{"id":1105,"date":"2026-06-02T14:23:27","date_gmt":"2026-06-02T19:23:27","guid":{"rendered":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/?page_id=1105"},"modified":"2026-07-07T10:54:33","modified_gmt":"2026-07-07T15:54:33","slug":"health-insurance-portability-and-accountability-act-hipaa","status":"publish","type":"page","link":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","title":{"rendered":"Health Insurance Portability and Accountability Act (HIPAA)"},"content":{"rendered":"    <div class=\"cc--component-container cc--secondary-navigation  secondary-navigation\">\n\n<div class=\"c--component c--secondary-navigation\">\n        <div class=\"cc--secondary-header\">\n    <div class=\"c--secondary-header\">\n        <div class=\"secondary-nav-container\">\n            <div class=\"branding-secondarymenu-container\">\n                <div class=\"branding-secondarymenu-container-inner\">\n                    <div class=\"inner-wrapper\">\n                        <div class=\"cc--component-container cc--secondary-menu\">\n                            <div class=\"c--component c--secondary-menu\">\n                                <nav class=\"mc--menu mc--secondary-nav\">\n                                    <ul class=\"m--menu m--secondary-nav\">\n                                                                                            <li class=\"menu-item\">\n                                                        <a href=\"\/cybersecurity-compliance-program\/glba-compliance-program\/\" target=\"_self\">\n                                                            Gramm-Leach-Bliley Act (GLBA) Compliance Program                                                        <\/a>\n                                                    <\/li>\n                                                                                                    <li class=\"menu-item\">\n                                                        <a href=\"\/cybersecurity-compliance-program\/payment-card-industry-data-security-standard-pci-dss\/\" target=\"_self\">\n                                                            Payment Card Industry (PCI) standard                                                        <\/a>\n                                                    <\/li>\n                                                                                                    <li class=\"menu-item\">\n                                                        <a href=\"\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/\" target=\"_self\">\n                                                            Health Insurance Portability and Accountability Act (HIPAA)                                                        <\/a>\n                                                    <\/li>\n                                                                                    <\/ul><!-- m--menu -->\n                                <\/nav>\n                            <\/div><!-- c--component c--secondary-menu -->\n                        <\/div><!-- cc--component-container cc--secondary-menu -->\n                    <\/div>\n                <\/div>\n            <\/div>\n        <\/div>\n        <div class=\"secondary-mobile-nav\">\n\n            <div class=\"mobile-nav-topbar-container\">\n\n                <h2>\n                    Navigate to\n                    <span class=\"arrow-wrapper\"><svg\n                                xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"8\"\n                                viewBox=\"0 0 12 8\"\n                        ><g><g><path\n                                            d=\"M.936.5l4.95 4.95L10.835.5l1.06 1.06-4.95 4.95-1.06 1.061-1.061-1.06-4.95-4.95z\"\n                                    ><\/path><\/g><\/g><\/svg><\/span>\n                <\/h2>\n            <\/div>\n            <div class=\"secondary-mobile-nav-menu-container\">\n                <div class=\"cc--component-container cc--secondary-menu color-red\">\n                    <div class=\"c--component c--secondary-menu\">\n                        <nav class=\"mc--menu mc--secondary-nav\">\n                            <ul class=\"m--menu m--secondary-nav\">\n                                                                            <li class=\"menu-item\">\n                                                <a href=\"\/cybersecurity-compliance-program\/glba-compliance-program\/\">\n                                                    Gramm-Leach-Bliley Act (GLBA) Compliance Program                                                <\/a>\n                                            <\/li>\n                                                                                    <li class=\"menu-item\">\n                                                <a href=\"\/cybersecurity-compliance-program\/payment-card-industry-data-security-standard-pci-dss\/\">\n                                                    Payment Card Industry (PCI) standard                                                <\/a>\n                                            <\/li>\n                                                                                    <li class=\"menu-item\">\n                                                <a href=\"\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/\">\n                                                    Health Insurance Portability and Accountability Act (HIPAA)                                                <\/a>\n                                            <\/li>\n                                                                    <\/ul><!-- m--menu -->\n                        <\/nav>\n                    <\/div><!-- c--component c--secondary-menu -->\n                <\/div><!-- cc--component-container cc--secondary-menu -->\n            <\/div>\n        <\/div>\n    <\/div><!-- c--component c--secondary-header -->\n<\/div><\/div><!-- c--component c--secondary-navigation -->\n\n    <\/div><!-- cc--component-container cc--div -->\n\n\n    <section class=\"cc--component-container cc--hero-basic bg-image  hero-basic\">\n\n<div class=\"c--component c--hero-basic\">\n                <div class=\"background-image hero-bg-image \" style=\"background-image: url(https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-content\/uploads\/sites\/105\/2026\/06\/national-cancer-institute-NFvdKIhxYlU-unsplash-scaled-1.jpg);\" aria-label=\"Image Description\">\n            <div class=\"f--image--hidden\">\n\t\t\t\t<div class=\"f--field f--image \">                <img decoding=\"async\" src=\"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-content\/uploads\/sites\/105\/2026\/06\/national-cancer-institute-NFvdKIhxYlU-unsplash-scaled-1.jpg\" alt=\"\">\n\t\t\t<\/div><!