Compliance with HIPAA security requirements

The federal Health Insurance Portability and Accountability Act (HIPAA) requires Yale to maintain the confidentiality of electronic health information that can be linked to an individual patient (electronic Protected Health Information, or ePHl), and Yale has adopted policies to ensure that we comply with this obligation.

All ePHl is subject to strict three-lock protection in use, storage, and transmission, and all Yale employees who have access to ePHl must pass HIPAA training.

If you perform research that generates sPHI should consult the Interim Guidance on Human Subjects Research Data Security (PDF), and see the primary Yale University HIPAA site referenced below.

The Yale University HIPAA site is the best source of detailed information on Yale's HIPAA compliance policies and procedures, as well as information on HIPAA training and other HIPAA compliance topics.

Next →  FERPA data confidentiality regulations

---

Related topics

• Personal financial or Social Security information
• FERPA privacy & confidentiality
• Glossary & A-Z index

Related University Policies & Procedures

• Yale computing security & access policies & procedures
• Policy 1601 - Information Access and Security
• Policy 1610 - Systems and Network Security
• Procedure 1610 - Systems and Network Security
• Interim Guidance on Human Subjects Research Data Security [PDF]
• Who needs HIPAA security training?
• HIPAA Security training
• HIPAA Privacy training