UITS

At IU, what data elements are considered institutional data?

On this page:


Overview

According to Indiana University's Management of Institutional Data (DM-01) policy, the term "institutional data" applies to any information (in any form, location, or unit) that satisfies at least one of the following criteria:

  • It is created, received, maintained, or transmitted as a result of educational, clinical, research, or patient-care activities.
  • It is substantive, reliable, and relevant to the planning, managing, operating, documenting, staffing, or auditing of one or more major administrative functions of the university.
  • It is used to derive any data element that meets the above criteria.

The Committee of Data Stewards is responsible for establishing policies, procedures, and guidelines for managing institutional data at IU. Each Data Steward has management and policy-making responsibilities for specific data subject areas (e.g., student data, Human Resources data, faculty data, medical data, and research data, among others).

Data Managers, located in functional offices across the university (e.g., Admissions, Purchasing, Registrar, and Student Financial Aid, among others), are responsible for reviewing and approving requests for access to university information systems, and for ensuring that users of those systems receive appropriate orientation and training.

Back to top

Official classification levels

The Committee of Data Stewards and the University Information Policy Office (UIPO) have defined official classification levels for institutional data, in accordance with IU policy.

Following, from least sensitive to most sensitive, are the official data classification levels for institutional data at Indiana University:

  • Public: Few restrictions apply; public data generally can be released to the public upon request (e.g., name, jobs title, compensation, and business address)

    Note: If you receive a request for data classified as "Public", contact the appropriate Data Steward for advice. If the request is made pursuant to the Access to Public Records Act (Indiana Code 5-14-3), contact the Office of the Vice President and General Counsel (OVPGC), as well as the appropriate Data Steward, for advice.

  • University-internal: Anyone employed by IU on a part-time or full-time basis, or working under contract for IU, may access these data elements for the purpose of conducting university business (e.g., IU ID number, prior name, and part-time or full-time employment status)

    Note: Data classified as "Public" are freely available within the university but are not available to the general public. Proper access controls (i.e., permissions) must be set to prevent inappropriate access.

  • Restricted: Due to legal, ethical, or other constraints, this information may not be accessed without specific authorization, or only selective access may be granted (e.g., date of birth, home phone number, marital status, and military status)
  • Critical: Inappropriate handling of this information may result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, or unauthorized access by an individual or many individuals (e.g., student loan information, Social Security number, driver's license number, passport or Visa number, and state ID card number)

    Note: Personal health data protected by the Health Insurance Portability and Accountability Act (HIPAA) Security Rule are classified as "Critical". For help determining which data elements classified as "Critical" are considered protected health information (PHI), see Which data elements in the classifications of institutional data are considered protected health information (PHI)?

For more, see Classifications of Institutional Data.

Back to top

Standards for managing institutional data

The IU Committee of Data Stewards and University Information Policy Office (UIPO) have established official standards for managing institutional data that apply to all all users and administrators of IU information technology resources. These standards include rules for managing access, maintaining data integrity and security, manipulating and extracting data for reports, and choosing appropriate locations and methods for storing various institutional data elements.

If you work with institutional data at IU, you are responsible for meeting the university's official data management standards to prevent the inappropriate disclosure of personal or confidential information. For details, see Standards for Management of Institutional Data.

Especially stringent standards apply when working with sensitive institutional data (i.e., data elements classified Restricted or Critical). Always follow best practices when storing sensitive institutional data; for example:

For more on best practices for handling sensitive institutional data, see:

Back to top

Getting help

If you have questions about IU's classification of data elements, contact the appropriate Data Steward.

For help determining the highest classification of institutional data you can store on any given UITS service, contact the University Information Policy Office (UIPO), or see At IU, which dedicated file storage services and IT services with storage components are appropriate for sensitive institutional data, including ePHI research data?

The UITS Advanced Biomedical IT Core provides consulting and online help for Indiana University researchers who need help securely processing, storing, and sharing ePHI research data. If you need help or have questions about managing HIPAA-regulated data at IU, contact the ABITC. For additional details about HIPAA compliance at IU, see HIPAA & ABITC and the Office of Vice President and General Counsel (OVPGC) HIPAA Privacy & Security page.

Back to top

This is document avqg in the Knowledge Base.
Last modified on 2014-11-10.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.