Download eBook (PDF) - Red Gate Software

1 – Understanding Sensitive DataAccording to the United States Department of Health and Human Services'Privacy Rule of the Health Insurance Portability and Accountability Act(HIPAA) the data that is considered protected within this rule are:• Information that identifies an individual.• An individual's medical condition.• An individual's health care history.• An individual's history of payment for health care.In the United Kingdom Act of Parliament titled the Data Protection Act of1998 the protection of sensitive personal data includes the condition of anindividual's mental or physical health.Access control is a critical aspect of maintaining this type of data in a database.Many times this data is requested by researchers. For their purposes access toaggregated data is sufficient. This aggregated data should not includeidentifiable or other sensitive data.Student Education DataStudents have a unique set of data that is considered sensitive, beyond thestandard identifiable data, such as federal tax identification number, name,address and birth date.In the United States, any educational agency or institution that receives FederalFunding by the United States Department of Education is subject to the FederalEducational Rights and Privacy Act (FERPA). This law is designed to protectthe privacy of students.In this act, a school must seek permission from the student to disclose theiracademic data to another party. This data includes:• Student's grade history.• Focus of study.• Attendance of official school events.• Personal information such as government assigned identification andaddress information.• Disability records.In addition to FERPA, there is the Children's Online Privacy Protection Act of1998 which is designed to prevent identifiable information about children,under the age of thirteen, from being published on a website or an onlineservice, such as e-mail, message board or chat room. This information includes:27