Schools and universities throughout the country need to conduct business in a secure manner while achieving regulatory compliance and providing the controlled sharing of data. They need to develop and implement security policies to protect against security breaches. They need to increase security awareness among the education community and promote safe computing practices with their students.
TraceSecurity’s solution for the Education sector helps you meet the specific regulatory challenges from GLBA, HIPAA, FERPA and others. We help you demonstrate compliance to security policies, guidelines and best practices. At the same time, we help protect the personal information of your students and faculty and the integrity of your data.
The Gramm-Leach Bliley Act (GLBA) data protection requirements mandate that financial institutions protect the security and confidentiality of customers' non-public personal information and institute appropriate administrative, technical, and physical safeguards to accomplish this requirement. GLBA also requires covered institutions to protect against any anticipated threats or hazards to the security or integrity of customer records; and to protect against unauthorized access to or use of records or information which could result in substantial harm or inconvenience to any customer.
Many institutions that are not commonly thought of as financial in nature are covered by GLBA requirements, such as insurance companies, tax prepares, colleges and universities, financial planners and others.
In defining and implementing an information security program, covered institutions must develop a risk-based information security program that includes involvement of the board and senior management, a risk assessment of threats and vulnerabilities, effective risk management and controls, training, testing, vendor oversight, monitoring and adjusting, and board reporting.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that providers, health plans, clearinghouses, and their business associates establish appropriate administrative, technical, and physical safeguards to protect the privacy and security of sensitive health information. Specifically, sections 164.308 and 164.312 of the HIPAA Security Standards define administrative and technical safeguards that must be used to protect confidential medical information. HIPAA also requires health providers and others to take steps to mitigate any breach of safeguards or other violations of its policies and procedures.
The Family Educational Rights & Privacy Act (FERPA) protects the privacy of student records. It can be defined as “a federal law designed to protect the privacy of education records, to establish the right of students to inspect and review their education records, and to provide guidelines for the correction of inaccurate and misleading data through informal and formal hearings.” The Act applies to students enrolled in higher education institutions as well as K-12 students. Any educational agency or educational institution which receives funds under any program administered by the Secretary of Education is required to comply with FERPA. Institutions which violate the Act can be faced with a withdrawal of Federal funding.
Many institutions that are not commonly thought of as financial in nature are covered by GLBA requirements, such as insurance companies, tax prepares, colleges and universities, financial planners and others.
In defining and implementing an information security program, covered institutions must develop a risk-based information security program that includes involvement of the board and senior management, a risk assessment of threats and vulnerabilities, effective risk management and controls, training, testing, vendor oversight, monitoring and adjusting, and board reporting.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that providers, health plans, clearinghouses, and their business associates establish appropriate administrative, technical, and physical safeguards to protect the privacy and security of sensitive health information. Specifically, sections 164.308 and 164.312 of the HIPAA Security Standards define administrative and technical safeguards that must be used to protect confidential medical information. HIPAA also requires health providers and others to take steps to mitigate any breach of safeguards or other violations of its policies and procedures.
The Family Educational Rights & Privacy Act (FERPA) protects the privacy of student records. It can be defined as “a federal law designed to protect the privacy of education records, to establish the right of students to inspect and review their education records, and to provide guidelines for the correction of inaccurate and misleading data through informal and formal hearings.” The Act applies to students enrolled in higher education institutions as well as K-12 students. Any educational agency or educational institution which receives funds under any program administered by the Secretary of Education is required to comply with FERPA. Institutions which violate the Act can be faced with a withdrawal of Federal funding.
