Clery Policy

The requirements in this policy are designed to facilitate USC’s compliance with the “Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act of 1998,” (the “Clery Act”). The Clery Act requires USC to disclose specified crime report statistics on and near its campuses, to provide other safety and crime information to the campus community in an accurate, complete, and timely manner, and to maintain written policies and procedures implementing the Clery Act.

Protection of Social Security Numbers and Other Restricted Information

USC receives and collects Restricted Information, as defined below, from and about students, faculty and staff employees, patients, and business partners, among others, in order to provide academic and clinical services and/or to conduct business operations. USC will use, store and transmit “Restricted Information” responsibly and in compliance with federal and state laws and regulations.

Payment Card Industry Data Security Standards

The university is committed to compliance with the Payment Card Industry (PCI) Data Security Standard, a standard adopted internationally by the major credit card brands (e.g., Visa, MasterCard, Discover, and American Express) to protect credit card data, regardless of where that data is processed or stored (“PCI Standard”).

HIPAA RES-301 Uses and Disclosures of Protected Health Information for Research Purposes

Federal and state regulations govern the protection of human subjects in research. While these regulations provide for some patient confidentiality protections, the HIPAA Privacy Rule adds additional privacy protections for human subjects and establishes the conditions under which protected health information (“PHI”) may be used or disclosed
by the University of Southern California (USC) for research purposes.

HIPAA CLIN-201 Use of Protected Health Information for Treatment Payment and Health Care Operations

University of Southern California (USC) is permitted to use and disclose an individual’s Protected Health Information for treatment, payment and health care operations, provided: USC gives patients a Notice of Privacy Practices (Notice), which
describes the ways in which USC may use patients’ PHI; USC makes a good faith effort to obtain written acknowledgement of receipt of the Notice; and USC only uses and releases the minimum amount of health information necessary when doing so for payment or healthcare operations purposes.

HIPAA GEN-103 Public Policy Disclosures

USC may use or disclose PHI for treatment, payment and health care operations without an individual’s authorization in accordance with USC HIPAA Policy CLIN – 201 and USC’s Notice of Privacy Practices, provided the individual has acknowledged receipt of USC’s Notice of Privacy Practices or USC has made good faith efforts to obtain the individual’s acknowledgement of receipt.

Authority to Sign Contracts and Agreements

A school or department may only enter into an agreement with an outside entity in the name of the corporate entity (the “University of Southern California”). All agreements the university enters into must be reviewed by the Office of the General Counsel prior to execution, and sufficient time must be scheduled into the drafting process to allow for proper review.