What is Formstack?
Formstack is a web form management tool. It allows you to quickly and easily build standards compliant and accessible web forms. University Web Communication Services is happy to offer formstack accounts for $75/yr for each user.
Usage Guidelines
In an effort to meet compliance with federal regulations the following guilelines have been set for the use of Formstack at UNM. These guidelines layout the basics of certain types of information that should not be collected via web forms.
- Do not ask for any of the following information on forms:
- Social Security Number
- Credit Card Information
- Religion
- Citizenship
- Disciplinary status
- Ethnicity
- Gender
- GPA (grade point average)
- Marital status
- Grades/exam scores
- Standardized test scores
- Actual number of hours enrolled
If you have a need to collect any of the above information the UNM Registrar must approve your form and how the collected data is to be used.
- UNM designates the following information as “directory information”. Asking for this information is allowed:
- Name
- Major field of study
- Enrollment status (full-time, 3/4-time, half-time, less-than-half-time)
- Dates of attendance (matriculation and withdrawal dates)
- Degrees and awards received (type of degree and date granted)
- Participation in officially recognized activities and sports, and weight and height of members of athletic teams
- Do not collect information you do not need. Additionally try not to collect information that is in a system that you already have access to, such as BANNER or LoboAchieve.
- If you are sending the data from your form to an email address, that email address must end in unm.edu
- If the information you are collecting is to be sent to others or shared with a 3rd party please make a statement on the form indicating with whom the information will be shared.
- If you are collecting personal information from students provide a check box allowing the student to state they agree to releasing this information. Suggested text:
"I do hereby consent to the release of information concerning my academic and/or financial status."
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records such as grades, transcripts, disciplinary records, contact and family information, and class schedules. All educational institutions that receive federal funding must comply with FERPA.
The guidelines above layout the associated requirements related to FERPA and the use of Formstack.
HIPAA
Health Insurance Portability and Accountability Act (HIPAA), is a law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
Formstack is not HIPAA certified. This means that no patient related information should be collect by any form managed with Formstack.
Sensitive and Protected Information Statement:
When using online cloud services, you agree to act in accordance with applicable laws, regulations, and also in accordance with The University of New Mexico policies, procedures and operational controls regarding UNM sensitive and protected data as identified in UNM Policy 2520, which states: "Users are responsible for proper use and protection of University information and are prohibited from sharing information with unauthorized individuals." 2520 also states "Access to ... sensitive and protected information must be authorized by the department head and approved by the University designated data custodian."
For assistance with the operational controls for HIPAA information, please consult the HSC Privacy Office; for assistance with FERPA information, please consult the UNM Registrar. For all other sensitive or protected data, please open a HELP ticket, and the UNM Information Security and Privacy team will assist you in identifying the appropriate data steward.
