The Monster under the Bed – The data you didn’t know you had
In 2016, Health and Human Services begin to attach a cost to organizations not knowing what data they had, and while information technology is a large component of data security regulation, it is by no means the only one, as general data-handling, process, and documentation are the most important components of an organization’s information assurance program.
In an academic setting where students, faculty, and staff wear multiple hats, I’ll provide an overview of how our legal clinic differentiated those roles, identified ongoing practices, processed that identification through decision-makers, and then captured in policies and procedures.
I’ll review HIPAA regulations as they likely affect Law schools and their clinics, delve into the Confidential Unclassified Information initiative as it relates to HIPAA, related NIST standards, and discuss our Clinic’s assessment by an outside vendor.
With FERPA, HIPAA, GDPR, open records laws, and other regulatory domains that many of us live under, it’s my hope we can use this session to discuss concerns and offer each other solutions.