èßäÊÓƵ

6.13 Confidential Information

While you are an employee of the University, you may have occasion to deal with financial information, business development, software and computer programs, marketing strategies, student records, employee records, and other sensitive information which is confidential in nature. You will respect the confidentiality of information by not discussing it with anyone except your supervisor unless there is a work-related need to know. You should ask your supervisor for guidance to confirm whether the information is confidential.

It is extremely important that all such information remain confidential. Any employee who improperly copies, removes (whether physically or electronically), uses, or discloses confidential information to anyone outside of the University may be subject to disciplinary action up to and including termination. Employees may be required to sign an agreement reiterating these obligations.

All student records are presumed to be confidential unless determined otherwise by the appropriate University official. All University employees will abide by the regulations regarding privacy and security of student records as issued by the Department of Education and mandated by the Family Education Rights & Privacy Act (FERPA), as well as any other applicable federal, state, or local law.

All University employees will abide by the regulations regarding privacy and security of health information as issued by the Department of Health and Human Services and mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as well as any other applicable federal, state, or local law. 

The following University Policies provide additional measures employees must follow to maintain the security of personal data of faculty, staff, patients, students, contractors, agents, vendors, trustees, and any other members of the University community: 

Confidential Data Protection

Information Systems Security

Information Security Awareness Training

InfoSec Incident Response

Multifactor Authentication 

Computer Vulnerability Management

(bundle)

Any employee who violates record confidentiality is subject to disciplinary action, up to and including termination.