IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Inside the Work of the Vast University of Texas System’s Chief Privacy Officer

The large system has legal officers throughout, but legally must have a privacy officer for federal compliance.

University of Texas at Austin campus.
Shutterstock/f11photo
A higher education and health-care institute involves immense, diverse privacy needs, and there is a balancing act between serving constituents while complying with local or national — and potentially international — rule-making bodies.

The University of Texas System (UT) is one such system with more than 255,000 enrolled students and a $29.1 billion operating budget. It includes nine universities with the recent addition of Stephen F. Austin State University and five health institutions, according to its website.

It is comprised of more than a dozen federated institutions including health care. The most well-known of its health-care institutions may be MD Anderson Cancer Center, which falls under the purview of the Systemwide Compliance Office, where Chief Privacy and Data Protection Officer Cristina Blanton serves.

“The Systemwide Compliance Program supports … academic and health institutions as they work to promote a culture of ethical behavior and to ensure compliance with all applicable policies, laws and regulations governing higher education, research and healthcare,” according to the UT website.

Examples of such legal frameworks would be the Family Education Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The privacy officer — which differs from a legal officer — is responsible for the “development and implementation of the HIPAA policies and procedures” of the UT System due to its hybrid state.

Blanton explained the institutional structure and some of the challenges facing the vast community UT serves.

“For me, stakeholders are an evolving issue,” Blanton said recently at the inaugural Texas Higher Education IT Leadership Summit in Austin, put on by the Center for Digital Education.*

“We may have a different type of stakeholder depending on the project or the innovative, strategic initiative that we’re engaging in,” she said. “In one area, I may have stakeholders that are students and staff or faculty and in another, my stakeholders look completely different, it’s physicians and clinical researchers.”

A privacy officer must “have the ability to sort of bob and weave, if you will, among the different stakeholders who are always present. I think it's a really important component … for the collaborative nature that we have with all of our departments such as technology, IT, information security, legal, compliance, audit, etc.,” Blanton said.

She said in addition to health compliance, the university looks to facilitate:
  • Classroom technology and instruction software and equipment
  • How various departments and colleges adopt and deploy software
  • Test taking and proctoring for virtual students
  • How constituents are using artificial intelligence
She discussed the health-care privacy for patients wearing heart monitors, students wearing fitness trackers and students requiring vaccines such as meningitis.

“Those questions … bubble up at the system level,” Blanton said. “We want to ensure we give our experts in the institutions the most leading-edge information out there, so they can make informed, practical and legally responsible and ethical decisions as it relates to the data that they're capturing, viewing, sharing or creating innovations out of.

“Internally, however, I look at privacy as an ongoing education and awareness of our employees or staff or patients. We have an insurance plan that has over 208,000 members and their dependents. That's really important, right? All of that data, which is essentially our employee and their family members’ data, it’s really important to ensure that we have the right policies.”

*The Center for Digital Education is part of e.Republic, Industry Insider — Texas’ parent company.
Rae D. DeShong is a Dallas-based staff writer and has written for The Dallas Morning News and worked as a community college administrator.