined in 45 C.F.R.
More informationFirstCarolinaCare Insurance Company Business Associate Agreement
FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance
More informationInformation for Agents and Brokers Regarding the HIPAA Business Associate Agreement
Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement You may be aware that the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) requires health plans
More informationPsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798
PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 Updated 12/8/15 PSYBAR, L. L. C. INDEPENDENT CONTRACTOR AGREEMENT PsyBar attempts to
More informationMMA SAMPLE FORM *REVIEW CAREFULLY & ADAPT TO YOUR PRACTICE*
This is only sample language. The language should be changed to accurately reflect business arrangements between a covered entity and business associate or business associate and subcontractor. In addition,
More informationHIPAA Privacy and Business Associate Agreement
HR 2011-07 ATTACHMENT D HIPAA Privacy and Business Associate Agreement This Agreement is entered into this day of,, between [Employer] ( Employer ), acting on behalf of [Name of covered entity/plan(s)
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationPacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009
Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University
More informationSpring 2016. 23 Invoices for Spring will be available 15 Installment Plan 3 of 5 due by 5 p.m.
Spring 2016 Payment Deadlines Frequently Asked Questions Tuition and Fee Rates Payment Plans Refund Information December March 23 Invoices for Spring will be available 15 Installment Plan 3 of 5 due by
More informationHIPAA Policies and Procedures
HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:
More informationSTATE OF KANSAS HOUSE OF REPRESENTATIVES. I move to amend Substitute for Substitute for HB 2292, on page 1, following line 4, by
fa_2016_hb2292_h_4162 STATE OF KANSAS HOUSE OF REPRESENTATIVES MR. CHAIRMAN: I move to amend Substitute for Substitute for HB 2292, on page 1, following line 4, by inserting: "New Section 1. Sections 1
More informationConnecticut s P20 WIN Data Governance Manual
Connecticut s P20 WIN Data Governance Manual This manual provides a detailed description of the structure, processes, roles and responsibilities that guide the governance of P20 WIN. Prepared by P20 WIN
More informationADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES
ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES This Addendum is entered into effective as of, by and among Delta Dental of Virginia ("Business Associate"), and ( Covered
More informationTHE UNIVERSITY OF MICHIGAN
SECTION: General University Policies Number: 601.11 Revised: 9/7/2004 SUBJECT: Privacy and the Need to Monitor and Date Issued: 12/1/93 Access Records Review Date: 9/7/08 Attachment(s) 0 APPLIES TO: All
More informationBUSINESS ASSOCIATE AGREEMENT
THIS IS A TEMPLATE ONLY. CERTAIN STATES MAY NOT PERMIT THE TYPES OF ACTIVITIES ALLOWED HEREUNDER RELATING TO PROTECTED HEALTH INFORMATION. THUS THIS AGREEMENT MAY NEED TO BE MODIFIED IN ORDER TO COMPLY
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy
More informationBig Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers
Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers March 2013 How Target Knew a High School Girl Was Pregnant Before Her Parents Did just because you can,
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BA Agreement ) is entered into by Medtep Inc., a Delaware corporation ( Business Associate ) and the covered entity ( Covered Entity
More information