Tag: hipaa

Facebook as Student Portal? Some Considerations

Eric Stoller wrote about the idea of facebook as a student portal in his blog post “Is Facebook Mature Enough To Be a Portal Solution?” and it truly is an interesting proposition. Below is my response to the post outlining some considerations any institution might need to consider if they are to use facebook as their student portal.

It’s certainly an interesting proposition. Looking at it from someone who works with all departments in student affairs in implementing enterprise solutions like student info systems, medical records, advising systems, judicial affairs, etc – there are major factors to consider. I’m not suggesting at all that using facebook as student portal is impossible or a bad idea. I’m just not sure what the conditions would be for an institution to start using facebook as its student portal.
I never expected social media to be used as a networking management tool either but it now exists in the form of Enterasys’ ISAAC system. If institutions are to partner with facebook, here are some things I would think need to be considered:

1) Policies – is facebook’s current terms of use/privacy consistent with an institution’s policies. For example, University of California campuses are not supposed to use Google Web Analytics. From a policy staff at UC, Google’s Terms of Service agreement for Google Analytics includes a clause requiring indemnification. http://www.google.com/analytics/tos_content.html (Term #8). Third party indemnification requires Regents approval and Campuses do not have the authority to agree to terms that require indemnification.

When facebook does change its terms of use/privacy policies, which seems to happen without notice, would institutions need to change their policies to comply with facebook? Given the slow and bureaucratic nature of higher ed, will facebook or partner institutions be willing to work at the same pace? With regards to FERPA, HIPAA and other confidentiality and security policies, as well as accessibility requirements, are institutions confident enough that facebook policies do meet these requirements?

2) Campus culture/Readiness – technology is not always the issue when it comes to implementing tech solutions. Given the campus-wide scope of a student portal, I would think different parts of the campus from student affairs/academics/legal/administrative/IT would have to be involved in the discussion and they’d all have to agree to this partnership.

3) Technology
Student portal would have to potentially tap into the different systems on campus from electronic medical records, student academic info, billing, etc and these systems interface with each other sometimes in standard protocols like HL 7 for medical systems (radiology, emr) and proprietary formats. How would this work with facebook? If facebook is to be used to do billing transactions using credit cards, does it meet PCI compliance? In addition, a single sign-on would have to be implemented for these campus systems so students can access data from these different systems. Do institutions have authentication/authorization systems that can work with facebook? Are identity providers on campus willing to use facebook as the single sign-on solution?

4) Support/Training
– If facebook is to be used, how/who would support the system? Certainly, I would think facebook knowledge be required by those who will support the system, not only from the functional area but from the technical as well.

5) Implementation
– how long, how much resources would need to be allocated?

6) Other
– Would the institution require all students, staff then to sign up for facebook? I’m not sure if 100% of all students, staff are in facebook.

Facebook as student portal is an interesting concept and it’s certainly an idea I will closely follow if it has more traction.

SM – FERPA, HIPAA, Policies/Guidelines & Other Issues

[Social Media Resources]

[tabs title=”” active=1 event=”click”]
[tab title=”FERPA:”]

[hungryfeed url=”http://www.diigo.com/rss/user/Joesabado/blog_some_ferpa” feed_fields=”” template=”3″ link_target=”_blank” max_items=25]

Additional Resources at Diigo

[tab title=”HIPAA:”]

[hungryfeed url=”http://www.diigo.com/rss/user/Joesabado/blog_some_hipaa” feed_fields=”” template=”3″ link_target=”_blank” max_items=25]

Additional Resources at Diigo

[tab title=”Accessibility:”]

[hungryfeed url=”http://www.diigo.com/rss/user/Joesabado/blog_some_accessibility” feed_fields=”” template=”3″ link_target=”_blank” max_items=25]
Additional Resources at Diigo


[tab title=”Guidelines/Policies:”]

[Policies] [Guidelines]


[hungryfeed url=”http://www.diigo.com/rss/user/Joesabado/blog_some_policies” feed_fields=”” template=”3″ link_target=”_blank” max_items=25]

Additional resources at Diigo

[Back to top]

[hungryfeed url=”http://www.diigo.com/rss/user/Joesabado/blog_some_guidelines” feed_fields=”” template=”3″ link_target=”_blank” max_items=25]

Additional resources at Diigo


[tab title=”Security:”]

[hungryfeed url=”http://www.diigo.com/rss/user/Joesabado/blog_some_issues_sec” feed_fields=”” template=”3″ link_target=”_blank” max_items=25]
Additional Resources at Diigo


[tab title=”Other Issues:”]

[hungryfeed url=”http://www.diigo.com/rss/user/Joesabado/blog_some_issues” feed_fields=”” template=”3″ link_target=”_blank” max_items=25]

IT Challenge: Providing End-User Needs/Protecting the Enterprise

I read a blog post recently advocating end-users to have full admin rights to their work computers and have the ability to install softwares for efficiency and productivity. I agree that end-users (of which I am also) need to be provided the tools required to do our jobs, which includes researching new technologies. These tools include the software we need installed on our desktop that may not be provided by IT. I hear and read frustrations from end-users who seem to constantly hear “no” from IT when a request for a software or service is requested. I feel the same way sometimes. However,those software on the desktop are useless when the network or some other critical services used by the entire organization (e.g. email, student information systems) are not available as a result of disruptions caused by malicious software. I will admit that there have been a couple of times when I have had to re-image my personal machine because of a virus that I had unknowingly downloaded from an infected site. My point in sharing my experience is that even the most careful end-user with the best intention can still introduce malicious code to the network.
(continue reading…)

New Job Title: “Social Media Lifeguard”?

A colleague of mine tells me “You’re like a lifeguard, you tell us how far to go in the ocean and where to go, and you call us back if we go too far but you don’t stop us from going into the water.”

To put what he said into context, a group of us, some folks from our student life office and some technical staff from my office which is the central technology department for the Division of Student Affairs, had just seen a demo of a product to manage student organizations.  The authentication used by the vendor product uses facebook connect.  While the vendor product was really beyond what we could ever build and everyone watching the demo, including me were very impressed with the product, I unfortunately had to dampen the enthusiasm of those present. I had to mention that using facebook connect may not be an idea that will be readily accepted as an option by security administrators on campus. Using a third party like facebook for authentication for an official campus system is a new concept on my campus.  In my role as the Associate Director of Information Systems and Software Development, I unfortunately have to play  the role of  “bad guy” sometimes. Many times,  some of these concerns I share are not even necessarily mine, but I do have to share them anyways.  I think in general, I am more flexible in how far to push boundaries when using new technologies, relative to some of my technical colleagues. However, I still do need to represent their perspectives. Fortunately, I’ve built up my reputation with the departments I have served throughout the years that I’m not a “nay-sayer” and I’m a strong advocate for their programs and innovative technologies. My reputation allows me to be frank with my concerns as someone charged with protecting student academic and health information and enforcing security and electronic policies.

(continue reading…)

  • Archives

  • Copyright © 1996-2010 Joe Sabado - Higher Education & Technology Leadership. All rights reserved.
    iDream theme by Templates Next | Powered by WordPress