Federal Regulations

Higher Education Opportunity Act of 2008 (HEOA), Peer-to-Peer File-Sharing Provisions

The HEOA P2P Provisions require an annual disclosure letter to students describing copyright laws, policies, and sanctions; a plan to "effectively combat" copyright abuse; and an agreement to offer legal alternatives for downloading copyrighted works.

The U.S. Department of Education has issued final HEOA compliance regulations (PDF) on its Web site.

ASU has published its HEOA Compliance Plan in accordance with the final regulations.

Annual Student Notification.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule

The Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

Under the federal definition for HIPAA covered entities, the type of data and how it is stored does not make you a covered entity. The exact definition states:

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. 

The full rule can be found at the U.S. Department of Health & Human Services Web site .

The HIPAA Compliance Brief can be found here:  HIPAA Compliance Brief

Final HIPAA Rule as of 1/25/2013

Guide to HIPAA Covered Entities

ASU HIPAA Business Associate Agreement Template (restricted viewing)

HIPAA Hybrid Entity Directory (restricted viewing)

Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

The full rule can be found at the U.S. Department of Education Web site .

The guidelines for reporting the loss, theft, or inappropriate disclosure of student education records containing personally identifiable information protected from disclosure by the federal Family Educational Rights and Privacy Act of 1974, can be found within the Student Services Manual:(SSM) 107-02.

Gramm Leach Bliley (GLB) ACT Information Security Plan

Arizona State University’s Information Security Plan (“Plan”) describes the University’s safeguards to protect information and data in compliance (“Protected Information”) with the Financial Services Modernization Act of 1999, also known as the Gramm Leach Bliley Act, 15 U.S.C. Section 6801.

The full details are available on ASU's privacy page.

Additional information on GLBA compliance is available on the FTC's GLBA Safeguards Rule compliance page.

The International Traffic in Arms Regulations (ITAR)

The US Department of State is responsible for the export and temporary import of defense articles and services governed by 22 U.S.C. 2778 of the Arms Export Control Act ("AECA"; see the AECA Web page) and Executive Order 13637. The International Traffic in Arms Regulations ("ITAR," 22 CFR 120-130) implements the AECA. Arizona State University is required to observe all ITAR regulations in dealing with research articles, that pertains to defense.  

More information about ITAR is available here: US State Department ITAR Information