HIPAA at the University of Wisconsin-Madison
The University of Wisconsin-Madison is committed to protecting the privacy and security of health information, as mandated by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), and as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH"). HIPAA and HITECH establish national standards for protecting the privacy and security of health information and define specific rights for individuals with respect to their health information. Individually identifiable health information that is created or received by a health care provider that is covered by HIPAA qualifies as protected health information ("PHI") and is subject to the rules and regulations of HIPAA.
UW-Madison's HIPAA Privacy and Security Compliance Program is overseen by two committees: the HIPAA Privacy and Security Operations Committee and the HIPAA Privacy and Security Executive Board. The Operations Committee supports the Program by integrating all the UW-Madison provider units within the Health Care Component under one committee structure to ensure, facilitate and monitor HIPAA privacy and security and evaluate the quality, effectiveness, and efficiency of the Program. The Executive Board has overall responsibility for the oversight of the Program and provides adequate resources and authority for the successful administration of the Program.
UW-Madison's HIPAA Privacy and Security Compliance Program continually adds to its policies and procedures, FAQs and guidelines to address our campus community's needs. Please check back often for updates!
Frequently Referenced Policies:
To see all UW-Madison's HIPAA Privacy Rule and Security Rule Policies and Procedures, click here.
1.1 Designation of the UW-Madison Health Care Component (UW HCC)
1.2 Designation of the University of Wisconsin Affiliated Covered Entity (UW ACE)
3.8 Minimum Necessary Standard
5.1 De-Identification of Protected Health Information Under the HIPAA Privacy Rule
5.2 Creation of a Limited Data Set Under the HIPAA Privacy Rule
8.8 Notification and Reporting in the Case of Breach of Unsecured Protected Health Information
9.1 HIPAA Privacy and Security Training Policy
9.2 Responding to Employee Noncompliance with Policies and Procedures Relating to HIPAA