Search38 Results

This Policy prohibits (i) all forms of Discrimination and Harassment based on Protected Status; (ii) Sexual Violence and Sexual Exploitation, (iii) Stalking and Interpersonal Violence, which need not be based on an individual’s Protected Status; (iv) Complicity for knowingly assisting in an act that violates this Policy; and (iv) Retaliation against an individual because of their good faith participation in the reporting, investigation, or adjudication of violations of this Policy.

This policy addresses access, disclosure and use of protected health information (defined below) for University research (including research in the School of Medicine, which is part of the UNC Health Care System HIPAA covered entity) in accord with the Privacy regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The University of North Carolina at Chapel Hill (The "University" or "UNC-Chapel Hill") has a responsibility to protect the privacy and security of protected health information ("PHI") that it creates, receives, accesses, maintains, uses or transmits. Inappropriate access, use, or disclosure of PHI may cause substantial harm to individuals whose information is used or disclosed, and may cause financial and reputational injury to the University.

The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HIPAA") established Federal standards for safeguarding the privacy of individually identifiable health information. HIPAA mandates rigorous compliance with the requirements for the use and/or disclosure of protected health information ("PHI").

This Standard defines the minimum security standards “MSS” for Information Technology systems in use at UNC-Chapel Hill including personal and University-owned devices and third-party systems. Units within the University may apply stricter controls to protect information and technology in their areas of responsibility. The standard applies to each person in the University community and their devices. Please see the “Exceptions” section for phased implementation options through 2027.

Every two years after completion of the initial P-Card Accountholder training, P-Card accountholders must complete mandatory online refresher training. The training covers applicable restrictions, policies and reconciliation procedures. Accountholders are also required to pass an associated quiz.

Public trust in the integrity and ethical behavior of scholars must be maintained if research is to continue to play its proper role in our University and society. While the primary responsibility for maintaining integrity in research rests with those who conduct it, the University has established standards to ensure a healthy environment for research and compliance with law.

This document sets forth the standards of research conduct expected of members of the research community at The University of North Carolina at Chapel Hill, consistent with the Research Code of Conduct Policy.

The University of North Carolina at Chapel Hill, as one of the leading public research universities in the nation, is committed to maintaining the integrity and validity of the academic research conducted by faculty, staff and students. The guiding principles and standards set forth in this policy are in alignment with the University's goal to continually improve and to maintain its status as a world-class research university attracting the best faculty, staff and students.

This standard sets a minimum baseline for managing vulnerabilities on any UNC-Chapel Hill system required by the UNC-Chapel Hill Information Security Controls Standard to be scanned for vulnerabilities. Please see the “Exceptions” section for phased implementation through 2026.

To describe minimum requirements for members of the University of North Carolina at Chapel Hill ("University" or "UNC-Chapel Hill") experiencing a concern that might indicate a Possible Information Security Incident. To specify Information Security Incident authority and role requirements for Information Security Incident Handlers and Information Security Liaisons.

This Policy outlines the requirements for the establishment of an evaluation cycle for the review of the School of Medicine’s student competencies and enabling competencies based on the School of Medicine’s curriculum and education phases.

This School of Medicine (SOM) Unit Policy establishes the mechanisms by which students, faculty, preceptors, fellows and residents learn about the SOM’s competencies, enabling competencies and learning objectives for each required learning experience.

To provide guidance for individuals and units on responsibilities for managing suppliers of Information Technology (IT) services, software, and systems. To manage risk to university information and other assets by creating clearer communication and understanding between vendors and University staff. To define required security controls monitoring activities.

Failure to protect information through the use of strong passwords/pass-phrases and additional authentication methods may result in incidents that expose sensitive information and/or impact mission-critical UNC-Chapel Hill services. This Standard outlines minimum requirements for authentication mechanisms for information systems under the University's control and password strength and other requirements for accounts on University systems and accounts that use University data.