Currently, despite being limited to viewing Portfolios/Opportunities for only their own scopes, Opp Admins can see what applications a student completed when a) visiting Award Mode (i.e. on the right hand side of the screen - for Conditionals) and b) when using the 'Become User' feature and proxying the student. This is problematic for us, specifically for some of our sensitive scholarship programs (i.e. Disability Resource Center). That team is very concerned that any user can tell who completed their application and, if they use 'Become User,' can go into the application and view the answers.
We'd like to see an enhancement where users are restricted to viewing information for only their scoped portfolios/opportunities throughout the entire system. This is part of our greater theme of making the system dependent on scopes throughout (i.e. not seeing all Post-Acceptance questions as columns in the PA Bulk Action Grid, not seeing everyone elses questions in your library - just your scopes, only seeing $s from your scopes in Encumbered Funds column, etc.).
Client Name "shard name" | wisc |
Employee Name | Keith Brown |
This is classified as a FERPA issue, not HIPAA. https://mcburney.wisc.edu/policies/documentation-and-confidentiality-policy/
The concern is they can see scholarship applications or awards that indicate what disability they have - potential HIPA violation.