Protected Health Information

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the U.S. Congress. It established federal regulations that force doctors, hospitals, and other health care providers to meet some baseline standards when handling electronic protected health information (ePHI), such as medical records and medical patient accounts.

Examples

  • Student visits the Health Center, fills out basic medical history form, and receives prescription from doctor. Student has the prescription filled at the Health Center pharmacy. The records created as a result of this visit and the prescription filling are subject to the privacy and security rules established under HIPAA.

Laws/Regulations/Policies

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA) Pub. L. No. 104-191, 110 Stat. 1936 (1996);
  • Codified at 42 U.S.C. § 300gg and 29 U.S.C § 1181 et seq. and 42 USC 1320d et seq.45 CFR 144 Purpose & Definitions

Additional Resources

Using Protected Health Information

The permitted (Yes), the not permitted (No), and those needing to contact I.T. (Contact I.T.) are listed in three columns in the matrix below.

Yes

  • Virtru Email
  • Virtru Secure Share

No

  • Banner
  • Bomgar
  • Canvas
  • Google Mail/Calendar
  • Google Drive
  • Google Talk/Sites/Tasks
  • Google All Other Apps
  • Personal Accounts
  • Personal Devices
  • Samanage
  • Shared Drive

Contact IT

  • U.achieve

Skip Section Navigation