University of Florida

About the Office

Privacy Facts

Policies and Procedures

Information Privacy Statement

Online/Internet Privacy Statement

Social Security Number Privacy

Report a Privacy Incident

Incident Report (pdf - 32k)

Complaint Form (pdf - 28k)

Identifying Privacy Violations

How to Report a Violation

Privacy Training

FERPA Training

HIPAA Training

Confidentiality Statement (Health)

SSN Training

Red Flag Rules

About the Office

Who We Are

Susan Blair,MSJ,MBA,CIPP,CIA: Chief Privacy Officer
Responsible for developing, implementing and enforcing policies and procedures for privacy and security of all personal information at the University of Florida.
sablair@ufl.edu (352) 273-5094

Mary Anne Norris,MIB,CIA: Privacy Auditor
Responsible for developing audit tools and for examining and analyzing the information privacy activities of the University of Florida.
manorris@ufl.edu (352) 273-5094

Everall Peele,MPH,RHIA,LHRM,CCS: Privacy Training Coordinator
Responsible for developing, implementing and monitoring privacy-related training programs at all levels.
epeele@ufl.edu (352) 273-5096

Caroel DeBose,MBA: Privacy Analyst
Responsible for developing, implementing and monitoring HIPAA-mandated projects for all affected UF workforce members.
cadebose@ufl.edu (352) 273-5092

Lisa Van Nocker: Administrative Assistant
Responsible for providing access to and monitoring the Online Disclosure Tracking System, and for maintaining the Privacy Incident Tracking Log.
lvan@ufl.edu (352) 273-5094

Office Location and Contact Info

The University Privacy Office is located on the 1st floor of the N-wing in the Medical Science Building. Room N1-008.

Phone: 352-273-5094
Toll-free (Hot-line): 866-876-HIPA
Fax: 352-392-6661
E-mail: privacy@ufl.edu

Our Mission

The mission of the Privacy Office is to ensure institutional compliance with federal and state privacy regulations, as well as industry standards, for restricted information; and to provide centralized resources, oversight and enforcement for privacy-related activities.

UF Privacy Organization Chart

Our Core Responsibilities

1. To develop, implement, and maintain University privacy-focused policies, procedures and guidelines that comply with statutory mandates and industry regulations.
2. To deliver privacy-related training and to oversee privacy program monitoring and enforcement as required by privacy statutes and standards.
3. To serve as the central contact and investigation authority for privacy complaints, incidents, and breaches. To coordinate the privacy notifications when required.
4. To evaluate opportunities to reduce privacy risks and to execute program modifications that advance overall privacy compliance.
5. To coordinate University medical records management and to provide consultation as University clinics transition to electronic medical record systems.

The Scope of Privacy Regulation at UF

Federal Statutes

• Communications-related Statutes
  • Children's Online Privacy Protection Act (COPPA)
  • Cable Communications Policy Act
  • Electronic Communications Privacy Act
• Family Education Rights and Protection Act (FERPA)
• Federal Privacy Act of 1974
• Finance-related Statutes
  • Fair Credit Reporting Act (FCRA)
  • Financial Services Regulatory Relief Act of 2006
  • Graham-Leach-Bliley Act (GLBA)
  • Right to Financial Privacy Act
• Health-related Statutes:
  • Americans with Disabilities Act
  • Federal Substance Abuse Record Confidentiality
  • Health Insurance Portability & Accountability Act (HIPAA) for University and Affiliated Covered Entities / medical components; Faculty Practice Plans (e.g. FGP, UFJP/JHI, etc.); Health Science Center Colleges (, Dentistry, Medicine, Nursing, Pharmacy, Public Health & Health Professions, Veterinary Medicine); College of Liberal Arts & Sciences (Speech & Audiology); Institute for Food & Agricultural Sciences (Dietetics); Student Health Care Center; Institutional Review Boards, Benefit and Disability Plans, and the UF Foundation
    • Organized Health Care Arrangement: Shands' Health Care System
    • Veterans' Administration Medical Center
    • Business Associates
• Patriot Act

Florida State Statutes

• Chapter 90: Evidence
• Chapter 390: Mental Health
• Chapter 395: Health Care Organizations
• Chapter 397: Substance Abuse
• Chapter 440: Worker's Compensation
• Chapter 456: Medical Records
• Chapter 458: Board of Medicine
• Chapter 501: Breach Notification
• Chapter 817: Privacy Breach Notification

International Regulations

• Canada: Personal Information Protection & Electronic Documents Act
• Council of Europe Convention for the Protection of Human Rights and Fundamental Freedom; European Union Data Protection Directive, Articles 1-33
• US Department of Commerce's Safe Harbor Privacy Principles
• Additional regulations in Argentina, Australia, Hungary, Iceland, Ireland, Japan, the Netherlands, and elsewhere.

Industry Standards

• Payment Credit Industry Data Security Standards (PCIDSS)

Frequently Used Sites

• News
• Calendar
• Directory
• MyUFL
• ISIS
• Web Site Listing
• Campus Map
• WebMail
• Ask UF

© University of Florida, Gainesville, FL 32611; (352) 392-3261.

General Site Information

• Contact
• Disability Services
• Privacy Policy
• Search

This page was last updated October 23, 2008.

This page uses Google Analytics (Google Privacy Policy)