HIPAA Policies & Related Documents

Compliance Plan & Administrative Documents

The goal of the Indiana University HIPAA Privacy & Security Compliance Plan is to provide a structure that promotes understanding and compliance with the HIPAA Privacy & Security Rules, related provisions of the HITECH Act, and applicable Indiana privacy and security laws.

Below you will find links to documents that support IU's commitment to compliance with HIPAA.

Privacy Policies, Procedures and Guidance

Indiana University has developed HIPAA Privacy policies, procedures and guidance documents as required under the HIPAA Privacy Rule.

Security Policies and Standards

The HIPAA Security Rule requires IU implement Administrative, Physical and Technical Safeguards to protected electronic Protected Health Information (ePHI). IU addresses most of the requirements under the Rule through multiple University policies and standards.  PHI is considered Critical Data at IU and must be protected with the highest level of security.

The HIPAA Security Rule Procedure identifies the specific requirements under the Rule and the corresponding university policies and/or standards. The IU policies and standards identified in the procedure are listed below.