2.1.4.2.2: Procedures

2.1.4.2.2.1 Application

This policy is intended to specify the minimum requirements necessary for all departments at Spalding University to follow. More restrictive and detailed policies and procedures may be implemented by individual departments if desired. All student records confidentiality policies, including this one, must be clearly reviewed with each member of the department and such review acknowledged in writing and made part of the employee’s file. A copy of the policy should also be retained by the employee.

2.1.4.2.2.2 Access

1. Access. Only authorized personnel should have access to rooms or cabinets containing student records. Such rooms or cabinets should remain locked at all times unless information is being retrieved. Under no circumstances should such rooms or cabinets remain unlocked after normal business hours.

2. Removing Files. Department personnel are authorized to remove files from cabinets and storage rooms on an as-needed basis. The check out process for removing confidential records will be as follows:

a. A log book will be kept in the top compartment of each file cabinet or immediately inside the storage room door. Each time a file is removed or replaced, an entry will be made in the log. This log will contain the following information:

a. Student name on the confidential documents or records

b. Date and time that documents are removed

c. Date and time that documents are replaced

d. Name of personnel

b. Any files checked out must be kept locked in file cabinets or desk drawers at any time when not actively being used by department personnel. It is not acceptable for any file to be left unattended on the visible surface of a desk or table.

2.1.4.2.2.3 Computer workstations

All computers will be logged off or locked (not necessarily turned off) when the primary user is away from the workstation. In addition, all computers will be logged off, locked or turned off at the close of each business day.