The federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) protects the privacy and confidentiality of an individual's health information. Known as “protected health information” or “PHI”, the health information generally cannot be used or disclosed unless the individual who is the subject of the PHI has given prior written authorization or permission.
Contact the Privacy Office for more information.
The Security Rule Fact Sheet sets standards for the security of electronic health information (ePHI). Published in 2003, it defines a series of administrative, technical, and physical security procedures for covered entities to use to ensure the confidentiality of ePHI.