Protected Health Information
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the U.S. Congress. It established federal regulations that force doctors, hospitals, and other health care providers to meet some baseline standards when handling electronic protected health information (ePHI), such as medical records and medical patient accounts.
Examples
- Student visits the Health Center, fills out basic medical history form, and receives prescription from doctor. Student has the prescription filled at the Health Center pharmacy. The records created as a result of this visit and the prescription filling are subject to the privacy and security rules established under HIPAA.
Laws/Regulations/Policies
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) Pub. L. No. 104-191, 110 Stat. 1936 (1996);
- Codified at 42 U.S.C. § 300gg and 29 U.S.C § 1181 et seq. and 42 USC 1320d et seq.45 CFR 144 Purpose & Definitions
- 45 CFR 146 Requirements for Group Health Ins
- 45 CFR 160 General Adm. Requirements
- 45 CFR 162 Transaction Standards and Security Regulations
- 45 CFR 164 Security and Privacy Regulations
Additional Resources
Using Protected Health Information
The permitted (Yes), the not permitted (No), and those needing to contact I.T. (Contact I.T.) are listed in three columns in the matrix below.
Yes
- Virtru Email
- Virtru Secure Share
No
- Banner
- Bomgar
- Canvas
- Google Mail/Calendar
- Google Drive
- Google Talk/Sites/Tasks
- Google All Other Apps
- Personal Accounts
- Personal Devices
- Samanage
- Shared Drive
Contact IT
- U.achieve