Social Security Number: Difference between revisions

m
no edit summary
(add Faculty tab)
mNo edit summary
Line 52: Line 52:
*UNMC is responsible for safeguarding and protecting Social Security Numbers against loss, tampering and disclosure. The safeguarding of confidential information in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]).
*UNMC is responsible for safeguarding and protecting Social Security Numbers against loss, tampering and disclosure. The safeguarding of confidential information in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]).
*UNMC shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches involving Social Security Numbers.  
*UNMC shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches involving Social Security Numbers.  
*Workforce members who suspect a Social Security Number violation must report it immediately to their respective manager, the Privacy Office, or the Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 1-866-568-5430. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations.  
*Workforce members who suspect a Social Security Number violation must report it immediately to their respective manager, the Privacy Office, or the Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 1-844-348-9584. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations.  
*Sanctions for violations of privacy or information security policies may include scholastic or employee corrective action up to and including student dismissal or termination of employment. (See UNMC Policy No. 1098, [http://wiki.unmc.edu/index.php?title=Corrective/Disciplinary_Action Corrective and Disciplinary Action Policy]).
*Sanctions for violations of privacy or information security policies may include scholastic or employee corrective action up to and including student dismissal or termination of employment. (See UNMC Policy No. 1098, [http://wiki.unmc.edu/index.php?title=Corrective/Disciplinary_Action Corrective and Disciplinary Action Policy]).
===Student Education Record Information===
===Student Education Record Information===
*The Social Security Number of a student is considered confidential information and must not be used to identify a student.
*The Social Security Number of a student is considered confidential information and must not be used to identify a student.
Line 60: Line 59:
:*UNMC Student Number
:*UNMC Student Number
*In the event that the Social Security Number of a student must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office which will facilitate approval from the Assistant Vice Chancellor for Academic Affairs/Student Affairs. If Social Security Number must be used and stored in a database, the use of the student’s Social Security Number must comply with [https://info.unmc.edu/its-security/policies/procedures/database-security.html ITS Database Security Procedures].
*In the event that the Social Security Number of a student must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office which will facilitate approval from the Assistant Vice Chancellor for Academic Affairs/Student Affairs. If Social Security Number must be used and stored in a database, the use of the student’s Social Security Number must comply with [https://info.unmc.edu/its-security/policies/procedures/database-security.html ITS Database Security Procedures].
===Employee Information ===
===Employee Information ===
*The Social Security Number of an employee is considered confidential information and should not be used to identify an employee unless legally mandated.
*The Social Security Number of an employee is considered confidential information and should not be used to identify an employee unless legally mandated.
Line 66: Line 64:
:*Personnel (SAP) Number
:*Personnel (SAP) Number
*In the event that the Social Security Number of an employee must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval of the Assistant Vice Chancellor for Human Resources for approval. In cases where the employee Social Security Number must be stored in a database, the database must comply with [https://info.unmc.edu/its-security/policies/procedures/database-security.html ITS Database Security Procedures].
*In the event that the Social Security Number of an employee must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval of the Assistant Vice Chancellor for Human Resources for approval. In cases where the employee Social Security Number must be stored in a database, the database must comply with [https://info.unmc.edu/its-security/policies/procedures/database-security.html ITS Database Security Procedures].
===Research Information ===
===Research Information ===
*The Social Security Number of a research subject is considered confidential information and should not be used to identify a research subject unless legally mandated.
*The Social Security Number of a research subject is considered confidential information and should not be used to identify a research subject unless legally mandated.
*ITS shall be available to assist in identifying alternatives to use of Social Security Number.   
*ITS shall be available to assist in identifying alternatives to use of Social Security Number.   
*In the event that the Social Security Number of a research subject must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted the Information Security Office which will facilitate approval from the Institutional Review Board. In cases where the research subject Social Security Number must be stored in a database, the database use must comply with [https://info.unmc.edu/its-security/policies/procedures/database-security.html ITS Database Security Procedures].
*In the event that the Social Security Number of a research subject must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted the Information Security Office which will facilitate approval from the Institutional Review Board. In cases where the research subject Social Security Number must be stored in a database, the database use must comply with [https://info.unmc.edu/its-security/policies/procedures/database-security.html ITS Database Security Procedures].
===Other===
===Other===
*The Social Security Number of someone in a category not previously defined is considered confidential information and should not be used to identify an individual unless legally mandated.
*The Social Security Number of someone in a category not previously defined is considered confidential information and should not be used to identify an individual unless legally mandated.
*The information Security team shall be available to assist in identifying alternatives to use of Social Security Number.
*The information Security team shall be available to assist in identifying alternatives to use of Social Security Number.
*In the event that the Social Security Number must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office which will facilitate approval from the Senior Associate Vice Chancellor for Business and Finance for approval. In cases where the Social Security Number must be stored in a database, the database use must comply with [https://info.unmc.edu/its-security/policies/procedures/database-security.html ITS Database Security Procedures].
*In the event that the Social Security Number must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office which will facilitate approval from the Senior Associate Vice Chancellor for Business and Finance for approval. In cases where the Social Security Number must be stored in a database, the database use must comply with [https://info.unmc.edu/its-security/policies/procedures/database-security.html ITS Database Security Procedures].
===Approval/Disapproval Process===
===Approval/Disapproval Process===
The Information Security Office will notify unit management and the requestor of the decision to approve/disapprove the request.  
The Information Security Office will notify unit management and the requestor of the decision to approve/disapprove the request.  
Line 93: Line 88:
==Additional Information==
==Additional Information==
*Contact [mailto:lbazis@unmc.edu Chief Info Security Officer, IT Information Security], 402.559.2882
*Contact [mailto:lbazis@unmc.edu Chief Info Security Officer, IT Information Security], 402.559.2882
*Compliance Hotline - 1-844-348-9584
*UNMC Policy No. 6045, [http://wiki.unmc.edu/index.php?title=Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information]
*UNMC Policy No. 6045, [http://wiki.unmc.edu/index.php?title=Privacy/Confidentiality Privacy, Confidentiality and Security of Patient and Proprietary Information]
*UNMC Policy No. 6051, [http://wiki.unmc.edu/index.php?title=Computer_Use/Electronic_Information Computer Use and Electronic Information Security]
*UNMC Policy No. 6051, [http://wiki.unmc.edu/index.php?title=Computer_Use/Electronic_Information Computer Use and Electronic Information Security]