The University of Oklahoma (OU) is committed to protecting the privacy rights of those who provide it with personally identifiable information (PII), whether students, faculty, members of the staff, patients or visitors. OU will only collect data necessary to conduct or improve its educational services, operations or experiences or for which it has a clear purpose. OU is committed to ensuring that any personal information you entrust to it will be used only to conduct its official business and will not be distributed to unaffiliated third parties, except as described in the policy. OR closely monitors the storage of personal information to ensure that it is in the fewest possible locations and that those locations are equipped with appropriate protection against unauthorized access.
OU patient information is Protected Health Information (PHI) protected by Public Law 104-191, the Health Insurance Portability and Accountability Act 1996 (HIPAA) and applicable provisions health information technology for economic and clinical health (HITECH). When collecting PII, our Services may also collect PII. Just as OU strives to protect personal information, it is committed to protecting personal information. PHI will be kept confidential and will only be used or disclosed as detailed in the OU’s Notice of Privacy Practices. Additional details can be found below in the HIPAA section.
This policy applies to all websites, applications, electronic forms, communications and the like (together, the “websites”) owned, rented or provided by OU, including the Norman, Health Sciences Center and Tulsa campuses and their sites. distant. (together, “OR”).
The Data Protection Officer, with the assistance / support of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Officer, is responsible for administering and ensuring this policy is maintained. compliance.
It is OU policy that PII and PHI may be collected through the information provided on any OU website.
Political level: 3
Approval Authority: President
Date of approval :
Expert department in the field: Data Protection Officer
Date of last examination:
Next exam date:
- Collection and use of personally identifiable information
- What is Personally Identifiable Information (PII)?
Personally Identifiable Information (PII) is any information that directly identifies you or allows you to be identified. OU may obtain, store and process personal information collected through its websites. This may include information about you that can be identified, directly or indirectly, by reference to information collected such as an identification number; location data; an online tag (often called an identifier); or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
- How does the OU collect PII?
In general, OU collects and processes two types of information through its websites: (1) information that you voluntarily provide in order to receive the information and / or services requested, and (2) information collected automatically during your browsing on any of its websites (usually via web browser cookies and web beacons). By using an OR website or completing an OR electronic form, you consent to the collection and use by OU of the personal information included.
- Why does the OU collect PII?
The personal information collected is used only for administrative, educational and / or research purposes and in the pursuit of the mission of the OU. Such use is necessary for the legitimate interests of OU, including the accomplishment of its teaching and research mission; carry out its activities; comply with legal and contractual obligations; protect your vital interests or those of someone else; and / or for the public interest.
- OU does not sell any PII collected on its websites.
OR may disclose your information to third parties in accordance with applicable law or in specific circumstances:
- Consent / Authorization: OU may disclose your information to third parties if it has your written authorization to do so.
- Service Providers: OU may share your information with third parties in order for those third parties to provide services and / or products, support its operations, help fulfill its obligations or in accordance with the contract.
- Required by Law: OR may share your information with third parties if required by law, court order, subpoena, or other legal process.
- Anonymized and Aggregated: OU may use and disclose your information in non-identifiable or summary form without limitation.
- Security, retention and disposal of your information
OU recognizes and respects the importance of the privacy and security of personal information in this increasingly open electronic age. While OU makes reasonable efforts to protect the information provided to us, OU cannot guarantee that such information will remain secure and is not responsible for any loss or theft. OU uses technical, physical and organizational security measures designed to protect the personal information it processes and to mitigate risks as appropriate to the nature of the data and in accordance with applicable legal requirements. OU retains or disposes of PII in accordance with applicable policies, as well as applicable state, federal and international requirements.
If you share personal information, including photographs, on any website, social network, blog, or other OR forum, the information you submit may be read, viewed, collected or used by other users who may use them to contact you or send you unsolicited messages. The OU has no control over these actions. OU is not responsible for the personal information you choose to provide in these forums.
III. Third party sites and third party hosting
Sites owned or hosted by OU may contain links to external sites hosted outside the OU’s domain. When you use such links, you are leaving OU-controlled websites. OU is not responsible for the privacy practices or the content of websites outside of its domain.
OU may contract with one or more third parties to maintain and host its website (s). Accordingly, any information you submit, including personal information, may be placed and stored on a computer server maintained by that third party. Your use of the website constitutes your acknowledgment that such information or content may pass through and be stored on servers outside of OU’s control. OU has no obligation or liability for any such transmission or storage thereof.
IV. Family Education Rights and Protection of Privacy Act (FERPA)
OR complies with all aspects of Public Law 93-380, the Family Education Rights and Protection of Privacy Act. Click here for more information.
- Children’s Online Privacy Protection Act (COPPA)
OR does not knowingly collect or use any PII from children (defined by COPPA as minors under the age of 13) on its websites. OR does not knowingly allow children to communicate with it or use any of its online platforms. If you are a parent and learn that your child has provided OU with personal information, please use one of the contact methods specified in this document to communicate any concerns.
VI. Health Insurance Portability and Liability Act (HIPAA)
The designated healthcare components of the OU will share protected healthcare information, as that term is defined in law, of patients, research participants and healthcare registrants only in accordance with the Law on portability and liability in Medicare (HIPAA) and other state, federal, and international laws. See https://apps.ouhsc.edu/hipaa/npp.asp.
- The equality of chances
OR complies with all applicable federal and state laws and regulations. OR does not discriminate on the basis of race, color, national origin, sex, sexual orientation, genetic information, gender expression, age, religion , disability, political beliefs or veteran status in any of its policies, practices or procedures. This includes, but is not limited to, admission, employment, financial assistance, housing, services in educational programs or activities, or health services provided by the OU.
- European Union General Data Protection Regulation (GDPR)
Subject to certain limitations and conditions, if you are considered a data subject under the European Union General Data Protection Regulation, you have certain rights in relation to the processing of your personal information, including the right to request access, correct, delete, restrict or object to our processing or receipt of a portable copy of your personal information. A data subject can exercise these rights by contacting [email protected] Please note, however, that the right to erasure of personal data can only be exercised in very rare circumstances where OU has no legitimate reason to continue to hold / process such data, including legitimate reasons such as defense of legal claims. The OU is generally required to maintain basic student records and employment records in accordance with its records retention policy and legal requirements. A data subject has the right to lodge a complaint with a local data protection or privacy regulator.
The personal information of a data subject may be transferred, stored and processed in a country which is not considered to offer the same level of protection of personal information as the laws of the European Union. OU has put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements in order to provide adequate protections for your personal information protected by the GDPR. For more information on the guarantees put in place by OU in connection with a data transfer, contact [email protected]