To identify information that would be considered confidential and to establish guidelines on the treatment and disclosure of confidential information.

It is the responsibility of all employees to protect against the unauthorized disclosure of confidential information.

1. Confidential information, materials, and records include but are not limited to:
   • payroll records and information regarding salary;
   • Social Security Numbers;
   • personnel records [See Policy U705 Employee Access to Personnel Records.];
   • computer system passwords and security codes;
   • research results not yet published, including manuscripts and correspondence;
   • budgetary, departmental, or University planning information;
   • litigation or other formal charges pending or in process and investigation of complaints;
   • patient care records including patient benefit plan enrollment, claims, billing matters, and data concerning research subjects;
   • student records;
   • donor and alumni information; and/or
   • medical information and information designated as "Protected Health Information" under the Health Insurance Portability and Accountability Act (HIPAA).
2. Information regarding an employee's salary, length of service, performance, medical information, or other personnel information should be treated as confidential information. [See Policy U204 - Reference and Background Checks.]
3. Without the expressed consent of a University student, the University will only make reference to, or release, electronic or published information that appears in the student directory or in other materials intended for public distribution. [See Student Information Manual to University Policies and Regulations]
4. Other inquiries regarding the confidentiality of University of Chicago student information must be referred to the Office of the Vice President and Dean of Students in the University.
5. Faculty, staff supervisors, and other responsible University officials are expected to identify confidential information and materials, and are to instruct their employees in the handling of such information and materials.
6. Confidential information should be kept in safe and secure places, and accessible only to those whose work requires them to access it. Paper records should be kept in secured cabinets.
7. Computerized records should have limited user access and computer display screens should be positioned so that only authorized users can view the data. Such users are responsible for securing their computers when they are left unattended.
8. Employees who are hired into positions that require the handling of confidential information are required to keep such information safeguarded and not to disclose it, except as permitted or required in the course of their job duties.
9. In many cases, the employee will be expected to attend training relevant to the information/materials being handled. Employees who are hired into positions that require adherence to government-mandated compliance [e.g., HIPAA, Medicare Compliance, grant and contract administration, pathogens or select agents] will be subject to strict procedures for handling such materials and will attend all mandated training sessions.
10. Inquiries from the news media [radio, television, newspapers, etc.] regarding University employees or confidential information should immediately be referred to the University News and Information Office.
11. Inquiries from attorneys should immediately be referred to the Office of Legal Counsel.
12. Inquiries from non-University law enforcement agencies should be immediately referred to the Executive Director of the University Police Department.
13. Inquiries from other outside agencies regarding University employees or others seeking confidential information should be referred to the Employee/Labor Relations Office for response or reference to the appropriate administrative office. Such agencies include, but are not limited to:
    • government agencies such as the FBI, Social Security Administration, Illinois Department of Employment Services (IDES), Equal Employment Opportunity Commission (EEOC), Illinois Department of Human Rights (IDHR), National Labor Relations Board (NLRB), Department of Health and Human Services (DHHS), Office of Civil Rights (OCR);
    • Police or other outside other law enforcement; and/or
    • credit bureaus, lending agencies [banks, mortgage companies].
14. Unauthorized disclosure of confidential information will result in serious disciplinary action, up to and including termination. [See Policy U703- Progressive Corrective Action.]
    

U204 Reference and Background Checks; U703 Progressive Corrective Action; U705 Employee Access to Personnel Records; Student Information Manual to University Policies and Regulations