Stay tuned -- more information to follow.
Privacy at Duke
Duke is committed to appropriate oversight and takes safeguarding sensitive and/or regulated information seriously, promoting responsible stewardship of information assets institution-wide.
Privacy Incident Assessments
The Privacy team is responsible for Privacy Incident Assessments and investigates allegations of regulatory violations and impermissible disclosures of regulated information, including Protected Health Information (PHI) as defined and regulated by Health Insurance Portability and Accountability Act of 1996 (HIPAA), to assure timely compliance with federal and state breach investigation and reporting requirements.
Every Privacy Incident Assessment involves the following:
- A thorough investigation of the alleged violation and of the information allegedly disclosed
- An evaluation of the use and adequacy of the privacy and IT security controls implemented for safeguarding the information at issue
- Breach remediation and mitigation assistance
- Cooperation with and recommendations to Human Resources and/or management
- Training and guidance to educate and/or reinforce best practices for safeguarding information assets to ensure compliance with federal and state laws and regulations and Duke policies
IT security and privacy are often mistakenly considered to be interchangeable. Information security and privacy are not the same, and the difference is critical. Privacy assesses what information needs to be protected and security addresses how to protect it. Privacy looks at the characterization of the information and identifies the protections that may be required. Security addresses the controls necessary to electronically protect the information. Duke’s Privacy and IT Security teams work closely together to ensure appropriate safeguarding of Duke’s information assets. Links to information security offices at Duke are: