SOP - Data Use Agreement

Service Description

As a user of information in the UNC Eshelman School of Pharmacy, your duties may involve developing, using, or maintaining University Sensitive Information (Tier 2 or 3) as described in the UNC Classification Standard. With such access comes the shared responsibility for maintaining the strict confidentiality, integrity, and authorized availability of such data as determined by the designated Data Steward. These responsibilities are described in the UNC Enterprise Data Governance Policy and Standard as well as summarized in the UNC Data Training.

UNC provides basic IT Security Awareness Training that all users of UNC information must complete annually; you should be reminded to complete this training when you renew your UNC ONYEN password. Depending on your role and access to University Sensitive Information (Tier 2 and 3), you may also be referred to additional trainings, such as: 

Student Records 

• Individuals with access to student education records as defined by the Family Education Rights and Privacy Act (FERPA) can find training and resources on the UNC Registrar's site. 

Health Information 

• Individuals with access to individually identifiable health information as part of an IRB reviewed research proposal can find training and resources on the UNC Privacy Office's site. 

Financial Information 

• Individuals who may come into contact with UNC customer credit card information protected under the Payment Card Industry-Data Security Standards can find training and resources on the UNC Finance site. 

If you have an affiliation with a covered entity or business associate as defined in the Health Insurance Portability and Accountability Act (HIPAA; e.g., the UNC School of Medicine, UNC Hospitals, or another health care provider) it is important to note that the UNC Eshelman School of Pharmacy is not a HIPAA covered entity (opens in a new tab) nor do our IT systems or services provide formal compliance with the HIPAA Security Rule. If you perform health care activities related to an affiliation external to the UNC Eshelman School of Pharmacy, you should consult that organization's IT support and/or Privacy Officer for guidance concerning data handling. You should not store Protected Health Information (PHI) associated with patient care activities on IT systems or services provided by the UNC Eshelman School of Pharmacy. 

If you have questions about these responsibilities or require assistance with fulfilling these responsibilities, you are responsible for proactively consulting with the information technology and security services by submitting a request via help.unc.edu. 

Audience

UNC Community

Expected Delivery

5 Business Days

Keywords

DUA, onboarding