Duke Alert Bar

Privacy — A to Z


A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z 

Note: links marked with an asterisk (*) are for use internal to Duke and require log in with NetID and password.

Should a link below take you to the eGRC policy site, please type the policy name or key words in the search box and click the policy button for the following policies.



Acceptable Use Policy

Acceptable Use Policy (Student Affairs)

Access Review Policy*

Duke University Compliance Program Accountability and Assurance/Compliance Policy

Accounting of Disclosures of Protected Health Information*

Affiliated Covered Entity (ACE) and Organized Health Care Arrangement (OHCA)*

Alumni & Development Office – Privacy Policy (Duke Law)

Antivirus and Malware Protection

Arriving and Departing Faculty

Attendance Data Collection Statement (Student Affairs)

Authorizations for Use and Disclosure of Protected Health Information*

Back to Top




Business Associate Policy*

Duke Box

Duke Breach of Protected Health Information/Patient Privacy Policy

Duke University’s DukeMobile Privacy Policy




Campus Resources:  Student Affairs

Certificates of Confidentiality

Children's Online Privacy Protection Rule (COPPA) of 2000

Code of Conduct, Integrity in Action*

Compliance Policy

Compliance Reporting Policy

Computer Security (Student Affairs)

Computing and Electronic Communication (for students)

Confidential Shredding (On-Site Document Destruction)

Confidentiality Agreement

Confidentiality Policy

Duke Confidentiality Policy (Student Affairs)

Cookies, Third-Party

Counseling & Psychological Services (CAPS):  Confidentiality and Privacy

Covered Entity

Back to Top




Data Security FAQ

Data Security Policy

Data Storage, “Big Data”

De-identification of Health Information Subject to the Privacy Rule (HIPAA), aka HIPAA Exemption policy

Departing Faculty

Disclosing Protected Health Information without Patient Authorization or Consent*

Drone Policy

Duke’s Data Classification Standard

DUHS Compliance*

Duke MyChart






Electronic Communication Policy*

Electronic Data Disclosure Policy (Student Affairs)

EU General Data Protection Regulation (GDPR)

Experimental Subject Payment Form

Export Controls

Back to Top




Faculty Affairs, Confidentiality Policy

Fair Credit Reporting Act (FCRA) of 1970

FERPA for faculty

FERPA for students

Fundraising:  Uses and Disclosures of PHI Policy*




The Genetic Information Nondiscrimination Act of 2008 (GINA)

Gifts and Courtesies Policy*

Glossary of terms for Privacy/Security Policies and Procedures*

Gramm-Leach-Bliley Act (GLBA) of 1996




Harassment Prevention, Non-Discrimination, and Title IX

US Department of Health & Human Services, HIPAA Information

Health Insurance Portability and Accountability Act of 1996 (HIPAA) at Duke

Education, Training, and Awareness of the Health Insurance Portability and Accountability Act (HIPAA)*

Housing, Dining & Residence Life (HDRL) Housing Policies

Human Subjects Research

Back to Top




Identity Management and Authentication

Identity Theft


IT Security Office (ITSO)

Duke Health Information Security Office (ISO)*

Duke University, Office of Information Technology, Information Security




Uses and Disclosures Involving Limited Datasets*

Lost or Stolen Device

Back to Top




Minimum Necessary Standard for Using, Disclosing, and Requesting Protected Health Information*

Mobile Device Security

Multi-Factor Authentication

Multi-function Network Device Security (for printers, scanners, copiers and fax machines)




North Carolina Ethics Law – Guidelines for Compliance

North Carolina Identity Theft Protection Act of 2005

Notice of Privacy Practices

Back to Top




Patient Photography, Video, and Audio Recording Policy*

Payment Card Industry (PCI) Security Standards

Photography or Videotaping on Campus

Duke Policies and Procedures*

SSRI Protected Research Data Network (PRDN)

Privacy Act of 1974

Privacy by Design

Privacy Complaints Policy (DUHS)*

Privacy, Identity & Online Security (FTC)

Privacy Policy for Summer College, Summer Academy, and Honors Institute (Continuing Studies)

The Privacy Rule (“HIPAA”) in Research, aka HIPAA as it relates to Research policy

Privacy Safeguards for All Forms of Patient Information Policy*

Back to Top




Red Flags Rule

Release of Information Policy

Office of Research Administration

Office of Research Contracts

Research Integrity Office

Office of Research Support (ORS)

Undergraduate Research Support Office (URS)

Retention, Preservation and Destruction of Records (Records Retention Policy)*



Duke Medicine Secure Systems Usage Memo

Security Breach Policy*

Social Media Policy*

Security on Social Media

SOM Social Media Guidelines

Social Security Number Usage Policy (Duke University)

State Data Security Breach Notification Laws (from Mintz Levin)

Student Health:  HIPAA

Surplus and Storage Programs (including computers)

Back to Top




Faculty/Staff Travel

Inspection of Technical Devices When Traveling:  FAQ

Duke University Talent Identification Program (Duke TIP) Privacy Statement




Unauthorized Access of Medical Records*

Uses and Disclosures of Protected Health Information for Marketing*




Visiting Observer Policy (Non-Physician)*




Duke Website Privacy Policies

Back to Top