How to Report a Privacy Concern
Helpline number: (800)-215-9664
In an increasingly complex legal and regulatory environment relating to information privacy and security, higher education institutions find themselves in need of a strong privacy compliance program. Privacy regulations are at the forefront of public concern as technology continues to rapidly advance. Rutgers is committed to safeguarding our students, staff, and faculty’s privacy rights and to developing a culture of compliance throughout the university.
Rutgers Privacy Compliance Program is a critical component of Rutgers Institutional Compliance Program and is headed by the university’s Senior Vice President & Chief Enterprise Risk, Ethics, and Compliance Officer. The office oversees the development and effectuation of a comprehensive privacy compliance program in accordance with federal, state, and industry guidelines. Where privacy regulations apply to multiple departments at the university, the privacy compliance unit provides assistance and guidance.
Compliance with the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the federal Family Educational Rights and Privacy Act (FERPA) are, at present, the primary focus of the privacy program.
- HIPAA concerns the protection of individually identifiable health information that is transmitted or maintained in any form or medium. The privacy rules affect the day-to-day business operations of all organizations that provides medical care and maintains personal health information.
Our HIPAA program relies upon privacy liasons at the department/ unit level, who are charged with carrying out HIPAA regulations within their respective units. These liasons provide information to our Privacy Director, who monitors and oversees overall implementation of the program throughout the university. The RBHS Corporate Compliance Committee and the HIPAA Compliance Committee, newly formed at Rutgers-legacy, are charged with ensuring the programs success.
- FERPA protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the US Department of Education. The Act gives parents certain rights with respect to their children’s education records, which then transfer to the student when he or she reaches the age of 18 or attends an higher education institution.
Unlike HIPAA, FERPA Compliance at Rutgers resides with each campus' respective registrar departments and seeks guidance from our Privacy Director when requested or where a suspected breach has occurred. Regardless of where the compliance responsibilities reside, our program’s intent is to keep the registrars abreast of developments in relevant laws, offer guidance on program implementation, and to offer assistance when requested. Where a large scale technical incident occurs, the Privacy Director or unit will prompt the university Information Protection Evaluation Team (IPET) to assist in determining the extent and vector of the data exposure, and recommend action if necessary.
The privacy unit promotes compliance with privacy laws and provides guidance in these critical areas. When an incident is reported, the unit responds, with relevant departments, to assess whether a breach has occurred and thereafter oversees the appropriate action necessary in accordance with the law. The goal of the program is to set standards of excellence in privacy security and to present a structure whereby success is measured in prevention and mitigation. An assessment of how to further develop each foundational principle of the program and a work plan for improvement is conducted each fiscal year in the effort to meet these goals.
The foundational principles of the Privacy Compliance Program and how the privacy compliance unit intends on developing it at Rutgers include:
- Instituting Effective Privacy Policies, Procedures, and Controls
- Communication and Education
- Monitoring and Tracking
- Reporting and Response