Description:
Please note: Information Strategy and Services only oversees HIPAA Security. If you believe your request is a HIPAA Privacy issue, please contact the Office of Privacy at hipaa@cuanschutz.edu
Get expert advice on navigating and adhering to IT security requirements in federal, state and local laws. Below is an overview of federal laws the IT security and compliance team can help your department comply with. Additional services offered on any other federal, state or local law that has specific IT security requirements.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law to protect the privacy, security, and confidentiality of individuals’ health information. HIPAA establishes national standards for how protected health information (PHI) may be used, disclosed, stored, and transmitted by covered entities— such as healthcare providers, health plans, and healthcare clearinghouses— and their business associates.
Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a United States federal law that protects the privacy and confidentiality of student education records. FERPA grants eligible students and parents specific rights regarding access to, amendment of, and control over the disclosure of education records maintained by educational institutions. Educational institutions and authorized third parties with access to education records are required to safeguard this information and use it only for legitimate educational purposes in compliance with FERPA requirements.
Gramm–Leach–Bliley Act (GLBA)
The Gramm–Leach–Bliley Act (GLBA) is a U.S. federal law that governs how financial institutions protect the privacy and security of consumers’ nonpublic personal information. It requires covered organizations to explain their information sharing practices through privacy notices, give consumers limited rights to opt out of certain data sharing, and implement safeguards to protect sensitive data.
Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard designed to protect credit and debit card information throughout the payment lifecycle. PCI DSS sets baseline requirements for securing card data, including maintaining secure networks, protecting stored cardholder information, implementing strong access controls, regularly monitoring and testing systems, and maintaining an information security policy. Compliance helps reduce the risk of data breaches, financial fraud, and penalties from payment card companies.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union that governs how organizations collect, use, store, and protect personal data of individuals located in the EU and European Economic Area. It applies to organizations worldwide if they process EU residents’ personal data and emphasizes transparency, accountability, and individual rights. GDPR grants individuals rights such as access to their data, correction, deletion (the “right to be forgotten”), data portability, and the ability to restrict or object to processing.
Who can use it:
- Faculty
- Staff
- Researchers
- IT Partners
Cost:
Free
How to proceed:
- Click on the Request Consultation button on the right to request a consultation on HIPAA, FERPA, GLBA, PCI DSS, GDPR or any federal, state or local law that pertains to IT Security. The team is here to help answer your questions.
Additional resources: