Asheville-Buncombe Technical Community College

(A-B Tech) Procedure

Procedure 514: Access to Secure Information

1.  Employees, students, volunteers and interns may not share sensitive information with anyone, including other A-B Tech employees except on a need-to-know basis directly related to job duties where proper authorization has been granted.

2.  Some of this sensitive information may be discoverable under the Freedom of Information Act (FOIA) or other legal requirements but such disclosures shall be made only through official channels in accordance with College policy/procedure. Employees, students, volunteers and interns may not disclose such information to any outside party without proper authorization, even if said information can be disclosed under FOIA or other legal requirements.

3.  In compliance with the Family Educational Rights and Privacy Act (FERPA), employees, students, volunteers and interns are not to discuss or reveal non-directory information about a student with anyone other than the student or, in certain situations, the student’s parents(s). Directory information is listed in the College Catalog under “Privacy of Student Records.” Requests for non-directory information by anyone other than the student or the student’s parents should be directed to the Office of Records and Registration.

4.  In compliance with the regulations and standards established under the Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), also known as the “privacy rule.” The College will ensure that employee and student Protected Health Information (PHI) is kept private.

5.  Employee, student, volunteer and intern passwords must be kept confidential and must not be shared. A session on a computer system may not be shared (i.e. an individual cannot log in to a system and then allow someone else to use the system in their absence).

6.  In the event that a member of IT staff needs to access an individual’s account as part of an active support incident, the individual will be instructed to change that account password after the support call has been completed.

Definitions:

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99): A Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. When a student turns eighteen (18) years old, that student is considered an eligible student and all of the parents’ FERPA rights transfer to that eligible student. The College may, however, disclose an eligible student’s education records to the eligible student’s parents when: 1) the eligible student is listed as a dependent on the parents’ tax returns; 2) the eligible student violated a law or College policy regarding drugs and alcohol and the student is under twenty-one (21) years old; or 3) the disclosure is needed to protect the health or safety of the eligible student or other individuals in an emergency situation.

Freedom of Information Act (FOIA): A federal freedom of information law that allows for the full or partial disclosure of previously unreleased information and documents.

Personal Health Information (PHI): Information that the College has created or received concerning an employee’s or student’s present, past or future health and/or medical condition(s) that could be used to identify him or her. PHI also includes information about medical treatments and payments for health care received.

Pursuant to Board policy, Chapter 500, Section 514, this procedure must be followed by employees, students, volunteers and interns who have access to secure information at the College.

Owner: Executive Director of Human Resources & Organizational Development

Updated: May 7, 2012

1