Changes

Jump to: navigation, search

Social Security Number

714 bytes added, 13:53, March 10, 2020
m
Updated broken links
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
width="20">[[Intellectual Property]]</td>
<td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
width="20">[[Faculty]]</td>
</tr>
</table>
<br />
[[Identification Card]] | [[Secure Area Card Access]] | [[Privacy/Confidentiality]] | [[Computer Use/Electronic Information]] | [[Retention and Destruction/Disposal of Private and Confidential Information]] | [[Use and Disclosure of Protected Health Information (PHI)]] | [[Notice of Privacy Practices]] | [[Access to Designated Record Set]] | [[Accounting of PHI Disclosures]] | [[Patient/Consumer Complaints]] | [[Vendors]] | [[Fax Transmissions]] | [[Psychotherapy Notes]] | [[Facility Security]] | [[Conditions of Treatment Form]] | [[Informed Consent for UNMC Media]] | [[Transporting Protected Health Information]] | [[Honest Broker]] | [[Social Security Number]] | [[Third Party Registry]] | [[Information Security Awareness and Training]]
<br /><br />
Policy No.: '''60756085'''<br />Effective Date: '''DRAFT09/22/15'''<br />Revised Date: '''03/30/18'''<br />Revised Date: '''03/30/18'''<br />
<br />
<big>'''Use of Social Security Number Policy'''</big><br /><br />
This policy governs the use of SSN within the UNMC campus. Use of SSN within information systems provided by University of Nebraska Central Administration shall follow the policies applicable to those systems.
==Policy==
UNMC shall not use Social Security Numbers to identify students, employees, research subjects, alumni, donors, potential students, and affiliates outside of those uses specifically required by law, such as financial aid, payroll and benefit functions.
Social Security Numbers (SSNs) - including any portion of the full nine digits-, shall not be electronically collected, transmitted, or stored by members of the workforce unless specifically authorized in writing by authorized individuals as outlined in this policy. Individuals or departments that collect, transmit or store SSNs will take steps necessary to secure this data using best practices identified by the Information Security Office.
The following individuals are authorized to approve use of Social Security NumberNumbers.*Employees - Assistant Vice Chancellor for Human Resources*Students - Assistant Vice Chancellor for Academic Affairs/Student Affairs
*Research Subjects - Institutional Review Board
*Other - Senior Associate Assistant Vice Chancellor for Business and Finance*Other - Chief Information Security Officer
===General===
*UNMC is responsible for safeguarding and protecting Social Security Numbers against loss, tampering, and disclosure to individuals. The safeguarding of confidential information in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]).
*UNMC shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches involving Social Security Numbers.
*Workforce members who suspect a Social Security Number violation must report it immediately to their respective manager, the Privacy officeOffice, or the Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 1-866844-568348-54309584. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. *Sanctions for violations of privacy or information security policies may include scholastic or employee corrective action up to and including student dismissal or termination of employment. (See UNMC Policy No.1098, [http://wiki.unmc.edu/index.php?title=Corrective/Disciplinary_Action Corrective and Disciplinary Action Policy]).
===Student Education Record Information===
*The Social Security Number of a student is considered confidential information and must not be used to identify a student.
*Information Technology Services (ITS) shall be available to assist in identifying alternatives to use of Social Security Number. Alternatives which should be considered, include but are not limited to:
:*UNMC Student Number*In the event that the Social Security Number of a student must be maintained, a form, [httphttps://wwwsupport.security.unmc.edu/its/security/proceduresexceptions/ssn-use.docx Request to Use Social Security Number], must be completed and submitted to the Information Security Office who which will facilitate approval from the Assistant Vice Chancellor for Academic Affairs/Student Affairs. If Social Security Number must be used and stored in a database, the use of the student’s Social Security Number must comply with [httphttps://wwwinfo.unmc.edu/its/-security/policies/procedures/database-security.html ITS Database Security Procedures].
===Employee Information ===
*The Social Security Number of an employee is considered confidential information and should not be used to identify an employee unless legally mandated.
*ITS The Information Security team shall be available to assist in identifying alternatives to the use of the Social Security Number. Alternatives which should be considered, include but are not limited to:
:*Personnel (SAP) Number
