What is PSI (Private Sensitive Information)?
Personal information that, if exposed, can lead to identity theft.
"Personal information” means the first name or first initial and last name in combination with and linked to any one or more of the following data elements about the individual:
- Social security number;
- Driver’s license number or state identification card number issued in lieu of a driver’s license number;
- Passport number; or
- Financial account number, credit card or debit card number, or financial account access codes.
Student record information protected by FERPA.
ISU Student Records are maintained in accordance with the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. §1232g; 34 CFR Part 99). This includes student education records combined in any way with any unique identifying number, characteristic, or code that makes a student's identity easily traceable.
Heath information protected by HIPAA.
ISU maintains “individually identifiable health information” in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (45 CFR Parts 160, 162, and 164). HIPAA was designed to improve people's access to health care, as well as provide requirements for health care providers and health plans (insurers) to more efficiently and securely share health care data and information.
Under HIPAA, Protected Health Information (PHI) is confidential, personal, identifiable health information about individuals that is created or received by a health care provider or health plan and is transmitted or maintained in any form. Data gathered during a patient-provider relationship is considered PHI. "Identifiable" means that a person reading this information could reasonably use it to identify an individual.
HIPAA affects many of the University's clinics which provide health care. However, other ISU units may have access to and/or receive certain health information and also have responsibilities under HIPAA, (for example, those units performing research and education). The University is committed to protecting the confidentiality of patient information and complying with Federal and State regulations regarding PHI.
Health records maintained in student files, i.e., immunization history, that are provided by the student for educational purposes are not considered PHI. Such information becomes part of a student record and is covered by FERPA.
For information and guidance on HIPAA protected data visit the US Department of Health and Human Services' website.