Documents Contributed by ECAR, Security Planning, and Research Bulletins

This research bulletin describes a functional framework for higher education compliance with the HIPAA IT security final rule. The framework, which can be adapted for individual universities, includes an institutional plan, an organizational process, reporting and tracking mechanisms, and training. It is based on principles of leveraging the compliance process to create a more secure institution-wide IT environment.

This bulletin examines how higher education is coping with managing information technology security from the policy perspective. It focuses particular attention on policy processes and programs that address the tensions between preserving confidentiality, ensuring data integrity, and maintaining an academic environment in which information is easily available to authorized users.