Vanderbilt University Medical Center (VUMC) is committed to the protection and responsible use of personal data in its operations. Data is a resource essential to providing medical care, education and training, conducting medical research, identifying diagnostic solutions, developing innovative treatments, and participating in global collaboration with researchers, industry partners, and healthcare providers in the provision and advancement of health care and medicine and the training of individuals in those fields. The International Privacy Office researches the privacy laws as promulgated by other countries and provides data protection oversight to further VUMC’s commitment to collecting and processing data in compliance with applicable laws and regulations and in ways that are ethical, fair, and respectful of the privacy of the individuals.
International Privacy Office
The International Privacy Office oversees the protection of personal data across all aspects of VUMC’s international activities. The role and responsibility of the International Privacy Office is to:
- Establish the measures VUMC implements to protect and secure international personal data;
- Implement and maintain technical and organizational measures for data protection consistent with standards harmonized on GDPR;
- Stay abreast of developments in technology, law, and policy related to data protection and privacy, to ensure that VUMC’s internal data protection measures promote compliance with same;
- Review VUMC’s legal, regulatory, and contractual obligations regarding international personal data protection;
- Assess, by means of a data protection impact assessment or other risk assessment tools, the risk raised by VUMC’s collection, processing and storage of international personal data, and identifying measures to mitigate that risk;
- Maintain an accurate record of processing activities (known as a “ROPA”) for those countries requiring one;
- Provide oversight to ensure policies and controls align with risks identified in the data protection impact assessment and VUMC’s objectives for data use;
- Support control operations and policy implementation relating to international privacy across VUMC;
- Respond to data privacy audits in a well-prepared, efficient, and accurate manner;
- Act as the contact point for international regulators and data subjects relating to all aspects of VUMC’s processing of personal data; and
- Provide training and education on international data privacy regulations for VUMC personnel.