Regulatory Compliance at ECU
In addition to ECU-specific policies and regulations, there are many external laws, regulations, and policies with which ECU must comply. Remaining in compliance is one important way the University demonstrates its dedication to ethical and responsible operations. Some compliance requirements also have significant financial penalties attached.
According to ECU’s Employee Code of Conduct, “Members of the University community are expected to become familiar with and comply with the statutes, regulations, and University policies and procedures bearing on their areas of responsibility.”
Keeping up with compliance requirements is a significant challenge, and ECU has several offices that are responsible for overseeing various aspects of regulatory compliance. Some of the subject matter experts are listed on this site. Please note that this site is not intended to be an all-inclusive list of the many laws and regulations with which the University must comply or the people with various compliance-related responsibilities.
East Carolina University is committed to achieving excellence in its compliance efforts. We encourage and expect open communications. Members of the campus community should feel comfortable sharing their concerns with supervisors. There are also several other reporting channels available through the websites below.
While there are different offices that handle different subject matter, these teams work closely together to ensure that any concerns are relayed to and handled by the appropriate officials, consistent with the University Investigative Responsibilities Regulation.
For more information on any of the offices listed below, please visit their websites.
The Office of University Counsel provides comprehensive legal advice and counsel to East Carolina University. As part of this work, OUC works closely with and advises administrators responsible for compliance functions throughout the University.
In addition to its role of providing advice and counsel, OUC is also responsible for the University’s employment-based immigration matters and the University’s response to public records requests.
The Office of Internal Audit isn’t directly responsible for any specific compliance areas. The office performs compliance audits, through which senior management and the Board of Trustees are provided assurance about how well ECU is complying with various laws, regulations, and policies. The office also works closely with the various campus compliance offices and is the liaison between these other offices and the Board of Trustees Audit, Risk Management, Compliance, and Ethics Committee.
Internal Audit manages the University’s hotline for reporting instances of known or suspected fraud, waste, abuse, or significant non-compliance. Concerns may be submitted anonymously via the website or by calling 252-328-9027.
State authorization allows East Carolina University to offer educational opportunities to students nationwide. ECU has a team dedicated to researching regulations and seeking and maintaining approvals so learners can participate in ECU’s programs wherever they are. Our state authorization team leads the university’s institutional state authorization compliance activities, including obtaining and managing all necessary approvals to operate in every state, territory, and country; as well as managing the State Authorization Reciprocity Agreements (SARA).
The State Authorization Reciprocity Agreements (SARA) is a national initiative to provide more access to programs and courses while maintaining compliance standards with state regulatory agencies. These reciprocity agreements help streamline distance education regulations, improve coordination between states and higher education institutions, and help ensure member states and participating institutions adhere to a set of common consumer protections for students. Participating institutions of SARA are authorized to provide education to learners from all SARA member states. As of November 15, 2016, East Carolina University is approved to participate in the National Council for State Authorization Reciprocity Agreements (NC-SARA).
East Carolina University (ECU) is committed and obligated to the principle of institutional control in operating its athletics programs. This task is accomplished by operating in accordance with NCAA, The American Athletic Conference (AAC) and University rules and regulations.
The charge of the ECU’s Athletics Office of Compliance is to not only educate, monitor and verify NCAA rules compliance for the athletic department, but also work collectively with coaches, student-athletes, athletics staff, alumni, prospects, parents, donors, and the institution’s various constituency groups to ensure that policies and procedures are implemented to ensure that we are maintaining institutional control.
Compliance is ultimately, a shared responsibility and it is the obligation and responsibility of all athletic department staff members to act within all applicable rules and regulations at all times.
For any question/concern/inquiry related to athletics compliance or our athletic department policies, feel free to contact our email at AthleticsCompliance@ecu.edu or call at 252-737-4533.
The Office of Institutional Integrity (OII) has adopted a University-wide compliance program. This program provides a framework for the University’s healthcare and specific data security compliance efforts with applicable state and federal laws and regulations including but not limited to the Federal False Claims Act, the Federal Anti-kickback Statute, the Prohibition on Physician Self-Referrals (the Stark law), Center for Medicare & Medicaid Services, Office for Civil Rights (HIPAA), Office of Inspector General, and the NC Identity Theft Protection Act.
