Skip to main content
  • EXECUTIVE SPONSOR(S): Dennis Schmidt, Katherine Georger
  • DEPT OR DIVISION: ITS Infrastructure & Operations
  • TECHNICAL LEAD:  Mel Radcliffe
  • STATUS: In Progress
  • Project Theme: Improving Process and Operations

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad federal law that is in part designed to provide national standards for protection of certain information related to the provision of or payment for health care. There are currently 11 HIPAA covered units outside of the School of Medicine which need to comply with the HIPAA Privacy and Security Rules. We will conduct a risk analysis to identify potential compliance gaps in the University’s information security program. Additionally, we will evaluate risks to ensure that their information systems maintain ePHI* and ensure that appropriate safeguards are in place. The results of the risk analysis will inform future decisions of security initiatives.

*electronic protected health information (ePHI) is protected health information (PHI) that is produced, saved, transferred or received in an electronic form. In the United States, ePHI management is covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

Projected end date: August 2022