Skip to main content

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)

Overview

The Health Insurance Portability & Accountability Act of 1996 requires the institution to secure a patient’s electronic protected health information (ePHI). This protection is provided by administrative, physical, and technical processes and controls. The OIT-Information Security Office is charged with assisting the University in achieving compliance with the HIPAA Security Rule.

Departments involved in the electronic transmission of patient records, as well as any subcontractors, are required to be compliant with HIPAA standards which necessitates prudent security practices.

The HIPAA Security Rule is intended to be scalable and does not require specific technologies to be used. Covered entities may elect solutions that are appropriate to their operations, provided the selected solutions are supported by a thorough security assessment and risk analysis.

The standards for the Security Rule are grouped into five categories:

  • Administrative safeguards
  • Physical safeguards
  • Technical safeguards
  • Organizational standards
  • Policies, procedures, and documentation requirements.

Program

  1. All departments that accept, process, store, and transmit electronic protected healthcare information (ePHI) must ensure that all applicable systems and databases used to process this data undergo risk assessments as conducted by the Risk Management team.
  2. University Ethics and Compliance provides mandatory, annual HIPAA training for identified units and departments that process healthcare data (PHI). The Information Security Office provides supplemental training that can be requested by management for identified groups (see additional resources link below).
  3. University policies should be reviewed by all members of the university who access, use, transmit or otherwise process electronic protected healthcare information (ePHI).
  4. The Compliance team is available to consult with schools and business units to ensure adherence to all HIPAA Security Rule regulatory requirements.

Review additional resources below for policy and training requirements.

HIPAA support and additional resources

Supplemental HIPAA refresher training

Register staff for this supplemental training as needed.

Policy requirements

Learn more about the policy's role at Rutgers.

Inquiries

Contact us with questions regarding the HIPAA Security Rule.