University Compliance Resources

Health Care Code of Conduct

The UH Health Care Code of Conduct applies to all health care clinics throughout the University of Houston System. To view the UH Health Care Code of Conduct, please see the following: UH Health Care Code of Conduct.

Privacy Laws and Guidance

  • FERPA: The Family Educational Rights and Privacy Act of 1974, 20 U.S.C. § 1232g, popularly known as “FERPA” or the Buckley Amendment, is the federal law that governs the rights of students and the corollary responsibilities of institutions of higher education with respect to student education records. For FERPA guidelines, please visit the Office of General Counsel's website
  • HIPAA and Medical Privacy:  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other medical privacy laws protect the privacy of a patient’s protected health information. For HIPAA and medical privacy guidelines, please visit the Office of General Counsel's website.  
  • GDPR: The General Data Protection Regulation (“GDPR”) is a general privacy law that applies to personal data collected in or from the European Economic Area (“EEA”) related to goods or services offered in the EEA or involving the monitoring of individuals in the EEA. Any UHS university department or division that collects, uses, or stores “personal data” in or from the European Economic Area (“EEA”) or relating to individuals in the EEA may be impacted. For example, receipt of personal data from an individual in the EEA (even one temporarily living in the EEA) who is—applying for admission, responding to a donation solicitation, collaborating on research activities, or participating in a study abroad program—could trigger application of these rules. For GDPR guidelines, please visit the Office of General Counsel's website
  • GLB Act: The Gramm-Leach-Bliley Act (“GLB Act”), also known as the Financial Modernization Act of 1999, is a federal law that requires organizations that are significantly engaged in providing financial services to protect the privacy and security of customers’ nonpublic personal information. For GLB Act guidelines, please visit the Office of General Counsel's website
  • Security Incident Response Guidelines
  • Additional Guidelines: For additional guidelines on protection of confidential information, please see SAM 01.D.06 (Protection of Confidential Information) and visit the Office of General Counsel's website

Sexual Misconduct Policy Communication

View the Sexual Misconduct Policy Communication to Faculty and Staff 11-20-2019