Social Security Number: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 54: Line 54:
*Information Technology Services (ITS) shall be available to assist in identifying alternatives to use of Social Security Number. Alternatives which should be considered, include but are not limited to:  
*Information Technology Services (ITS) shall be available to assist in identifying alternatives to use of Social Security Number. Alternatives which should be considered, include but are not limited to:  
:*UNMC Student Number
:*UNMC Student Number
*In the event that the Social Security Number of a student must be maintained, a form, [http://www.unmc.edu/its/security/procedures/ssn-use.docx Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval from the Assistant Vice Chancellor for Academic Affairs/Student Affairs. If Social Security Number must be used and stored in a database, the use of the student’s Social Security Number must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
*In the event that the Social Security Number of a student must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval from the Assistant Vice Chancellor for Academic Affairs/Student Affairs. If Social Security Number must be used and stored in a database, the use of the student’s Social Security Number must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
===Employee Information ===
===Employee Information ===
*The Social Security Number of an employee is considered confidential information and should not be used to identify an employee unless legally mandated.
*The Social Security Number of an employee is considered confidential information and should not be used to identify an employee unless legally mandated.
*ITS shall be available to assist in identifying alternatives to use of Social Security Number. Alternatives which should be considered, include but are not limited to:
*ITS shall be available to assist in identifying alternatives to use of Social Security Number. Alternatives which should be considered, include but are not limited to:
:*Personnel (SAP) Number
:*Personnel (SAP) Number
*In the event that the Social Security Number of an employee must be maintained, a form, [http://www.unmc.edu/its/security/procedures/ssn-use.docx Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval of the Assistant Vice Chancellor for Human Resources for approval. In cases where the employee Social Security Number must be stored in a database, the database must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
*In the event that the Social Security Number of an employee must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval of the Assistant Vice Chancellor for Human Resources for approval. In cases where the employee Social Security Number must be stored in a database, the database must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
===Research Information ===
===Research Information ===
*The Social Security Number of a research subject is considered confidential information and should not be used to identify a research subject unless legally mandated.
*The Social Security Number of a research subject is considered confidential information and should not be used to identify a research subject unless legally mandated.
*ITS shall be available to assist in identifying alternatives to use of Social Security Number.   
*ITS shall be available to assist in identifying alternatives to use of Social Security Number.   
*In the event that the Social Security Number of a research subject must be maintained, a form, [http://www.unmc.edu/its/security/procedures/ssn-use.docx Request to Use Social Security Number], must be completed and submitted the Information Security Office who will facilitate approval from the Institutional Review Board. In cases where the research subject Social Security Number must be stored in a database, the database use must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
*In the event that the Social Security Number of a research subject must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted the Information Security Office who will facilitate approval from the Institutional Review Board. In cases where the research subject Social Security Number must be stored in a database, the database use must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
===Other===
===Other===
*The Social Security Number of someone in a category not previously defined is considered confidential information and should not be used to identify an individual unless legally mandated.
*The Social Security Number of someone in a category not previously defined is considered confidential information and should not be used to identify an individual unless legally mandated.
*ITS shall be available to assist in identifying alternatives to use of Social Security Number.
*ITS shall be available to assist in identifying alternatives to use of Social Security Number.
*In the event that the Social Security Number must be maintained, a form, [http://www.unmc.edu/its/security/procedures/ssn-use.docx Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval from the Senior Associate Vice Chancellor for Business and Finance for approval. In cases where the Social Security Number must be stored in a database, the database use must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
*In the event that the Social Security Number must be maintained, a form, [http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number], must be completed and submitted to the Information Security Office who will facilitate approval from the Senior Associate Vice Chancellor for Business and Finance for approval. In cases where the Social Security Number must be stored in a database, the database use must comply with [http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures].
===Approval/Disapproval Process===
===Approval/Disapproval Process===
The Information Security Office will notify unit management and the requestor of the decision to approve/disapprove the request.  
The Information Security Office will notify unit management and the requestor of the decision to approve/disapprove the request.  
Line 88: Line 88:
*UNMC Policy No. 6073, [[Transporting Protected Health Information]]
*UNMC Policy No. 6073, [[Transporting Protected Health Information]]
*UNMC Policy No. 1098, [http://wiki.unmc.edu/Corrective/Disciplinary_Action Corrective and Disciplinary Action]
*UNMC Policy No. 1098, [http://wiki.unmc.edu/Corrective/Disciplinary_Action Corrective and Disciplinary Action]
*[http://www.unmc.edu/its/security/procedures/ssn-use.docx Request to Use Social Security Number] Form
*[http://app1.unmc.edu/forms/its/ssn_request.cfm Request to Use Social Security Number] Form
*[http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures]
*[http://www.unmc.edu/its/security/procedures/database-security.html ITS Database Security Procedures]
*[http://www.unmc.edu/its/security/information-security-plan.pdf Information Security Plan]
*[http://www.unmc.edu/its/security/information-security-plan.pdf Information Security Plan]