What are the important laws and regulations that govern my use of Harvard Confidential Information?

A few of the laws that are important to know about are those that govern student information, personally identifiable information (Harvard refers to this as High Risk Confidential Information) and medical record information. Harvard Office of the General Counsel (OGC) may be consulted about compliance with the laws and regulations that are relevant to the Harvard community.

Family Education Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act is a federal law governing the maintenance and disclosure of records maintained by schools that can be identified with any specific student.  At a general level, students have the right to see their own educational records and those records can’t be disclosed to anyone else without the student’s consent. 

MA 201 CMR 17

The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents. The law is more formally known as "Standards for The Protection of Personal Information of Residents of the Commonwealth" (or 201 CMR 17).

HIPAA (Health Insurance Portability and Accountability Act)

This is a federal law that protects the privacy and security of individually, identifiable, health information. HIPAA defines individually, identifiable, health information as medical records, including medical history, diagnosis and treatment; payment information, including bills, receipts and explanation of benefits; and ancillary services, including x-rays and labs. HIPAA also protects demographic information, such as date of birth and social security number when it is maintained with health information.