University of Denver -- Privacy Policy

University of Denver Home Page

			Privacy Policy

				I. General Statement PRIVACY is a word that conjures up strong convictions and an emotional reaction from many of us. In the modern world, however, wondrous forms of electronic communication render the protection of privacy interests much more difficult. We in the university community are not immune from the lure of convenience and speed when we utilize our information technology and electronic communication tools. It is, of course, part of our mission to share knowledge and to collaborate within our academic community. In doing so, however, we must recognize that these modern devices are never completely secure. It is a fact of life that all computer systems and communication systems are the subject of constant probing by outsiders ranging from the curious to the criminal. The University of Denver will endeavor to take reasonable precautions to maintain privacy and security within the sphere of operations. The University cannot guarantee that these efforts will always be successful and, therefore, users must assume the risk of a breach of University privacy and security systems. Individuals are advised to be discreet and cautious in their use of our systems. The University of Denver Privacy Guidelines are reviewed periodically and may be modified in the discretion of the University. These changes will be posted on this site. II. Personal Information The University of Denver recognizes and respects the importance of confidentiality and security of personal information in this increasingly open electronic age. The University does not intend to sell, swap, rent, or otherwise disclose for commercial purposes, outside the scope of ordinary University functions, your name, mailing address, telephone number, e-mail address, or other information you provide. While the University makes reasonable efforts to protect information provided to us, we cannot guarantee that this information will remain secure and are not responsible for any loss or theft. III. Use of University Equipment and Software When an individual is connected to the University of Denver network or uses a University-owned computer, or other University-owned equipment, he/she agrees to abide by the rules and regulations of the University (see the University Acceptable Use Policy incorporated herein by this reference). While the University of Denver respects the desire and need for privacy in this setting, the University reserves the right, at all times, to search any and all hardware or software owned by the University, or connected to the University network, for the purposes of preventing or investigating improper or illegal use of University systems, or preventing or investigating system problems or efficiencies. In the course of an individual’s involvement with the University community, software or third party systems that are used may require the individual to divulge private or personal information. The University is not responsible for the content, use or privacy of this information. IV. University Website(s) When users visit the University of Denver website(s), the webmaster collects information concerning their Internet connection, which pages they visit on the site, the Internet Protocol Number (IP) from which they accessed du.edu, and other general information about their visit to the website. (Information associated with an individual IP Number may be used for internal diagnostics and investigation of misconduct or security issues.) The collection of this information is intended to help the University deliver efficient and useful service and it may be used to analyze trends, create summary statistics for determining technical design specifications, and to otherwise aid in monitoring system performance. Such information is stored on a temporary basis and the University will exercise reasonable care to release it only if legally mandated by law enforcement investigators, required by court proceedings, or it is deemed necessary to internal investigations of violations of University rules and regulations. The University does not intend to sell, swap, rent, or otherwise disclose for commercial purposes, information regarding the behavior, habits, or demographics of those who visit University controlled websites. Certain parts of the University website(s) may require tracking techniques to follow the user’s progress through courses, materials or programs or to verify information acquired from other sources. The University provides links to websites outside the du.edu network and is not responsible for the content or privacy policies of any website to which it may link. V. E-Mail The University does not intend to monitor the contents of e-mail sent to or from University servers, except to identify and correct problems with E-mail delivery or receipt, to work with email system problems, or to deal with misconduct or security issues. Electronic logs of who sends and receives e-mail through University servers are maintained for a short period of time. This information may be used to analyze trends, create summary statistics for internal planning purposes, and to otherwise aid in maintaining system performance and security. E-mail related information is stored on a temporary basis and may only be released if legally mandated by law enforcement investigators, required by court proceedings, or it is deemed necessary to internal investigations of violations of University rules and regulations. The names and e-mail addresses of University of Denver students, faculty, and staff are available in a searchable index. An individual may opt out of this index and have his/her name removed by contacting the Webmaster at webmaster@du.edu. VI. Questions About Our Online Privacy Policy If there are any questions or concerns about the University’s online privacy policy, the practices of the University’s website, or use of the website, please contact