-- f--field f--image -->\n            <\/div>\n        <\/div>\n\t\n<div class=\"outer-wrapper\">\n    <div class=\"inner-wrapper\">\n        <div class=\"text-container\">\n            <div class=\"text-wrapper\">\n\t\t\t\t<div class=\"f--field f--page-title \"><h1>Health Insurance Portability and Accountability Act (HIPAA)<\/h1>\n\n<\/div><!-- f--field f--page-title -->\n\t\t\t\t<div class=\"f--field f--text \"><\/div><!-- f--field f--text -->\n            <\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n\n<\/div><!-- c--component c--hero-basic -->\n\n    <\/section><!-- cc--component-container cc--section -->\n\n\n    <section class=\"cc--component-container cc--rich-text  rich-text\">\n\n<div class=\"c--component c--rich-text\">\n        <div class=\"inner-wrapper\">\n    \n    <div class=\"f--field f--rich-text \"><p><strong>Overview<\/strong><br \/>\nThe Health Insurance Portability &amp; Accountability Act of 1996 requires the institution to secure a patient\u2019s electronic protected health information (ePHI). This protection is provided by administrative, physical, and technical processes and controls. The OIT-Information Security Office is charged with assisting the University in achieving compliance with the HIPAA Security Rule.<\/p>\n<p>Departments involved in the electronic transmission of patient records, as well as any subcontractors, are required to be compliant with HIPAA standards which necessitates prudent security practices.<\/p>\n<p>The HIPAA Security Rule is intended to be scalable and does not require specific technologies to be used. Covered entities may elect solutions that are appropriate to their operations, provided the selected solutions are supported by a thorough security assessment and risk analysis.<\/p>\n<p>The standards for the Security Rule are grouped into five categories:<\/p>\n<ul>\n<li>Administrative safeguards<\/li>\n<li>Physical safeguards<\/li>\n<li>Technical safeguards<\/li>\n<li>Organizational standards<\/li>\n<li>Policies, procedures, and documentation requirements.<\/li>\n<\/ul>\n<p><strong>Program<\/strong><\/p>\n<ol>\n<li>All departments that accept, process, store, and transmit electronic protected healthcare information (ePHI) must ensure that all applicable systems and databases used to process this data undergo <a href=\"https:\/\/it.rutgers.edu\/it-risk-policy-and-compliance\/information-security-risk-management-program\/\">risk assessments<\/a> as conducted by the Risk Management team.<\/li>\n<li><a href=\"https:\/\/uec.rutgers.edu\/\">University Ethics and Compliance<\/a> provides mandatory, annual HIPAA training for identified units and departments that process healthcare data (PHI). The Information Security Office provides supplemental training that can be requested by management for identified groups (see additional resources link below).<\/li>\n<li>University policies should be reviewed by all members of the university who access, use, transmit or otherwise process electronic protected healthcare information (ePHI).<\/li>\n<li>The Compliance team is available to consult with schools and business units to ensure adherence to all HIPAA Security Rule regulatory requirements.<\/li>\n<\/ol>\n<p>Review additional resources below for policy and training requirements.<\/p>\n<\/div><!-- f--field f--rich-text -->\n\n    <\/div>\n    <style>\n        .cc--rich-text .c--rich-text:has(.inner-wrapper) {\n            padding: 0 !important;\n        }\n\n        .cc--rich-text .c--rich-text .inner-wrapper {\n            padding-right: 8%;\n            padding-left: 8%;\n        }\n\n        @media screen and (min-width: 768px) {\n            .cc--rich-text .c--rich-text .inner-wrapper {\n                padding-right: 12%;\n                padding-left: 12%;\n            }\n        }\n\n        @media screen and (min-width: 1024px) {\n            .cc--rich-text .c--rich-text .inner-wrapper {\n                padding-right: 10%;\n                padding-left: 10%;\n            }\n        }\n    <\/style>\n<\/div><!-- c--component c--rich-text -->\n\n    <\/section><!-- cc--component-container cc--section -->\n\n\n    <section class=\"cc--component-container cc--enhanced-cards  enhanced-cards color-light-gray\">\n\n<div class=\"c--component c--enhanced-cards\">\n        \n\n\n\n\n\n    <div class=\"enhanced-cards-bg-img-container  color-light-gray\" style=\"; background-size: cover; background-repeat: no-repeat; position: relative; z-index:1;\">\n\n        <div class=\"enhanced-cards\" style=\"grid-template-columns: repeat(3, minmax(0, 1fr));\">\n\n            <div class=\"title-description\">\n                                    <h2 style=\"text-align: center;\">HIPAA support and additional resources<\/h2>\n                \n                \n            <\/div>\n\n                                            <div class=\"after-title enhanced-card box-shadow has-button color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                    \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                                                                                                                        <h3>\n                                                                            Supplemental HIPAA  refresher training                                                                    <\/h3>\n                            <\/div>\n                        \n                                                                                    <div style=\"margin-bottom: 16px\">\n                                    <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-chalkboard-user large after-title\"><\/i>\n                                <\/div>\n                                                    \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Register staff for this supplemental training as needed.