The OII compliance program is not intended to set forth every program and practice that is designed to affect compliance, but rather to provide a framework that will guide the overall healthcare and specific data security compliance efforts of the University. The program affects a broad range of areas within the University’s operations, and all faculty, staff, students, and contractors of the University are expected to participate in the program and abide by its requirements. We encourage all workforce members and contractors of the University to contact the Office of Institutional Integrity at any time with questions and/or concerns.
OII operates a Compliance Hotline (this line does not have caller ID) at 1-866-515-4587, or callers may contact the main line at 1-252-744-5200 or email firstname.lastname@example.org.
The Office of Research Integrity and Compliance (ORIC) promotes the ethical and responsible conduct of research. ORIC monitors compliance with applicable federal, state, and institutional regulations by developing tools and educational resources designed to help guide the ECU community through the process of transparency, compliance, and oversight.
Ensuring the ethical and responsible conduct of research preserves the public trust, which is an essential underpinning of the University’s ability to fulfill its public service mission.
ORIC is responsible for providing oversight and guidance for University-wide conflict of interest training, reporting, and management; coordination and conduct of the university’s responsible conduct of research training program; and the confidential receipt and assessment of research misconduct allegations by the Research Integrity Officer (RIO).
The Office of Export Controls and Customs within ORIC facilitates ECU’s compliance with U.S. sanctions, export control, and import regulations. The office aims to promote awareness of U.S. sanctions, export and import compliance requirements across the ECU community and facilitates, establishes and maintains core processes and procedures that effectively demonstrate compliance.
The primary function of the UMCIRB is to protect the rights and welfare of human participants in research at ECU, ECU Health and its affiliates, and in research conducted elsewhere by faculty, students, staff or other representatives of the university in connection with their responsibilities or education. This mission is accomplished by an institutional commitment to education and establishment of a collaborative relationship with the researchers and key support staff.
The Post-IRB Approval Monitoring (PAM) office functions independent of the University and Medical Center Institutional Review Board (UMCIRB). The aim of the PAM office is to ensure protection of human participants involved in research activities and promotion of best practices in the conduct of human research. This aim is achieved through post-IRB approval monitoring of studies and UMCIRB activities. Monitoring activities may be routine in nature, focused or for-cause. Observations and findings resulting from monitoring activities are used to inform quality improvement and educational efforts for investigators, research staff and the research community.
The PAM office provides internal oversight of compliance issues relating to the performance of human research studies. The emphasis of the program is:
- To ensure the rights and welfare of research participants and the quality and integrity of the research;
- To identify educational and research support needs;
- To ensure compliance with federal, state, local and institutional regulations, and policies; and
- To identify areas of strength and areas in need of improvement in research endeavors
Compliance Monitoring and Strategic Initiatives (externally funded research)
Compliance Monitoring provides guidance regarding federal, state and non-federal regulatory compliance in research administration, financial compliance and audit. CMSI contributes to strategic planning of risk mitigation and remediation, and proactive risk management, including recommendations for policy and SOP changes and adjustments.
CMSI uses extensive knowledge of research administration to assess potential audit risk and compliance requirements; informs and implements solutions needed to address and mitigate risk to improve proposal development and fiscal management. CMSI develops metrics through highly complex data applications and provides structured data and recommendations for mitigation and resolution, to departments, Hubs, and Senior Leadership. CMSI is the lead respondent to audit and/or site visits related to sponsored programs at ECU.
CMSI evaluates and assesses operational capability and compliance; and provides potential risk mitigation and remediation strategies for use by senior leadership in support of reports to the Provost, Chancellor and Board of Trustees.
The Office for Equity and Diversity (OED) leads strategic efforts and develops institutional partnerships to cultivate a diverse, inclusive, and equitable ECU. OED offers a variety of programs and initiatives designed to prevent harassment and discrimination, enhance diversity and intercultural competence, and foster a sense of belonging for all community members. Topics addressed in OED’s programming include: Title IX and Title VII civil rights compliance; enhancing campus culture for equity and inclusion; faculty, staff, and student diversity and inclusion; and, protected class complaint response and investigations.
