• About Us
• Education
• Research
• Patient Care
• Community Service
• Administration
• Schools
• Hospitals
• Institutes & Centers
• Libraries
• Computer Resources
• News Room
• Publications
• Human Resources
• Job Openings
• Giving to UTHSC-H

University Website Privacy & Security Policy

The University of Texas Health Science Center at Houston (UTHSC-H) is committed to ensuring the privacy and accuracy of your confidential information. We do not actively share personal information gathered from our Web servers. However, because the university is a public institution, some information collected from our Web site, including the summary server log information, e-mails sent to the Web site, and information collected from Web-based forms, may be subject to the Texas Public Information Act. This means that while we do not actively share information, in some cases we may be compelled by law to release information gathered from our Web servers.

As part of our commitment to maintain the privacy of general public who utilize our Web sites, UTHSC-H has developed this privacy statement. The statement has two purposes:

1. To educate the general public about privacy issues
2. To inform the general public about specific privacy policies and guidelines employed at UTHSC-H.

UTHSC-H Web consists of hundreds of Web servers. Some servers hosted by the university may adopt more restrictive privacy statements as their specific needs require. If another UTHSC-H Web server has a privacy statement that is different from this statement, that policy must be approved by the Information Technology Security Core Team and then must be posted on that department’s site. However, those sites cannot adopt a privacy statement that in any way supersedes federal or state regulations.

University Web sites contain links to hundreds of external Web sites. The university is not responsible for the privacy practices or the content of external Web sites we link to (See Linking Policy.)

UTHSC-H complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of most education records without student permission. UTHSC-H also complies with state and federal regulations protecting personal health information of patients, employees and general Web site visitors.

Information We Gather

Our Web servers generate temporary logs that contain the following information:

• Internet address of computer being used
• Web pages requested
• Referring Web page
• Browser used
• Date and Time
• Unique person identifier

The data is used in aggregate by system administrators and Web content coordinators to tune the Web site for its efficiency and is not ordinarily associated with specific individuals. Summary reports produced from the logs help Web publishers determine what Web browsers and pages are most popular.

Cookies

Cookies are small pieces of data stored by the Web browser. Cookies are often used to remember information about preferences and pages you have visited. For example, when you visit some sites on the Web you might see a "Welcome Back" message. The first time you visited the site a cookie was probably set on your computer; when you return, the cookie is read again. You can refuse to accept cookies, can disable cookies, and remove cookies from your hard drive.

UTHSC-H Web servers use cookies in the centralized authentication system called LDAP. These cookies are used so you will not have to repeatedly enter user names and passwords when you go to different parts of the Web site. You are normally required to authenticate against the LDAP when you request data about yourself or to ensure that you are a member of the university community. This login process uses Secure Sockets Layer (SSL) so the user name and password are encrypted between the Web browser and our Web server.

Some Web servers within UTHSC-H may also use cookies to retain user preference information. It is against university policy to share this information with external third parties.

Security and Accuracy of Confidential Information

The university does its best to ensure that the personal information we have about you is accurate. Although no computer system is 100% secure, UTHSC-H has deployed extensive security measures to protect against the loss, misuse, or alteration of the information under our control.

E-commerce

Some sites within UTHSC-H enable you to pay for products or services online with a credit card. Unless otherwise noted, these transactions are encrypted. It is university policy that confidential information you enter in the transaction is used only for the purposes described in that transaction, unless an additional use is specifically stated on that site.

Sharing of Information

UTHSC-H does, upon explicit request of users, share information with other parties and gather information from other private data providers. For example, the university receives test scores from testing agencies and will send transcripts to other schools. This is done only at the request of users (persons to whom the information applies). Unless specifically required under public information requests filed under the Texas Public Information Act (Government Code, Chapter 552, also known as the Texas Open Records Act) or compelled under other legal processes, it is against university policy to release confidential information gathered through the Web, such as pages visited, or personalized preferences.

Consistent with FERPA, we do not release personal student information, other than public directory information, to other parties unless we receive explicit written authorization to do so. Enrolled students can restrict release of their directory information by contacting the Office of the Registrar.

Public Forums

UTHSC-H may make some public chat rooms, forums, message boards, and news groups available to its users. The university does not ordinarily log data transactions during usage of these systems, however, any information that is disclosed in these areas becomes public information and you should therefore exercise caution when deciding to disclose your confidential information in such places.

Academic chat sessions and discussion forums, such as those using student course management software, may be logged. At the same time, these educational records may be protected from disclosure by FERPA or other statutes.

Online Surveys

UTHSC-H is a research institution. At any time there are numerous online surveys being conducted on the university's Web site. It is university policy that confidential information gathered in these online surveys is used only for the research purposes indicated in the survey. Unless otherwise noted on the specified survey, your answers are confidential and individual responses will not be shared with other parties unless required by the Texas Public Information Act. Aggregate data from surveys may be shared with external third parties.

Open Records Requests, Texas Public Information Act

All information collected from the UTHSC-H Web site, including the summary server log information, e-mails sent to the Web site, and information collected from Web-based forms, may be subject to the Texas Public Information Act and other statutes governing the confidentiality and release of information.

FERPA gives students the right to be informed about the information that UTHSC-H collects about them, the right to request a copy of that information and to have the university correct any information that is wrong.

All requests for public information should be forwarded to the university's Public Information Officer:

Kevin Dillon
The University of Texas Health Science Center at Houston
c/o Devin S. Longuet, J.D.
Office of Legal Affairs and Institutional Compliance
PO Box 20036
Houston, TX 77225

Questions

If you have questions about this privacy statement or you believe that your personal information has been released without your consent send e-mail to legal@uth.tmc.edu.

Governing State of Texas policies: Texas Administrative Code 206.3

Date Modified: 09/04/2007