[unisog] [SAGE] Logging and privacy violations in education ( fwd)

Saracini, Bill SaraciniW at health.missouri.edu
Fri Dec 14 15:23:42 GMT 2001


The report noted below, is of particular interest to those higher ed
entities that have affiliated medical teaching hospitals.  The requirements
under HIPAA for audit and log monitoring will need to reconcile the issues
set forth regarding the FERPA protection that may need to be afforded logs
with medical student-identifiable information in them.  This is NOT a
trivial issue... 

Bill

William J. (Bill) Saracini
System Security Analyst
University of Missouri Health Care
DC017.00  QD 265D
573-884-2591 or page 573-441-4103
FAX 573-884-2650



> -----Original Message-----
> From:	Peter Van Epp [SMTP:vanepp at sfu.ca]
> Sent:	Wednesday, December 12, 2001 8:50 PM
> To:	unisog at sans.org
> Subject:	[unisog] [SAGE] Logging and privacy violations in education
> (fwd)
> 
> 	From the sage-members at usenix.org mailing list and likely of interest
> to everyone on this list as well ...
> 
> > 
> > I recently received this:
> > 
> >   AACRAO released the final report of the NSF-Lamp Project: Identifying
> Where
> >   Technology Logging and Monitoring for Increased Security End and
> Violations
> >   of Personal Privacy and Student Records Begin. November 20, 2001
> >   http://www.aacrao.org/publications/catalog/NSF-LAMP.pdf
> > 
> > It is long, discusses logging requirements and sharing of logged
> records,
> > as well as drawing conclusions.  It may be of interest to sysadmins in
> > general, I'm certain it should be of interest to sysadmins in education.
> > 
> > Tracy J. Di Marco White
> > Project Vincent Systems Manager
> > gendalia at iastate.edu
> > 
> 
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada



More information about the unisog mailing list