1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

Slides:

Advertisements

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

Advertisements

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

The Wild and Wooly World of E-Signatures Dino Tsibouris (614)

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Tales from the Trenches Copyright Long, Mitrano, McGovern, and Orr, This work is the intellectual property of the authors. Permission is granted.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.

Ten Thing IT Staff Need to Know About Education Records Privacy Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith.

Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.

Business Law for the Entrepreneur and Manager

Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Responsible Conduct of Research (RCR) Farida Lada October 16, 2013

NERCOMP 2002 Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith University Registrar University of Connecticut.

Florida Information Protection Act of 2014 (FIPA).

NYSAIS | Webinar | May 11, 2011 Electronic Signatures and Red Flag Rules Presented by: Donald J. Mosher Partner Schulte Roth & Zabel LLP

FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of Academic.

© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

Information Privacy: Public Policy and Institutional Policies Wendy Wigen Policy Analyst, EDUCAUSE Copyright Wendy Wigen, This work is the intellectual.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

1 PARCC Data Privacy & Security Policy December 2013.

1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.

IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.

Prepared by The Office of the Registrar Youngstown State University February, 2009.

Chapter 4: Laws, Regulations, and Compliance

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.

1 Administrative Simplification: The Last Word National HIPAA Summit 8 Baltimore, MD March 9, 2004 William R. Braithwaite, MD, PhD “Doctor HIPAA”

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Systemic Progress in Teaching and Learning Common Elements that Support Campus-Wide Innovation Copyright Andrea Nixon, A. Michael Berman, Christine Haile,

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

Julian Hooker Assistant Managing Director Educause Southwest

Educause/Internet 2 Computer and Network Security Task Force

Florida Information Protection Act of 2014 (FIPA)

E&O Risk Management: Meeting the Challenge of Change

Florida Information Protection Act of 2014 (FIPA)

Confidentiality October 14, 2005.

Disability Services Agencies Briefing On HIPAA

Project for OnLine Instructional Support (POLIS)

myIS.neu.edu – presentation screen shots accompany:

National Congress on Health Care Compliance

AUP, EDP, & Centralized Printing

The Health Insurance Portability and Accountability Act

Presentation transcript:

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2

3 Presentation Outline IT Security-related Legislation – what is it? Why now? Impact on HE General overview of legislation Focus on a few laws related to E-signature How HE is responding What you should do Resources

4 IT Security-related Legislation – what is it? Includes laws, administrative code, FTC regulations, rulings, etc. Focus on Internet No such thing as “Internet Law” Disparate laws – Federal and State Confusing relationships between them Limited case law

5 Why now? 9/11 fallout Explosion in Internet use Commercialization of the Internet Web usage – easy to violate copyright

6 Why now? Increased interest in: –Protecting confidentiality and privacy –Protecting copyright New technologies enable: – Spam –Peer-to-peer –Viruses/worms/hacks

7 How do they impact higher ed? Often created for other industries –HIPAA for health insurance –GLBA for financial Higher Ed is in multiple industries –Loans –Health care –Debit cards –Publication –Research discovery –Education Need legal counsel/audit

8 FERPA Prepared by Judy Caruso, Copyright © 2004, University of Wisconsin Board of Overlap Among IT Security-Related Laws in the beginning there was FERPA...

9 FERPA GLBA UETA E-SIGN SOX CAN-SPAM Business Processes Electronic Records Prepared by Judy Caruso, Copyright © 2004, University of Wisconsin Board of Regents Overlap Among IT Security-Related Laws

10 FERPA GLBA UETA E-SIGN SOX U.S.A. PATRIOT Act CAN-SPAM CDC Select Agent Program Bio- terrorism Protection Act Business Processes Anti- Terrorism Electronic Records Law Enforcement Prepared by Judy Caruso, Copyright © 2004, University of Wisconsin Board of Regents Overlap Among IT Security-Related Laws ECPA CFAA

