Duke Alert Bar

Privacy Resources at Duke

Note: Most links below open in the same window; please use the back arrow to return to current page. Links with * require NetID login.

Acceptable Use Policy

Access Review Policy*

Duke University Compliance Program Accountability and Assurance/Compliance Policy

Affiliated Covered Entity (ACE) and Organized Health Care Arrangement (OHCA)*

Antivirus and Malware Protection

Business Associate Policy*

Confidential Shredding (On-Site Document Destruction)

Cookies, Third-Party

Covered Entity

Data Security FAQ

Data Security Policy

Data Storage, “Big Data”

Deidentification of Health Information Subject to the Privacy Rule (HIPAA), aka HIPAA Exemption Policy

Disclosing Protected Health Information without Patient Authorization or Consent*

Drone Policy

Duke Box

Duke’s Data Classification Standard

DUHS Compliance*


Fundraising:  Uses and Disclosures of PHI Policy*

US Department of Health & Human Services, HIPAA Information

Health Insurance Portability and Accountability Act of 1996 (HIPAA) at Duke

Education, Training, and Awareness of the Health Insurance Portability and Accountability Act (HIPAA)*

Identified Data

IT Security Office (ITSO)

Duke Health Information Security Office (ISO)*

Duke University, Office of Information Technology, Information Security

Minimum Necessary Standard for Using, Disclosing, and Requesting Protected Health Information*

Multi-function Network Device Security (for printers, scanners, copiers and fax machines)

North Carolina Ethics Law – Guidelines for Compliance

North Carolina Identity Theft Protection Act of 2005

Notice of Privacy Practices

Patient Photography, Video, and Audio Recording Policy*

Payment Card Industry (PCI) Security Standards

Photography or Videotaping on Campus

Duke Policies and Procedures*

Privacy by Design

Privacy Complaints Policy (DUHS)*

Privacy, Identity & Online Security (Federal Trade Commission or FTC)

Glossary of terms for Privacy/Security Policies and Procedures*

Security on Social Media

SOM Social Media Guidelines

State Data Security Breach Notification Laws (from Mintz Levin)

Surplus and Storage Programs (including computers)

Duke University Talent Identification Program (Duke TIP) Privacy Statement

Visiting Observer Policy (Non-Physician)*

Uses and Disclosures of Protected Health Information for Marketing*

Visiting Observer Policy (Non-Physician)*

Duke Health Website Privacy Policy

Private Diagnostic Clinic, PLLC (PDC) Website Privacy Policy