Skip redundant pieces
 

Gramm-Leach-Bliley Act

I. The designated employees for the coordination and execution of the Information Security Plan are the Director of Student Financial Aid and the Director of Information Security for the University of Kansas Medical Center. All correspondence and inquiries should be directed to either the Director of Student Financial Aid or the Director of Information Security.

II. The following have been identified as relevant areas to be considered when assessing the risks of unauthorized student information disclosures:

Registrar's Office
Information Systems
Student Financial Aid Office
Student Financial Accounting Office

III. The Director of Student Financial Aid will coordinate with the Director of Information Security to maintain the information security program. Each relevant area is responsible for securing student information in accordance with all safeguarding guidelines. In addition the Information Resources Office will maintain and provide access to policies and procedures that protect against any anticipated threats to the security or integrity of electronic student information and that guard against the unauthorized use of such information.

IV. The University of Kansas Medical Center will select appropriate service providers that are given access to student information in the normal course of business and will contract with them to provide adequate safeguards. In the process of choosing a service provider that will have access to student information the evaluation process shall include the ability of the service provider to safeguard student information. Contracts with service providers shall include the following provisions:

  • An explicit acknowledgement that the contract allows the contract partner access to confidential information.
  • A specific definition of the confidential information being provided.
  • A stipulation that the confidential information will be held in strict confidence and accessed only for the explicit business purpose of the contract.
  • A guarantee from the contract partner that it will ensure compliance with the protective conditions outlined in the contract.
  • A guarantee from the contract partner that it will protect the confidential information it accesses according to commercially acceptable standards and no less rigorously than it protects its own customers' confidential information.
  • A provision mandating the return or destruction of all confidential information received by the contract partner upon completion of the contract.
  • A stipulation allowing the entry of injunctive relief without posting bond in order to prevent or remedy breach of the confidentiality obligations of the contract.
  • A stipulation that any violation of the contract's protective conditions amounts to a material breach of contract and entitles the University of Kansas Medical Center to immediately terminate the contract without penalty.
  • A provision allowing auditing of the contract partners' compliance with the contract safeguard requirements.
  • A provision ensuring that the contracts' protective requirements shall survive any termination agreement.


May 23, 2003. Because all of KUMC's associated service providers are themselves subject to the Gramm-Leach-Bliley Act, no service provider contracts are in place at this time. All future relationships with service providers will be evaluated to assure full compliance.

V. This information security plan shall be evaluated and adjusted in light of relevant circumstances, including changes in the university's business arrangements or operations, or as a result of testing and monitoring the safeguards. Periodic auditing of each relevant area's compliance shall be done at the joint discretion of the University's Auditor and the Director of Information Security.

Contact information

For information on this policy, please contact:


Sherry Callahan
Director of Information Security
Department of Information Resources
University of Kansas Medical Center
1020 Taylor, 3901 Rainbow Blvd
Kansas City, Kansas 66160
(913) 588-0966

Sara Honeck
Director of Student Financial Aid
University of Kansas Medical Center
3007 Student Center, 3901 Rainbow Blvd
Kansas City, Kansas 66160
(913) 588-5170

Last Review Date: March 13, 2011
Last Revision Date: March 13, 2011

     Last modified: Aug 26, 2011