Documents Contributed by ECAR and Training

This research bulletin details the procedures and processes undertaken by the University of Minnesota to ensure that all employees, from student workers and custodial staff through senior research faculty and administrators, received training about keeping private data secure tailored to their roles and responsibilities. It illustrates how the implementation of the training resulted in improvements in incident reporting and response procedures, awareness of institutional private data and expectations for securing them, and many aspects of data security.

Citation for this work: Janssen, Ross T., and Greg C. Sales. “Regulatory Compliance Training: Public Jobs, Private Data” (Research Bulletin, Issue 8). Boulder, CO: EDUCAUSE Center for Applied Research, 2008, available from http://www.educause.edu/ecar.

This September-October 2006 survey, administered to chief business officers and chief financial officers affiliated with the National Association of College and University Business Officers (NACUBO), seeks to understand higher education's plans, infrastructure, experience, and capability in the area of business continuity. The results of the survey will be reported as part of the EDUCAUSE Center for Applied Research 2007 study of information technology readiness for business continuity in higher education.

This May 2006 survey seeks to understand higher education's plans, infrastructure, experience, and capability in the area of information technology support for business continuity.

This research bulletin describes a functional framework for higher education compliance with the HIPAA IT security final rule. The framework, which can be adapted for individual universities, includes an institutional plan, an organizational process, reporting and tracking mechanisms, and training. It is based on principles of leveraging the compliance process to create a more secure institution-wide IT environment.

Faced with the challenge of quickly developing, delivering, tracking, and reporting customized HIPAA training for 17,000 workers and students, the University of Minnesota leveraged important pieces of its information technology infrastructure. This research bulletin describes how the Health Insurance Portability and Accountability Act catalyzed the design of an online training model that initially brought the institution into compliance and has since been repurposed for other educational endeavors.

This research bulletin suggests that there is a void in IT professional development programs specific to higher education. Northeastern University has established a course for IT professionals that focuses on understanding how higher education's history, organizational structure, governance, and practices impact the demands on faculty, students, and administrative staff. In its most general sense, the course is designed to meet the challenge of educating IT professionals about the customers they serve and the institutional environment in which they operate. The course also fosters an understanding of the unique language, principles, and practices of higher education.