Eastern Michigan University

Protected Health Information

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the U.S. Congress. It established federal regulations that force doctors, hospitals, and other health care providers to meet some baseline standards when handling electronic protected health information (ePHI), such as medical records and medical patient accounts.

Examples
  • Student visits EMU Snow Health Center, fills out basic medical history form, and receives prescription from doctor. Student has the prescription filled at the Snow Health Center pharmacy. The records created as a result of this visit and the prescription filling are subject to the privacy and security rules established under HIPAA.
 Laws/Regulations/Policies
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA) Pub. L. No. 104-191, 110 Stat. 1936 (1996);
  • Codified at 42 U.S.C. § 300gg and 29 U.S.C § 1181 et seq. and 42 USC 1320d et seq.
    • 45 CFR 144 Purpose & Definitions
    • 45 CFR 146 Requirements for Group Health Ins
    • 45 CFR 160 General Adm. Requirements
    • 45 CFR 162 Transaction Standards and Security Regulations
    • 45 CFR 164 Security and Privacy Regulations - http://www.ecfr.gov/cgi-bin/text-idx?tpl=/ecfrbrowse/Title45/45cfr164_main_02.tpl
 Additional Resources

Understanding Health Information Privacy: http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
Health Information Privacy under HIPAA: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html

 Using Protected Health Information

The permitted (Yes), the not permitted (No), and those needing to contact I.T. (Contact I.T.) are listed in three columns in the matrix below.

YES                 NO                
       CONTACT I.T.       
 
Note: Don't see what you need? Email the I.T. Security Team at it-security@emich.edu.