Faculty and Staff Training and Education
Faculty and staff handle and have access to protected information in order to perform their job duties. This includes permanent and temporary employees as well as graduate assistants and other Â鶹´«Ã½ employees, whose job duties require them to access protected information or who work in a location where there is access to protected information.
Departments are responsible for maintaining a high level of awareness and sensitivity to safeguarding protected information and should periodically remind their faculty and staff of its importance. Seemingly minor changes to office layout and practices could significantly compromise protected information if a culture of awareness is not present.
Each department representative is responsible for ensuring that all staff and faculty are trained in the relevant GLBA, HIPAA, FERPA, and Identity Theft Prevention concepts and requirements. Training materials relative to GLBA, HIPAA, FERPA and Identity Theft Prevention have been developed by the Information Security Committee.
Upon approval by the GLBA committee, the HIPAA Privacy and Contact Officer for HIPAA and by the University Registrar for FERPA, these training templates and other materials may be tailored by each department to reflect their individual training needs. Training may be delivered in a variety of ways that meet the department's objectives. Departments are responsible for maintaining records of staff that have received training and must be able to produce written copies upon request.
Upon completion of the appropriate training modules provided by WMU, designated employees will be required to complete a short quiz which demonstrates mastery of GLBA and/or other security-related topics. Records of those who complete such training should be maintained in departmental files by the appropriate GLBA, HIPAA or FERPA representative in respective units.
These records need to be maintained and available for audit for a period of three years from the date of the record's creation or the date when it was last in effect, whichever is later.
Last revised: February 2019