11 FERPA GLBA UETA E-SIGN SOX U.S.A. PATRIOT Act DMCA CAN-SPAM CDC Select Agent Program Bio- terrorism Protection Act TEACH Copyright Business Processes Anti- Terrorism Instruction Electronic Records Law Enforcement Prepared by Judy Caruso, Copyright © 2004, University of Wisconsin Board of Regents Overlap Among IT Security-Related Laws ECPA CFAA

12 FERPA HIPAA GLBA UETA E-SIGN SOX U.S.A. PATRIOT Act DMCA CAN-SPAM CDC Select Agent Program Bio- terrorism Protection Act TEACH Copyright Business Processes Anti- Terrorism Research Instruction Electronic Records Health Human Subjects Law Enforcement Prepared by Judy Caruso, Copyright © 2004, University of Wisconsin Board of Regents Overlap Among IT Security-Related Laws ECPA CFAA

13 E-Signature Legislation Student Loan E-Signature Regulations FERPA E-Signature Regulations E-Signature Law (E-sign) UETA– Uniform Electronic Transactions Act All procedural statutes

14 E-Signature Rules for Student Loans Issued by Department of Education – 2001 Creates standards for E-Signatures in Student Loan transactions Created a FAFSA-PIN service (Free Application for Federal Student Aid)

15 E-Signature modification to FERPA Proposed in 2003 – effective May 24, 2004 “Signed and dated written consent” may include a record and signature in electronic form. It must: –Identify and authenticate a person as the source of the consent –Indicate the person’s approval Technology neutral Refers to student loan standards as acceptable standard Specifically acknowledges the existence of the E-Sign Act

16 E-Sign Act (Electronic Signatures in Global and National Commerce) Signature, contract or other record may not be denied legal status solely because it’s in electronic form Has consent requirements State governments cannot pre-empt unless they do so by passing UETA

17 UETA – Uniform Electronic Transaction Act State law – passed by 44 states Allows use of electronic records and electronic signatures Drafted specifically to remove barriers to electronic commerce

18 How do these e-signature rules/laws interact? UETA/E-Signature overlap –UETA has provisions not in E-Sign –E-Sign has provisions not in E-Sign –E-sign permits states to pre-empt E-Sign if they passed UETA –Both are technology neutral –Both require consent but E-Sign goes further

19 How do these e-signature rules/laws interact? E-Sign extension to Student Loans/FERPA –Student Loans rule from 2001 is referred to in FERPA rule –For student records, some institutions already implemented e-signature before the FERPA change –It’s more specific than E-Sign but refers to it E-Sign Law and FERPA E-Sign rule –Both have consent requirements

20 How are institutions implementing E-Signature?

21 What we’re doing at Wisconsin Discussing! Consent for each individual transaction or for a group of transactions? Do E-signature and FERPA e-signature laws complement each other? When in doubt – ask consent

22 Institutional approach and costs Dedicate staff Get a lawyer/security officer/internal audit Compliance penalties Cost of a breach –Real $ –Institutional reputation –Cost of communication –Loss of trust

23 Overall steps you can take Overall: –Involve CIOs/ Institution Executives –Discuss with campus legal, auditors, security officers –Work with functional users

24 Steps you can take 1.Institutional assessment 2.Review what other institutions are doing 3.Look at advice from EDUCAUSE, NACUBO, etc. 4.Review state and local law, as well as federal

25 Steps you can take 5.Create security policies and best practices 6.Assess individual systems/procedures Printing SSN’s Sending un-encrypted patient information Data warehouse use Obsolete authorizations Etc. 7.Assess system integration processes/procedures

26 Steps you can take 8.Educate staff regarding copyright, laws, protecting confidentiality/privacy 9.Understand interaction between electronic records and physical security – work with police 10.Prioritize - addressing those areas with the greatest problems and largest vulnerabilities first 11.Monitor and enforce policies/procedures

27 What to do first Institutional assessment: –Who’s working on this? –Overall compliance Education and training

28 Resources p.htmlhttp:// p.html