{"id":968,"date":"2020-05-14T10:55:39","date_gmt":"2020-05-14T15:55:39","guid":{"rendered":"https:\/\/it.rutgers.edu\/it-risk-policy-and-compliance\/?page_id=968"},"modified":"2025-12-04T13:29:12","modified_gmt":"2025-12-04T18:29:12","slug":"health-insurance-portability-and-accountability-act-hipaa","status":"publish","type":"page","link":"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","title":{"rendered":"Health Insurance Portability and Accountability Act (HIPAA)"},"content":{"rendered":"    <section class=\"cc--component-container cc--hero-basic bg-image  hero-basic\">\n\n<div class=\"c--component c--hero-basic\">\n                <div class=\"background-image hero-bg-image \" style=\"background-image: url(https:\/\/it.rutgers.edu\/information-security\/wp-content\/uploads\/sites\/47\/2020\/07\/national-cancer-institute-NFvdKIhxYlU-unsplash-scaled.jpg);\" aria-label=\"Image Description\">\n            <div class=\"f--image--hidden\">\n\t\t\t\t<div class=\"f--field f--image \">                <img decoding=\"async\" src=\"https:\/\/it.rutgers.edu\/information-security\/wp-content\/uploads\/sites\/47\/2020\/07\/national-cancer-institute-NFvdKIhxYlU-unsplash-scaled.jpg\" alt=\"Stethoscope and laptop\">\n\t\t\t<\/div><!-- f--field f--image -->\n            <\/div>\n        <\/div>\n\t\n<div class=\"outer-wrapper\">\n    <div class=\"inner-wrapper\">\n        <div class=\"text-container\">\n            <div class=\"text-wrapper\">\n\t\t\t\t<div class=\"f--field f--page-title \"><h1>Health Insurance Portability and Accountability Act (HIPAA)<\/h1>\n\n<\/div><!-- f--field f--page-title -->\n\t\t\t\t<div class=\"f--field f--text \"><\/div><!-- f--field f--text -->\n            <\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n\n<\/div><!-- c--component c--hero-basic -->\n\n    <\/section><!-- cc--component-container cc--section -->\n\n\n    <section class=\"cc--component-container cc--rich-text  rich-text\">\n\n<div class=\"c--component c--rich-text\">\n        \n    <div class=\"f--field f--rich-text \"><h2><strong>Overview<\/strong><\/h2>\n<p>The Health Insurance Portability &amp; Accountability Act of 1996 requires the institution to secure a patient\u2019s electronic protected health information (ePHI). This protection is provided by administrative, physical, and technical processes and controls. The OIT-Information Security Office is charged with assisting the University in achieving compliance with the HIPAA Security Rule.<\/p>\n<p>Departments involved in the electronic transmission of patient records, as well as any subcontractors, are required to be compliant with HIPAA standards which necessitates prudent security practices.<\/p>\n<p>The HIPAA Security Rule is intended to be scalable and does not require specific technologies to be used. Covered entities may elect solutions that are appropriate to their operations, provided the selected solutions are supported by a thorough security assessment and risk analysis.<\/p>\n<p>The standards for the Security Rule are grouped into five categories:<\/p>\n<ul>\n<li>Administrative safeguards<\/li>\n<li>Physical safeguards<\/li>\n<li>Technical safeguards<\/li>\n<li>Organizational standards<\/li>\n<li>Policies, procedures, and documentation requirements.<\/li>\n<\/ul>\n<h2><strong>Program<\/strong><\/h2>\n<ol>\n<li>All departments that accept, process, store, and transmit electronic protected healthcare information (ePHI) must ensure that all applicable systems and databases used to process this data undergo\u00a0<a href=\"\/information-security\/information-security-risk-management-program\/\">risk assessments<\/a>\u00a0as conducted by the Risk Management team.<\/li>\n<li><a href=\"https:\/\/uec.rutgers.edu\/\" target=\"_blank\" rel=\"noopener\">University Ethics and Compliance<\/a>\u00a0provides mandatory, annual HIPAA training for identified units and departments that process healthcare data (PHI). The Information Security Office provides supplemental training that can be requested by management for identified groups (see additional resources link below).<\/li>\n<li>University policies should be reviewed by all members of the university who access, use, transmit or otherwise process electronic protected healthcare information (ePHI).<\/li>\n<li>The Compliance team is available to consult with schools and business units to ensure adherence to all HIPAA Security Rule regulatory requirements.<\/li>\n<\/ol>\n<p>Review additional resources below for policy and training requirements.<\/p>\n<\/div><!-- f--field f--rich-text -->\n\n    <\/div><!-- c--component c--rich-text -->\n\n    <\/section><!-- cc--component-container cc--section -->\n\n\n    <section class=\"cc--component-container cc--enhanced-cards  enhanced-cards color-light-gray\">\n\n<div class=\"c--component c--enhanced-cards\">\n        \n\n\n\n\n\n    <div class=\"enhanced-cards-bg-img-container  color-light-gray\" style=\"; background-size: cover; background-repeat: no-repeat; position: relative; z-index:1;\">\n\n        <div class=\"enhanced-cards\" style=\"grid-template-columns: repeat(3, minmax(0, 1fr));\">\n\n            <div class=\"title-description\">\n                                    <h2 style=\"text-align: center;\">HIPAA support and additional resources<\/h2>\n                \n                \n            <\/div>\n\n                                            <div class=\"after-title enhanced-card box-shadow has-button color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                    \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                                                                                                                        <h3>\n                                                                            Supplemental HIPAA refresher training                                                                    <\/h3>\n                            <\/div>\n                        \n                                                                                    <div style=\"margin-bottom: 16px\">\n                                    <i style=\"color: #cc0033\" class=\"fa-classic fa-solid fa-chalkboard-user medium after-title\"><\/i>\n                                <\/div>\n                                                    \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Register staff for this supplemental training as needed.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                                                    <a class=\"button\" href=\"\/it-risk-policy-and-compliance\/information-security-training-and-awareness-program\/hipaa-training-request-form\/\" style=\"\" target=\"_self\">Supplemental HIPAA Training<\/a>\n                                    <\/div>\n                                            <div class=\"after-title enhanced-card box-shadow has-button color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                    \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                                                                                                                        <h3>\n                                                                            Policy requirements                                                                    <\/h3>\n                            <\/div>\n                        \n                                                                                    <div style=\"margin-bottom: 16px\">\n                                    <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-file-lines medium after-title\"><\/i>\n                                <\/div>\n                                                    \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Learn more about the policy&#8217;s role at Rutgers.