Health Care Compliance and Institutional Privacy

Data Privacy Incident Response Protocol

 

UT IT Security Website:  http://www.utoledo.edu/it/security/

This website assists University personnel in establishing an efficient and effective response to incidents involving data loss (accidental or otherwise).  Typically, such events have nothing to do with technology, but human behavior, involving no technology updates/remediation, etc.  The University employs a team approach around incidents that require external reporting.  It provides a guide for handling data privacy incidents, particularly for analyzing incident-related data, and determining the appropriate response to each incident.

Specifically, this website discusses the process for investigating incidents covered under the scope of the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA) and issues of lost or misappropriated University data.  If you have reason to believe that such an incident occurred involving UT student, patient or employee data, contact the Compliance and Privacy Office at 419.383.4270 or ComplianceOffice@utoledo.edu.  If you have reason to believe that such an incident involved a compromise of the University's technology infrastructure, contact the responsible Information Security Officer, as detailed in the UT IT Security Website referred to above.

A Generalized Data Privacy Incident Escalation and Workflow Diagram is documented here.  The detailed Data Privacy Incident Response Protocol Procedures are documented here.  The corresponding narrative is currently under revision;  please contact David Cutri, Chief Compliance Officer, to receive a copy.  In addition, the University has also prepared and documented a Data Privacy Governance Team Member List, a Data Privacy Incident Response Team Member List, a Checklist of Major Steps for Incident Response and Handling, a Communications Tracking Worksheet, and Guidance on Reporting a Data Privacy Incident.

Normal technology operational activities around incidents that the University's Information Technology department deals with on a regular basis is excluded from the scope this website.   These operate on a short latency using checklists and safety checks that are updated on an ongoing basis, but do not necessitate an incident response team or other related processes included on this website.   These activity are managed by the IT Security Office;  for additional information refer to the UT IT Security website at utoledo.edu/it/security, email ithelpdesk@utoledo.edu or call 419.530.2400.

IMPORTANT NOTE: If an incident is deemed to be illegal or life threatening, contact the University of Toledo Police: 419-530-2600.

Last Updated: 6/27/22