Mt. Hood Community College shall implement a combination of policies, regulations, guidelines, and physical measures to sufficiently reduce (mitigate) the security vulnerabilities and risks to a reasonable level in compliance with MHCC’s standards, as well as governmental requirements (HIPAA, FERPA, Department of Education). MHCC shall utilize security suggestions from NIST, ISO and other information security providers as needed.

Definitions

FERPA – The Family Education Rights and Privacy Act is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

HIPAA – The Health Insurance Portability and Accountability Act of 1996 was enacted by the United States Congress and signed by President Bill Clinton in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

ISO – The International Organization for Standardization is an international standard-setting body composed of representatives from various national standards organizations.

NIST – The National Institute of Standards and Technology is a measurement standards laboratory and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. Some federal government agencies are required to follow NIST standards including the Department of Education.

PCI – The Procurement Card Industries have regulations that if MHCC meets reduce the cost of credit card transactions.

END OF POLICY

Legal Reference:
15 U.S.C. 6801-09
16 CFR Part 314
FERPA (20 U.S.C. 1232g; 34 CFR Part 99)