CS 14 Privacy of Medical Records – Compliance with the Health Insurance Portability and Accountability Act of 1996 (formerly 07-02-01)


This policy sets forth the framework for the University’s compliance with the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and the HIPAA Omnibus Rule. It is applicable only to those units of the University that have been designated as “Covered Components” under HIPAA. This policy is limited to the privacy standards imposed by HIPAA. Other aspects of the law, including rules governing security and human subject research, are addressed in other University policies. See the University’s IRB website for policies governing human subject research.


Category: Human Resources
Section: Confidentiality of Medical Information
Effective Date: September 23, 2013
Last Reviewed: September 23, 2013
Responsible Unit:
Responsible Executive: Senior Vice Chancellor for Business and Operations
Policy Contact:

Procedure(s) and Supporting Documents

Please refer to the policy and/or the policy contact for any accompanying procedures, supporting documents, and/or forms.