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                                                    <a class=\"button\" href=\"https:\/\/go.rutgers.edu\/knowbe4-training-request\" style=\"\" target=\"_self\">Supplemental HIPAA training<\/a>\n                                    <\/div>\n                                            <div class=\"after-title enhanced-card box-shadow has-button color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                    \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                                                                                                                        <h3>\n                                                                            Policy requirements                                                                    <\/h3>\n                            <\/div>\n                        \n                                                                                    <div style=\"margin-bottom: 16px\">\n                                    <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-file-lines large after-title\"><\/i>\n                                <\/div>\n                                                    \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Learn more about the policy&#8217;s role at Rutgers.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                                                    <a class=\"button\" href=\"https:\/\/uec.rutgers.edu\/policies\/hipaa\/\" style=\"\" target=\"_self\">HIPAA policy requirements <\/a>\n                                    <\/div>\n                                            <div class=\"after-title enhanced-card box-shadow has-button color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                    \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                                                                                                                        <h3>\n                                                                            Inquiries                                                                    <\/h3>\n                            <\/div>\n                        \n                                                                                    <div style=\"margin-bottom: 16px\">\n                                    <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-question large after-title\"><\/i>\n                                <\/div>\n                                                    \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Contact us with additional questions regarding the HIPAA Security Rule.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                                                    <a class=\"button\" href=\"\/cybersecurity-compliance-program\/contact-the-information-security-compliance-and-training-team\/\" style=\"\" target=\"_self\">Contact us<\/a>\n                                    <\/div>\n            \n            \n        <\/div>\n\n    <\/div>\n\n<\/div><!-- c--component c--enhanced-cards -->\n\n    <\/section><!-- cc--component-container cc--section -->\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":992,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"page-category":[],"class_list":["post-1105","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Health Insurance Portability and Accountability Act (HIPAA) - Cybersecurity Compliance Program<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Health Insurance Portability and Accountability Act (HIPAA) - Cybersecurity Compliance Program\" \/>\n<meta property=\"og:url\" content=\"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/\" \/>\n<meta property=\"og:site_name\" content=\"Cybersecurity Compliance Program\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-07T15:54:33+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/\",\"url\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/\",\"name\":\"Health Insurance Portability and Accountability Act (HIPAA) - Cybersecurity Compliance Program\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/#website\"},\"datePublished\":\"2026-06-02T19:23:27+00:00\",\"dateModified\":\"2026-07-07T15:54:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"LinkedIn Learning\",\"item\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Health Insurance Portability and Accountability Act (HIPAA)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/#website\",\"url\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/\",\"name\":\"Cybersecurity Compliance Program\",\"description\":\"A Rutgers IT Service\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-compliance-program\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Health Insurance Portability and Accountability Act (HIPAA) - Cybersecurity Compliance Program","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","og_locale":"en_US","og_type":"article","og_title":"Health Insurance Portability and Accountability Act (HIPAA) - Cybersecurity Compliance Program","og_url":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","og_site_name":"Cybersecurity Compliance Program","article_modified_time":"2026-07-07T15:54:33+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","url":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","name":"Health Insurance Portability and Accountability Act (HIPAA) - Cybersecurity Compliance Program","isPartOf":{"@id":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/#website"},"datePublished":"2026-06-02T19:23:27+00:00","dateModified":"2026-07-07T15:54:33+00:00","breadcrumb":{"@id":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"LinkedIn Learning","item":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/"},{"@type":"ListItem","position":2,"name":"Health Insurance Portability and Accountability Act (HIPAA)"}]},{"@type":"WebSite","@id":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/#website","url":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/","name":"Cybersecurity Compliance Program","description":"A Rutgers IT Service","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/pages\/1105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/users\/992"}],"replies":[{"embeddable":true,"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/comments?post=1105"}],"version-history":[{"count":11,"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/pages\/1105\/revisions"}],"predecessor-version":[{"id":1156,"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/pages\/1105\/revisions\/1156"}],"wp:attachment":[{"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/media?parent=1105"}],"wp:term":[{"taxonomy":"page-category","embeddable":true,"href":"https:\/\/it.rutgers.edu\/cybersecurity-compliance-program\/wp-json\/wp\/v2\/page-category?post=1105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}