Employee Code of Responsibility for Security and
Confidentiality of Information
Policy: Employee Code of Responsibility
for Security and Confidentiality of Information
Dept. Responsible: Human Resources
Effective Date: March 1, 2010
Revised Date: June 1, 2009
Overview
Butler University, both as an educational institution of higher
learning and an employer, requires the strict confidentiality and
security of the institution's records, in compliance with the
Family Educational Rights and Privacy Act of 1974 (FERPA), the
Health Insurance Portability and Accountability Act (HIPAA),
Indiana code and other federal, state and local laws as applicable
that affect the dissemination and use of confidential or protected
information and records. Administrators, faculty, staff and
student workers (Employees) who have access to such information
and/or records shall safeguard the privacy and confidentiality of
such information and/or records and shall not disclose or
disseminate such information and/or records (in whatever form
maintained) to any unauthorized person or entity.
Scope
This policy applies to faculty, staff and all others performing
tasks on behalf of Butler University, including but not
limited to contractors, affiliates, guest instructors, student
workers, and third party providers, as it is through the diligent
efforts of everyone that information is protected.
Policy Statement
- Without limiting the generality of the foregoing, activities
which are prohibited in all cases include, but are not limited to:
- Engaging in any unauthorized or inappropriate use of
information and/or records, or permitting such unauthorized or
inappropriate use;
- Obtaining or attempting to obtain personal benefit or
permitting others to obtain or attempt to obtain personal benefit
by the use or disclosure of any confidential information and/or
records that an Employee accesses in the course of his/her work
assignment or otherwise;
- Exhibiting or divulging contents of any record or report to any
person or entity, except in the conduct of the Employee's work
assignment and/or responsibilities in accordance with Butler
University policies;
- Knowingly including or causing to be included in any record or
report a false, inaccurate, or misleading entry;
- Removing any official record or report (or copy thereof) from
the office where it is kept, except in the performance of the
Employee's work assignment and/or responsibilities in accordance
with Butler University policies; and
- Aiding, abetting, or acting in conspiracy with any other person
to violate or compromise the confidentiality of
protected information or records, or
to violate this Employee Code
of Responsibility.
- Compliance -- Employees are expected to immediately report any
threatened or actual violation of this Employee Code of
Responsibility to their immediate supervisor or the Human Resources
Department.
- Breach -- Any violation of this Employee Code of Responsibility
will subject the offending Employee to disciplinary action
consistent with the policies of Butler University, which may
include termination of employment and possible legal action.
Where the Employee is a student, disciplinary action may also
include suspension or expulsion from the University, or such other
academic or other sanctions as the University deems
appropriate.
Administration
Operational responsibility of this policy is delegated to the
Executive Director of Human Resources. Periodically or as required,
this policy will be reviewed by the Sr. Administrative Group to
ensure the policy is up to date and applicable in the current
environment. Periodic reports will be made to the Sr.
Administrative Group in the event of material breaches.
Related Policies
Revision History
Approved by the Board of Trustees, February 26, 2010
Became formal campus wide policy March 1, 2010; previously Human
Resources and Registration and Records form signed prior to
granting PeopleSoft access and/or at new hire
Approved by Sr. Administrative Group: January 19, 2010
Statement revised June 2009
Originally created April 2001