Information Privacy, Security, and Management

Information is the cornerstone of the University’s teaching, research and administrative efforts.  Although much of that information is open to the world, it is important to understand what types of information must be secured and how to secure each type.  The security and operation of the University’s technology systems depend on the cooperation and vigilance of everyone.


Acceptable Use

Information Privacy

Information Security

Information Management

Protected Health Information/HIPAA

Acceptable Use

Conditions of Use and Policy on Computing Ethics

Back to top

Information Privacy

Digital Millennium Copyright Act (DMCA) and Copyright Infringement

Family Educational Rights and Privacy Act (FERPA)

 Back to top

Information Security

Information Security Policy

Data Protection Standards

Additional Guidance on Data Protection Standards

Gramm-Leech-Bliley Act (safeguarding information)

Payment Card Industry Data Security Standards

Red Flag Rules / Universal Identity Theft

Secure Data Center Access

Back to top

Information Management Policies

Broadcast Email Policy

–   Broadcast Email Introduction

Patent Policy – Charles River Campus

Patent Policy – Medical Campus

Record Retention Policy

      –   Record Retention Table

Trademark Licensing Policy

Back to top

Protected Health Information/HIPAA

Research – HIPAA information for Charles River Campus Researchers

HIPAA Policies for Health Care Providers – Privacy and Security of Protected Health Information

Table of Contents, HIPAA Policies for Health Care Providers

Introduction to HIPAA Policies at Boston University (includes Policy Responsibility)

Policy 1, HIPAA Basics

Policy 2, Individual Responsibilities for Safeguarding PHI

Policy 3, Routine Use and Disclosure of PHI

Policy 4, Non-Routine Uses and Disclosures of PHI without Authorization; Prohibited Uses

Policy 5, Authorizations and When They are Necessary

Policy 6, Individuals’ Rights under HIPAA

Policy 7, Breaches

Policy 8, HIPAA Security Program

Policy 9, Documentation and Retention

Policy 10, Exceptions

Policy 11, Definitions

Appendix A, HIPAA Contacts

Back to top