:*Last four digits of Social Security Number *In the event that the Social Security Number of an employee must be maintained, a form, [httphttps://wwwsupport.security.unmc.edu/its/security/proceduresexceptions/ssn-use.docx Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval of the Assistant Vice Chancellor for Human Resources for approval. In cases where the employee Social Security Number must be stored in a database, the database must comply with [httphttps://wwwinfo.unmc.edu/its/-security/policies/procedures/database-security.html ITS Database Security Procedures].
===Research Information ===
*The Social Security Number of a research subject is considered confidential information and should not be used to identify a research subject unless legally mandated.
*ITS shall be available to assist in identifying alternatives to use of Social Security Number.
*In the event that the Social Security Number of a research subject must be maintained, a form, [httphttps://wwwsupport.security.unmc.edu/its/security/proceduresexceptions/ssn-use.docx Request to Use Social Security Number], must be completed and submitted the Information Security Office who which will facilitate approval from the Institutional Review Board. In cases where the research subject Social Security Number must be stored in a database, the database use must comply with [httphttps://wwwinfo.unmc.edu/its/-security/policies/procedures/database-security.html ITS Database Security Procedures].
===Other===
*The Social Security Number of someone in a category not previously defined is considered confidential information and should not be used to identify an individual unless legally mandated.
*ITS The information Security team shall be available to assist in identifying alternatives to use of Social Security Number.*In the event that the Social Security Number must be maintained, a form, [httphttps://wwwsupport.security.unmc.edu/its/security/proceduresexceptions/ssn-use.docx Request to Use Social Security Number], must be completed and submitted to the Information Security Office who which will facilitate approval from the Senior Associate Vice Chancellor for Business and Finance for approval. In cases where the Social Security Number must be stored in a database, the database use must comply with [httphttps://wwwinfo.unmc.edu/its/-security/policies/procedures/database-security.html ITS Database Security Procedures].
===Approval/Disapproval Process===
The Information Security Office will notify unit management and the requestor of the decision to approve/disapprove the request.
If the request to use the Social Security number Number is approved, the Information Security Office will send the approval document to the unit management and requestor.
If the request to use the Social Security number Number is disapproved and the requestor wishes to appeal the decision, the Vice Chancellor for Business and Finance will be asked to review the request and render a final decision.
===Review of Electronic Data storage===
Periodically the Information Security Office will generate reports which will identify the storage locations of Social Security Numbers. These reports will be distributed to unit management for review. The intent of the report is to help unit management know where Social Security Numbers are used within their unit.
'''''Information Security''''' is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons.
'''''Workforce''''' means students, employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC , is under the direct control of UNMC, whether or not they are paid by UNMC.
==Additional Information==
*Contact [mailto:lbazis@unmc.edu Chief Info Security Officer, IT Information Security], 402.559.2882*Compliance Hotline - 1-844-348-9584*UNMC Policy No. 6045, [http://wiki.unmc.edu/index.php?title=Privacy/Confidentiality Privacy, Confidentiality and Information Securityof Patient and Proprietary Information]*UNMC Policy No. 6051, [http://wiki.unmc.edu/index.php?title=Computer_Use/Electronic_Information Computer Use and Electronic Information Security]
*UNMC Policy No. 6073, [[Transporting Protected Health Information]]
*UNMC Policy No. 1098, [http://wiki.unmc.edu/index.php?title=Corrective/Disciplinary_Action Corrective and Disciplinary Action Policy]*[httphttps://wwwsupport.security.unmc.edu/its/security/proceduresexceptions/ssn-use.docx Request to Use Social Security Number] Form*[httphttps://wwwinfo.unmc.edu/its/-security/policies/procedures/database-security.html ITS Database Security Procedures]*[httphttps://wwwinfo.unmc.edu/its/-security/information-security-policies/plan.pdf html Information Security Plan]*[httphttps://wwwinfo.unmc.edu/its/-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information Procedures]*[http://info.unmc.edu/wiki/index.php/Faculty_Handbook UNMC Faculty Handbook: Operating Procedures]* [http://www.unmc.edu/studentservices/_documents/handbook.pdf Student Handbook]
This page maintained by [mailto:dpanowic@unmc.edu dkp].

Navigation menu