University Policies on Privacy and Data Security

The University of Minnesota has many policies, procedures, and standards in place to safeguard private information. The following University policies apply to the HIPAA Privacy Rule and Security Rule.

Privacy Rule

Administration and Oversight for Protection of Individual Health Information
Use and Disclosure of Individual Health Information for Research Purposes (HIPAA)
Protection of Individual Health Information by University Health Care Components
Disclosing PHI to Business Associates

Internal Access to University Information
Providing Access to University Information
Requesting Access to University Information

Developing a Plan for Operational Continuity
Developing an Operational Continuity Plan

Security Rule

Acceptable Use of Information Technology Resources
Securing Private Data, Computers, and Other Electronic Devices
Reporting and Notifying Individuals of Security Breaches 
Reporting Violations

Administration and Oversight for Protection of Individual Health Information (HIPAA)
Protection of Individual Health Information by University Health Care Components
Disclosing PHI to Business Associates

Managing University Records Retention
Disposing of University Records

Getting Access to University Buildings
Requesting Access to University Buildings

Policy – AHC Server Standards (PDF)
Policy - AHC Standards for Technical Support (PDF)

Other Related University Policies

Code of Conduct
Developing University-Wide Policy and Procedures
Comprehensive Review of Adminstrative Policies