Health Information Compliance & Privacy is responsible for ensuring that individually identifiable health information is handled appropriately across the entire University. Federal laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as well as Minnesota laws require the University to manage this information in a certain way.
Health Information Compliance & Privacy provides direction and support to ensure compliance with these requirements through the development of guidelines and policies, and through training and awareness.
Announcements and News
The Department of Health and Human Services (HHS) issued revisions to some HIPAA regulations in 2013. Those revisions require vendors who may have access to PHI to enter into updated Business Associate Agreements with the University. The University has until September 2014 to ensure that all agreements with Business Associate are updated.
What is HIPAA and How Does it Impact the University?
HIPAA and its regulations are designed to protect an individual's health information (referred to as PHI), and to restrict how PHI may be used and disclosed by health care providers, health plans and those accessing PHI in order to support the providers and plans.
The University is considered a "hybrid entity" under HIPAA, which means that the entire University is not subject to HIPAA. Only the University's health plans, its health care provider services, and those that may access PHI to support the plans or health care provider services are subject to HIPAA. These areas are referred to as "health care components." The University's health care components include the UPlan, Boynton Health Service, Community-University Health Care Center, the Julia M. Davis Speech Language Hearing Center, the Medical School, The School of Nursing, the College of Pharmacy, the School of Dentistry and Dental Clinics, AHC Administrative Shared Services, AHC Centers, AHC-IS, OIT Security, OIC, OGC, Internal Audit, Office of Measurement Services and Athletic Training - TC.