As colleges and universities collect more and more sensitive, personal electronic information, they become more and more likely to experience a “data breach.” Although institutions spend considerable time focusing on high-tech solutions to help guard their data against criminal activity, low-tech strategies can prove equally effective. One low-tech strategy is to simply stop putting a student’s personal information (“PI”) on university forms and documents when it is not necessary—like including a student’s social security number on a transcript. Continue Reading Cut the Cord—Colleges and Universities Should Stop Including Social Security Numbers on Transcripts
The Federal Bureau of Investigation has released a public service announcement warning of fraud schemes aimed at colleges, universities, and their constituents. The May 5 announcement outlines several – unfortunately effective – schemes that have taken off since July 2016, including:
- Vendor Bank Account Scam
- Fake “Education Tax” Scam
- Phishing Scheme Involving Requests for W-2 Tax Information and
- Phishing Scheme Involving Payroll Fraud
The announcement explains in plain language how each scam works and how schools, employees, and students can guard against falling victim to them. Consider sharing this information with your institutional community and remain vigilant in protecting your systems and data.
The Health Insurance Portability and Accountability Act of 1996—commonly referred to as “HIPAA”—is a federal law imposing certain data privacy and data security requirements with respect to medical information, including the personal health information of individual persons. Colleges and universities maintain medical information related to employees and students in a host of locations, including human resources files, student records, and in the records of on-campus health and counseling centers, among others. Higher education administrators unfamiliar with the intricacies of HIPAA often believe the law imposes more obligations on colleges and universities than it actually does. This post dispels some of the most common myths relating to HIPAA and higher education.
Myth #1: HIPAA applies to all medical information we maintain as a college or university.
While HIPAA’s privacy rule does govern the privacy of protected health information (PHI), HIPAA’s privacy rule only applies to HIPAA “covered entit[ies].” As a general rule, covered entities include: (1) health plans; (2) health care clearinghouses; and (3) healthcare providers who electronically transmit health information in connection with certain electronic transactions relating to billing, payment, and/or insurance coverage. Continue Reading Top 5 Common HIPAA “Myths” That Arise In Higher Education
Colleges and universities frequently hire third-party vendors to provide services that involve student data—cloud storage, online education delivery, and online grade books to name a few. Although the arrangements are common, they can run afoul of the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 CFR Part 99) (FERPA) and other data privacy best practices. To learn more about what this means for colleges and universities, please visit Sean Tassi’s recent blog post on Husch Blackwell’s Byte Back blog.