the Webmaster’s office by e-mail at webmaster@du.edu, or through regular mail at: Webmaster University of Denver University Technology Services 2343 E. Evans Ave. Denver, CO 80208 VII. Family Educational Rights and Privacy The University is bound by the Family Educational Rights and Privacy Act (FERPA) regarding the release of student education records and, in the event of conflict with the University Policy, FERPA will govern. A guide to understanding FERPA is available in the office of the Registrar. The full text of the University's policy with regard to FERPA can be found at http://www.du.edu/registrar/general/ferpa_student.html VIII. Health Records/ Information Users of the University Health and Counseling Center are protected under federal Health Insurance Portability and Accountability Act (HIPAA) regulations and state of Colorado laws regarding confidentiality of medical and mental health information/records. The full text of the University Health and Counseling Center’s policy can be found in Appendix A immediately following this document. IX. University Bookstore The University Bookstore online privacy policy is, by reference here, incorporated in the University of Denver Privacy Policy. The full text of the Bookstore’s online privacy policy can be found in Appendix B immediately following this policy. X. Release or Access All requests for release of or access to confidential information maintained in the records of the University must be directed to the office of the University’s Legal Counsel. Disposition of such requests will be made by the University’s Legal Counsel in consultation with the appropriate custodian of the particular University record(s). APPENDIX A UNIVERSITY OF DENVER STUDENT HEALTH and COUNSELING CENTER POLICY REGARDING CONFIDENTIALITY OF MEDICAL AND MENTAL HEALTH INFORMATION/RECORDS Unless otherwise required by law, confidentiality of any and all medical and mental health information about Student Health and Counseling Center patients, active and inactive, must be maintained at all times, except when a request is made for release of that information by appropriately executed written consent of the patient. In urgent situations, witnessed and properly documented verbal consent may be appropriate. In the case of patients less than 18 years of age, medical information may be released without consent to parents or legal guardians. However, medical information of a sensitive nature, i.e., information regarding sexually transmitted diseases, contraception, pregnancy, abortion, etc., may not be released without patient consent. Mental health information may not be released without specific consent. When a question exists as to whether or not medical or mental health information may be released to the parent or legal guardian, the Student Health and Counseling Center Director, or the Director’s representative, should be consulted before release of information occurs. “Medical and mental health information” includes all information present in the medical or mental health record, information given or received over the telephone, by facsimile, e-mail, or other forms of communication, and medical or mental health information acquired formally or informally by any means within and outside the Student Health and Counseling Center on a Student Health and Counseling Center patient. “Medical/mental health information” includes, but is not limited to, information about a patient’s physical or mental health condition, drug and alcohol use, and HIV status. Medical and mental health information may be released without documented patient consent to a provider treating a patient on an emergency basis. Information about whether or not a patient has been seen (“yes” or “no”) at the Student Health and Counseling Center for medical reasons cannot usually be released without patient consent, and request for that information should be evaluated and answered only on a case-by-case basis. For example, it might be appropriate to tell a coach or athletic trainer who has referred an athlete to the Student Health and Counseling Center for treatment whether or not the student has been seen. However, no other information can be given about the visit(s) without patient consent (if consent is present in the Department of Athletics and Recreation, it should be faxed over before the information is released). Other requests for information about whether or not a student has been seen should be referred to the Student Health and Counseling Center Director, or the Director’s representative, if patient consent is not available. No information about whether or not a student has been seen for mental health reasons should ever be given without specific patient consent, except to referring counselors/providers. Subpoenas for medical or mental health records, no matter how official in appearance, do not automatically trigger release of records. The Student Health and Counseling Center Director, or the Director’s representative, must be consulted before any release of medical or mental health records consequent to a subpoena. Requests for medical or mental health information about a patient from law enforcement officers, campus security officers, governmental agencies, etc., do not automatically allow release of that information. The Student Health and Counseling Center Director, or the Director’s representative, must be consulted before such information is released when written patient consent is not available. The release of information regarding MMR immunization status to the Registrar or other University officials is allowed without patient consent. Exceptions to the above policy/procedures may apply if a true medical or psychiatric emergency exists. These rare exceptions must be handled on a case-by-case basis and, whenever possible, be approved by the Student Health and Counseling Center Director or the Director’s designated representative. Whenever a request for release of medical or mental