The Health Insurance Portability and Accountability Act of 1996—commonly referred to as “HIPAA”—is a federal law imposing certain data privacy and data security requirements with respect to medical information, including the personal health information of individual persons. Colleges and universities maintain medical information related to employees and students in a host of locations, including human resources files, student records, and in the records of on-campus health and counseling centers, among others. Higher education administrators unfamiliar with the intricacies of HIPAA often believe the law imposes more obligations on colleges and universities than it actually does. This post dispels some of the most common myths relating to HIPAA and higher education.
Myth #1: HIPAA applies to all medical information we maintain as a college or university.
While HIPAA’s privacy rule does govern the privacy of protected health information (PHI), HIPAA’s privacy rule only applies to HIPAA “covered entit[ies].” As a general rule, covered entities include: (1) health plans; (2) health care clearinghouses; and (3) healthcare providers who electronically transmit health information in connection with certain electronic transactions relating to billing, payment, and/or insurance coverage. Continue Reading Top 5 Common HIPAA “Myths” That Arise In Higher Education