Educause Security Discussion
mailing list archives
Re: Federal laws applicable to Universities
From: Tracy Beth Mitrano <tbm3 () CORNELL EDU>
Date: Thu, 7 Nov 2013 21:03:01 +0000
Michael beat me to the punch with a better list, but here are some big hitters I was pulling up for you when his
message came in. Links are not the definitive for implementation, just an idea of what it is about.
Don't forget FISMA: http://csrc.nist.gov/drivers/documents/FISMA-final.pdf
and HITECH: http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html
and GLBA: http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html
On Nov 7, 2013, at 3:43 PM, Francisco Pérez <francisco.perez12 () UPR EDU<mailto:francisco.perez12 () UPR EDU>>
I know that FERPA, HIPAA( if healthcare data) and maybe PCI are applicable to Universities on the US. But there is any
other federal laws applicable or that Universities need to comply with?. Just working on fundamental laws for IT
Compliance on Universities.
Will appreciate your comments.
Information System Office
UPR-Medical Sciences Campus
francisco.perez12 () upr edu<mailto:francisco.perez12 () upr edu>
Confidentiality Notice: Any use, review, distribution or copying of this communication by anyone other than the named
recipient(s) is strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by
error and delete this e-mail from your system.
Please print this email only when necessary.