Information Security Compliance
The Information Security Department works with stakeholders across UMASS Medical School to bridge the gap between cutting edge research and projects with an in-depth understanding of the role compliance plays in achieving the School’s mission and goals.
Integrating compliance into key initiatives will strengthen our position as an innovative organization leading the way towards solving the world’s biggest heath crisis and teaching the next generation of practitioners. Planning to work with sensitive data elements, such as Private Health Information (PHI) and Personally Identifiable Information (PII), contact the Information Security Department at ITSecurity@umassmed.edu
Compliance is often evaluated at the Federal level to ensure that entities are prepared and are actively analyzing and improving compliance programs. A compliance programs encompasses many facets of how an entity conducts business, assesses and mitigates risks and protects data.
HIPAA is the Health Insurance Portability and Accountability Act of 1996 that specifies laws for the protection and use of Personal (or Protected) Health Information (PHI) which is essentially your medical record.
Under the HIPAA Privacy Rule, protected health information (PHI) refers to individually identifiable health information. Individually identifiable health information is that which can be linked to a particular person.
A number of state laws require that Personal Identity Information (PII) is appropriately protected and that affected individuals must be notified of any reasonable suspicion of a compromise of that protection. The University is responsible for complying with these legal requirements and for providing employees with information about requirements and responsibilities relating to PII.
This information constitutes your official notifications of rights granted to you under the Family Educational Rights and Privacy Act (FERPA). Ferpa is a Federal Law that is administrated by the Family Policy Compliance Office in the U.S.