East Carolina University is committed to equality of opportunity and prohibits unlawful discrimination based on disability as established by ECU’s Notice of Non-Discrimination and Affirmative Action Policy. The Office of the ADA Coordinator is responsible for coordinating the efforts associated with University policies and procedures relating to persons with disabilities to assure compliance with the ADA and other federal and state laws and regulations pertaining to persons with disabilities. The Office of the ADA Coordinator collaborates with the Office of Disability Support Services, the ADA Accessibility Committee, ECU Facilities Operations, Environmental Health and Safety, and the IT Accessibility Committee, among others, to help serve students and employees who qualify for accommodations under the Americans with Disabilities Act.
Additionally, the Office of the ADA Coordinator has responsibility for ADA compliance and for engaging in an interactive process to determine whether an employee, applicant or visitor is a qualified individual with a disability for the purposes of providing a reasonable accommodation.
The Office of the ADA Coordinator may be contacted at:
ECU Human Resources – Building 127 – 210 E. 1st St. Greenville, NC 27858
The Office of Environmental Health and Safety (OEHS) helps the University achieve compliance with various safety and environmental laws and regulations. OEHS strives to move the University community to the highest level of Safety, Health, Emergency, and Environmental Management by the integration of these practices into the core values of the University culture. Among other things, OEHS oversees chemical hygiene, laboratory safety, industrial hygiene, workplace safety, emergency management, and environmental management. OEHS is responsible for responding to safety and health-related concerns and complaints.
The Clery Compliance Coordinator oversees the University’s compliance with the federal Crime Awareness and Campus Security Act, commonly referred to as the Jeanne Clery Act, as well as other crime, fire, and incident reporting laws and regulations. The Clery Coordinator works closely with law enforcement, University management, and other University personnel to help ensure they understand and are equipped to fulfill their responsibilities related to crime and incident reporting. The Clery Coordinator also oversees the University’s reporting obligations to outside entities and the general public.
All University employees are responsible for protecting the information and data in their care. Employees shall protect University Information from unauthorized and/or unlawful access, use, disclosure, destruction, and/or loss. The University has implemented robust Information Security and Data Governance programs to help ensure that safeguards are in place to protect the security and privacy of the information entrusted to us.
The Chief Information Security Officer (CISO) manages the University Information Security Program, a collection of enterprise rules, standards and guidance. The CISO advises university and departmental leadership on the identification and management of risks associated with the handling of University Information and the use of IT systems and services. The CISO also coordinates the activities of the University Security Incident Response Team (SIRT), which oversees the University’s response to Information Security incidents. The SIRT assesses risks to individual privacy, facilitates and/or manages data breach notifications, and coordinates its activities with university compliance offices where appropriate.
Data governance is a collection of practices and processes which help ensure the formal management of data assets within an organization. The University’s data governance structure enables shared decision-making across organizational boundaries and addresses key issues such as data ownership, standardization, validity, reliability, access, and security. This demonstrates the extent to which the university’s leadership value data and their desire to manage this important institutional asset intentionally.
Financial Services (tax and other compliance requirements)
Financial Services, a unit in the Division of Administration and Finance, provides centralized accounting services for the University and its financial affiliates, including its foundations and related entities. As part of its day-to-day responsibilities, Financial Services helps ensure compliance with many laws and regulations related to the financial activities of the University. These include the Fair Labor Standards Act, payroll laws, tax collection and reporting, state laws pertaining to debt collection, and many others.
The Family Educational Rights and Privacy Act of 1974 (FERPA) established students’ rights related to their education records. These include rights related to privacy, inspection, and correction of inaccurate records. The University Registrar has been designated as ECU’s FERPA Compliance Officer. Questions and concerns related to student records and FERPA compliance may be reported using the link above.
Since we collect payments via credit and debit cards, East Carolina University must comply with the rules, regulations and contractual provisions regarding the handling of payment cards and cardholder data as defined in the Payment Card Industry Data Security Standards (PCI DSS). ECU Financial Services is responsible for overseeing compliance with the PCI DSS.