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                                                    <a class=\"button\" href=\"https:\/\/uec.rutgers.edu\/policies\/hipaa\/\" style=\"\" target=\"_blank\">HIPAA Policy Requirements<\/a>\n                                    <\/div>\n                                            <div class=\"after-title enhanced-card box-shadow has-button color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                    \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                                                                                                                        <h3>\n                                                                            Inquiries                                                                    <\/h3>\n                            <\/div>\n                        \n                                                                                    <div style=\"margin-bottom: 16px\">\n                                    <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-question medium after-title\"><\/i>\n                                <\/div>\n                                                    \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Contact us with questions regarding the HIPAA Security Rule.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                                                    <a class=\"button\" href=\"\/information-security\/contact-infosecurity\/\" style=\"\" target=\"_self\">Contact Us<\/a>\n                                    <\/div>\n            \n            \n        <\/div>\n\n    <\/div>\n\n<\/div><!-- c--component c--enhanced-cards -->\n\n    <\/section><!-- cc--component-container cc--section -->\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":910,"featured_media":0,"parent":937,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-mini-site.php","meta":{"_acf_changed":false,"footnotes":""},"page-category":[],"class_list":["post-968","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Health Insurance Portability and Accountability Act (HIPAA) - Information Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Health Insurance Portability and Accountability Act (HIPAA) - Information Security\" \/>\n<meta property=\"og:url\" content=\"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/\" \/>\n<meta property=\"og:site_name\" content=\"Information Security\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-04T18:29:12+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/information-security-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/\",\"url\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/information-security-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/\",\"name\":\"Health Insurance Portability and Accountability Act (HIPAA) - Information Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/#website\"},\"datePublished\":\"2020-05-14T15:55:39+00:00\",\"dateModified\":\"2025-12-04T18:29:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/information-security-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/information-security-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/information-security-compliance-program\\\/health-insurance-portability-and-accountability-act-hipaa\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Information Security\",\"item\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Compliance Program\",\"item\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/information-security-compliance-program\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Health Insurance Portability and Accountability Act (HIPAA)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/#website\",\"url\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/\",\"name\":\"Information Security\",\"description\":\"A Rutgers IT Service\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/it.rutgers.edu\\\/information-security\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Health Insurance Portability and Accountability Act (HIPAA) - Information Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","og_locale":"en_US","og_type":"article","og_title":"Health Insurance Portability and Accountability Act (HIPAA) - Information Security","og_url":"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","og_site_name":"Information Security","article_modified_time":"2025-12-04T18:29:12+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","url":"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/","name":"Health Insurance Portability and Accountability Act (HIPAA) - Information Security","isPartOf":{"@id":"https:\/\/it.rutgers.edu\/information-security\/#website"},"datePublished":"2020-05-14T15:55:39+00:00","dateModified":"2025-12-04T18:29:12+00:00","breadcrumb":{"@id":"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/health-insurance-portability-and-accountability-act-hipaa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Information Security","item":"https:\/\/it.rutgers.edu\/information-security\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Compliance Program","item":"https:\/\/it.rutgers.edu\/information-security\/information-security-compliance-program\/"},{"@type":"ListItem","position":3,"name":"Health Insurance Portability and Accountability Act (HIPAA)"}]},{"@type":"WebSite","@id":"https:\/\/it.rutgers.edu\/information-security\/#website","url":"https:\/\/it.rutgers.edu\/information-security\/","name":"Information Security","description":"A Rutgers IT Service","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/it.rutgers.edu\/information-security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/pages\/968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/users\/910"}],"replies":[{"embeddable":true,"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/comments?post=968"}],"version-history":[{"count":58,"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/pages\/968\/revisions"}],"predecessor-version":[{"id":4662,"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/pages\/968\/revisions\/4662"}],"up":[{"embeddable":true,"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/pages\/937"}],"wp:attachment":[{"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/media?parent=968"}],"wp:term":[{"taxonomy":"page-category","embeddable":true,"href":"https:\/\/it.rutgers.edu\/information-security\/wp-json\/wp\/v2\/page-category?post=968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}