health information, written or verbal, generates questions about the appropriateness of that release and/or the situation is not addressed by the above policy/procedures, the Student Health and Counseling Center Director, or the Director’s representative, should be consulted before release of information occurs. Any release of medical or mental health information about a Student Health and Counseling Center patient or discussion of that information in any forum outside the Student Health and Counseling Center without proper authorization as described above constitutes a breach of confidentiality. Such breach of confidentiality by an employee is subject to serious disciplinary action by the University, up to and including immediate termination of employment. The University may also be subject to monetary fines under the law. The Student Health and Counseling Center follows all State of Colorado laws and federal HIPAA regulations governing the handling and release of medical and mental health information. For more information on State of Colorado health record laws, HIPAA regulations and your rights please contact the Student Health and Counseling Center : Physical Address: Office of Director University of Denver Student Health and Counseling Center 2240 East Buchtel Denver , CO 80208 Website: http://www.du.edu/duhealth/healthcenter/ Appendix B University of Denver Bookstore Website Privacy Policy I. General The University of Denver Bookstore has established this policy and is providing it to you so that you can understand the manner in which we use your information and the efforts we use to protect it. This policy works in conjunction with the overall University of Denver Privacy Policy. II. Service Provider The University of Denver Bookstore’s service provider is CampusHub. The University is not responsible for the content or privacy policies of CampusHub or any website to which it may link. III. Personal Information The University of Denver Bookstore is aware of and concerned about your interest in keeping your private information confidential. The University of Denver Bookstore will endeavor to take reasonable precautions to maintain privacy and security within the sphere of operations. We cannot guarantee that these efforts will always be successful and, therefore, users must assume the risk of a breach of University Bookstore privacy and security systems. Individuals are advised to be discreet and cautious in their use of our systems. A. Your email Address The University does not intend to sell, swap, rent, or otherwise disclose for commercial purposes your email address with third parties, unless required for system functionality or other fundamental usage requirements. The Bookstore does not intend to send you “junk” email or messages that do not relate to the purpose of your original communication with us. B. Your Credit Card Information The University of Denver Bookstore has undertaken procedures to provide security for our credit card transactions. While we endeavor to protect the security and validity of your transaction, we cannot guarantee that these efforts will always be successful and, therefore, user must assume the risk of a breach of our systems. C. Other Personal Information Personal information pertaining to your account can be accessed and changed whenever you sign into the University of Denver Bookstore site and go to your account. Categories of information kept in your account profile may include, but are not limited to, the following: name, daytime phone number and complete address. D. Automatic Information and Supplemental Technologies Please refer to the CampusHub independent privacy policy in regards to these specific topics [Online at http://www.thecampushub.com/html/privacy.html]. IV. Security and Confidentiality When you place an order with us using one of our security enhanced forms, the data you provide is typically encrypted by our server using SSL (Secure Socket Layer) technology. This encryption makes it difficult for a third party who would intercept the transaction to decipher it. If the web site address begins with https:// rather than http:// it has this security mechanism engaged. Security enhanced connections only protect the information as it is coming and going, not when it sits on the server. V. Third Parties The University does not intend to sell, swap, rent, or otherwise disclose for commercial purposes, information regarding the behavior, habits, or demographics of those who visit University controlled websites. Certain parts of the University website(s) may require tracking techniques to follow the user’s progress through courses, materials or programs or to verify information acquired from other sources. The University provides links to websites outside the du.edu network and is not responsible for the content or privacy policies of any website to which it may link. VI. Miscellaneous Provisions A. Notifications The University of Denver Bookstore does not intend to send you any notifications that do not pertain to the purpose of your communication with us. You are responsible for providing a valid email address and for updating it as your address changes. You may go into the site and change or update your personal information whenever you choose. Neither the University nor the Bookstore are responsible for notifications that are not received as a result of incorrect information provided by you. B. Modifications The University of Denver Bookstore Privacy Guidelines are reviewed periodically and may be modified in the discretion of the University. These changes will be posted on this site. VII. Contact For questions or more information on this policy please contact the University of Denver Bookstore: Physical Address: University of Denver Bookstore 2050 E. Evans Ave. Denver, CO 80208 Website: www.dubookstore.com Copyright © 2007 University of Denver, 2199 S. University Blvd., Denver, Colorado 80208 (303) 871-2000 All rights reserved.