Coordination and Responsibility

The coordinator of the Information Security Program at WMU is Charles Norton, Security and Privacy Officer. The coordinator for the Gramm-Leach-Bliley Act is the University Registrar; the HIPAA Security Officer is General Counsel; the Coordinator for FERPA compliance is the University Registrar; and the coordinator for the Identity Theft Prevention—Red Flags—program is the Controller.

The respective coordinators are responsible for the development, implementation and oversight of Western Michigan University's compliance with the policies and procedures required by the Gramm-Leach-Bliley Act Safeguards Rule, the Security Rule of the Health Insurance Portability and Accountability Act of 1996, the Family Education and Privacy Act of 1974 and the Identity Theft Rule as it relates to identity theft.

Although ultimate responsibility for compliance lies with the Information Security Program Coordinator and the respective Program Coordinators representatives from each of the operational areas are responsible for implementation and maintenance of the specified requirements of the security program in their specific operation.

A list of Western Michigan University HIPAA covered components and their representatives may be found at:

FERPA requirements and Identity Theft Prevention information may be found at the Registrar's Office website.

These lists—GLBA operational areas and their representatives and HIPAA covered components and their representatives—may be updated from time to time.

GLBA committee

The GLBA Standing Committee exists to ensure that this Information Security Program is kept current and to evaluate potential policy or procedural changes driven by GLBA. This committee includes the following individuals: the registrar, the director of internal audit, the security and privacy officer, the director of student financial aid, the director of accounts receivable, general counsel and representatives from other constituent groups across campus. Other individuals may be added as needed. This committee meets annually and as needed.

Questions regarding the GLBA impacts on business processes and policies should be directed to the Coordinator of the GLB Information Security Program.

HIPAA officers

The HIPAA officers from the various covered entities ensure that activities are sufficient for Western Michigan University to maintain compliance with the three segments of the HIPAA Administrative Simplification regulations: the Privacy Rule, Transaction and Code Set Standards and the Security Rule. Changes to the HIPAA Security Rule, which could impact the Information Security Plan, will be discussed during meetings of the HIPAA Officers.

Questions regarding HIPAA impacts on business process and policies should be directed to the HIPAA Privacy and Contact Officer.

 

Last revised: May, 2024