The University of Texas System (UT) is one such system with more than 255,000 enrolled students and a $29.1 billion operating budget. It includes nine universities with the recent addition of Stephen F. Austin State University and five health institutions, according to its website.
It is comprised of more than a dozen federated institutions including health care. The most well-known of its health-care institutions may be MD Anderson Cancer Center, which falls under the purview of the Systemwide Compliance Office, where Chief Privacy and Data Protection Officer Cristina Blanton serves.
“The Systemwide Compliance Program supports … academic and health institutions as they work to promote a culture of ethical behavior and to ensure compliance with all applicable policies, laws and regulations governing higher education, research and healthcare,” according to the UT website.
Examples of such legal frameworks would be the Family Education Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The privacy officer — which differs from a legal officer — is responsible for the “development and implementation of the HIPAA policies and procedures” of the UT System due to its hybrid state.
Blanton explained the institutional structure and some of the challenges facing the vast community UT serves.
“For me, stakeholders are an evolving issue,” Blanton said recently at the inaugural Texas Higher Education IT Leadership Summit in Austin, put on by the Center for Digital Education.*
“We may have a different type of stakeholder depending on the project or the innovative, strategic initiative that we’re engaging in,” she said. “In one area, I may have stakeholders that are students and staff or faculty and in another, my stakeholders look completely different, it’s physicians and clinical researchers.”
A privacy officer must “have the ability to sort of bob and weave, if you will, among the different stakeholders who are always present. I think it's a really important component … for the collaborative nature that we have with all of our departments such as technology, IT, information security, legal, compliance, audit, etc.,” Blanton said.
She said in addition to health compliance, the university looks to facilitate:
- Classroom technology and instruction software and equipment
- How various departments and colleges adopt and deploy software
- Test taking and proctoring for virtual students
- How constituents are using artificial intelligence
“Those questions … bubble up at the system level,” Blanton said. “We want to ensure we give our experts in the institutions the most leading-edge information out there, so they can make informed, practical and legally responsible and ethical decisions as it relates to the data that they're capturing, viewing, sharing or creating innovations out of.
“Internally, however, I look at privacy as an ongoing education and awareness of our employees or staff or patients. We have an insurance plan that has over 208,000 members and their dependents. That's really important, right? All of that data, which is essentially our employee and their family members’ data, it’s really important to ensure that we have the right policies.”
*The Center for Digital Education is part of e.Republic, Industry Insider — Texas’ parent company.
