What is HIPAA? HIPAA (Health Insurance Portability and
Accountability Act) is a U.S. law designed to provide privacy standards to
protect patients’ medical records and other health information provided to
health plans, billing/coding companies, doctors, hospitals and other health
care providers (known as Covered Entities).
Under this Act, the University of Colorado is considered a “hybrid” covered entity.
HIPAA impacts our campuses through usage of patient records (including shadow records), human subjects research
records, and marketing demographics that contain health information, as just a
The spirit of HIPAA is simple:
1) to secure Protected Health Information (PHI) and
2) to enforce standards for electronic transactions in healthcare.
The HIPAA Privacy Rule
regulates the use and disclosure of individually identifiable health
information and gives individuals the right to determine and restrict access to
certain health information. Compliance with HIPAA's privacy regulations became
required on April 14, 2003. There are substantial penalties, both civil and
criminal, for non-compliance.
The HIPAA Security Rule requires
that reasonable and appropriate technical, physical, and administrative
safeguards be taken with electronic individually identifiable health
information. Specifically, we must ensure the confidentiality, integrity, and
availability of all electronic protected health information (ePHI) we create, receive, maintain or transmit. Compliance with
the Security Rule became required on April 21, 2005, and is managed by the
Office of Information Technology’s IT Security and Compliance Team.
Basic training in HIPAA
regulation is mandatory for most of the UCD workforce. Employees are required to take training unless the work unit has been notified otherwise by the campus Privacy Officer.
The University’s Privacy Officer is the contact for any assistance University employees need with HIPAA compliance questions. Please contact the
HIPAA Privacy Office at 303-724-0983 or at HIPAA@UCDenver.edu.
Details on this Act can be
found at its source, the Department of Healthand Human Services (HHS), and at the Centers for Medicare & Medicaid Services.
Responsibility for HIPAA
compliance is coordinated by the Office of Regulatory Compliance under the
direction of the
Associate Vice Chancellor for Regulatory Compliance, Dr.
Alison D. Lakin, RN, LLB, LLM, PhD.