Health Information Privacy and Security Office
What's Inside

Helpful Links
University Policy Library
AHC-Information Systems
HHS Health Information Privacy

Mission Statement

The Health Information Privacy & Compliance Office is responsible for ensuring that individually identifiable health information is handled appropriately across the entire University.  Federal laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as well as Minnesota laws require the University to manage this information in a certain way.

The Health Information Privacy & Compliance Office provides direction and support to ensure compliance with these requirements through the development of guidelines and policies, and through training and awareness.

News & Announcements

Training Update

Data privacy and security training are now in ULearn.  More information about HIPAA training can be found on the Training page.

Recent HIPAA Enforcement Actions

Click on the links below for more information about the following recent HIPAA enforcement actions, or visit our News & Announcements Page for more information.

Columbia University and New York Presbyterian Agree to $4.8 Million Settlement

Releasing Patient Information to Media in Effort to Combat Negative Press Leads to $275,000 Settlement

$750,000 Settlement Emphasizes the Importance of Risk Analysis and Device/Media Control Policies

Vulnerabilities in Internet-Based Document Sharing Application Result in $218,400 Settlement

What is HIPAA and How Does it Impact the University?

HIPAA and its regulations are designed to protect an individual's health information (referred to as PHI), and to restrict how PHI may be used and disclosed by health care providers, health plans and those accessing PHI in order to support the providers and plans.

The University is considered a "hybrid entity" under HIPAA, which means that the entire University is not subject to HIPAA.  Only the University's health plans, its health care provider services, and those that may access PHI to support the plans or health care provider services are subject to HIPAA.  These areas are referred to as "health care components."  The University's health care components include the UPlan, Boynton Health Service, UMD Health Services, Community-University Health Care Center, the Julia M. Davis Speech Language Hearing Center, the Medical School, The School of Nursing, the College of Pharmacy, the School of Dentistry and Dental Clinics, AHC Administrative Shared Services, AHC Centers, AHC-IS, OIT Security, OIC, OGC, Internal Audit, Office of Measurement Services and Athletic Training - TC.