IDP Training

The Ohio State University’s institutional data is important to protect. That data comes in different forms, and not all staff members deal with the same types. To inform you what kinds of data you may control and how to best protect it, we ask individuals to complete only the activity that applies to their specific role.

Beginning February 1, 2024, Ohio State will offer three educational options, all due by April 26, 2024 for non-Medical Center staff. You will receive an email describing which educational activity applies to you, containing instructions on how to complete the task.

If you are unsure which method below applies to your role, check your inbox for an email from IDP-Support@osu.edu, or email us for help.

If you have access to Restricted (S4) data but not protected health information

The Institutional Data Policy (IDP) training is required annually for individuals who have access to restricted data. This is necessary for anyone who requires access to certain administrative systems including Workday, PeopleSoft, Tableau, and the Operational Data Store.

In this training, you will:

  • Explain your responsibilities for accessing and handling institutional data
  • Identify the four classifications of institutional data
  • Describe how you will find what activities and services are permitted for each classification of institutional data
  • Explain what you should do if you suspect the loss, unauthorized access or exposure of institutional data

To access this training:

  1. Go to BuckeyeLearn and search for the "Institutional Data Policy 2024" course
  2. Complete the training as instructed
  3. Your transcript will show this training complete, and your manager will be notified that you have done your part for the year

If this training has been assigned to you, you can access it from your BuckeyeLearn transcript.

If you have access to protected health information (PHI)

Some areas of the university deal with personal health information (PHI). They are subject to the federal law establishing national standards to protect sensitive patient health information from being disclosed without a patient’s consent or knowledge. This law is the Health Insurance Portability and Accountability Act of 1996, or HIPAA. 

This is different from the Institutional Data Policy (IDP) training, but is equivalent to that course. You only need to take one.

To access this training:

  1. Go to BuckeyeLearn and search for the "HIPAA and Institutional Data Compliance FY24" course
  2. Complete the training as instructed
  3. Your transcript will show this training complete, and your manager will be notified that you have done your part for the year

If this training has been assigned to you, you can access it from your BuckeyeLearn transcript.

NOTE: Medical Center employees must take the HIPAA and Institutional Data Compliance training by June 30 of each year. All other others taking this training must complete it between February 1 and April 26. If you take this course and sign the agreements, you do not need to take “Institutional Data Policy” training or the “IDP awareness activity” in C4U. 

If you do not have access to Restricted (S4) data

Many staff and faculty members do not have access to sensitive institutional data in their role at the university. It is only important that this data can be identified if one comes across it and is aware of how to handle it, if necessary.

To access:

  1. Sign into the Cybersecurity for You (C4U) cybersecurity awareness platform
  2. Complete the short activity by answering the quiz questions
  3. You will be recorded as having completed the activity

For technical support or if you are unable to log into the C4U Awareness platform, please contact the IT Service Desk or call (614) 688-4357 (HELP).

Learn more about the Institutional Data Policy.