University of Rochester

Working at the University

Code of Conduct for Business Activities

II. D) Confidential or Privileged Information

Employees must not use for personal gain or other unauthorized purposes, confidential or privileged information acquired in connection with the individual's University-supported activities. Confidential or privileged information includes, but is not limited to, documents so designated, medical, personnel, or security records of individuals; student records; anticipated material requirements or price actions; knowledge of possible new sites for University-supported operations; and knowledge of forthcoming programs or of selections of contractors or subcontractors in advance of official announcements.

The following principles apply:

Unauthorized access and/or disclosure of confidential information will result in disciplinary action, up to and including termination of employment and may also result in civil or criminal penalties under federal, state or local law.

Patient Information: For more on confidentiality polices and procedures, see (http://www.urmc.rochester.edu/urmc/pol/compliance/code.html). For more information regarding Protected Health Information, see (http://intranet.urmc.rochester.edu/HIPAA/) as well as the Strong Memorial Hospital Policy Manual, Section 6.

Student Information: The University of Rochester complies fully with the provisions of the Family Educational Rights and Privacy Act (FERPA), and the New York State education laws. See Section V-B of the Faculty Handbook for detailed information.

Code of Conduct: Section by Section