According to UAB policy and standards, data tied to HIPAA, FISMA, PCI DSS, GLBA, and FERPA are considered personally identifiable information (PII) or protected health information (PHI) and must be protected.
UAB classifies FERPA as Sensitive data, while HIPAA, FISMA, PCI, and GLBA data are classified as Restricted/PHI. It is imperative that UAB remain compliant with federal laws and UAB policy and standards that protect us all. Learn more about IT compliance on the following topics:
Risk Management
Take steps to reduce risk by mitigating vulnerabilities and planning for threats.
Data Reduction
Find and remove Restricted/PHI data to secure student and staff data.
FERPA
A federal law governing the privacy and handling of educational records and giving specific rights to students.
FISMA
Specific security requirements for systems that process, transmit, or store federal data.
GDPR
EU law that provides consumers with more control of how their personal data is collected, used, and retained.
GLBA
Law that requires financial institutions to protect the privacy of consumer information.
HIPAA
Law that mandates PHI be protected to maintain the privacy and confidentiality of patients’ medical information.
NIST SP 800-171
A security framework that provides guidance for protecting unclassified government data by non-federal information systems.
PCI
A mandated set of security controls created by the major credit card companies that provide a unified approach to safeguarding cardholder data.