*** Content Under Review ***  

*** See www.compliance.wisc.edu/hipaa for up-to-date content. ***

The UW-Madison HIPAA Compliance Program is updating policies, forms, FAQs, and guidelines to better serve your needs.  Additionally -- we are migrating content from these pages to www.compliance.wisc.edu/hipaa; once we complete the migration, this site will retire and visitors to these pages will be re-directed to that location.  Thank you in advance for your patience! 

Please forward your website improvement suggestions to hipaa@wisc.edu.   

The University of Wisconsin-Madison is committed to protecting the privacy and security of health information, as mandated by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), and as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH").  HIPAA and HITECH establish national standards for protecting the privacy and security of health information and define specific rights for individuals with respect to their health information.  Individually identifiable health information that is created or received by a health care provider that is covered by HIPAA qualifies as protected health information ("PHI") and is subject to the rules and regulations of HIPAA.

UW-Madison's HIPAA Privacy and Security Compliance Program is overseen by two committees: the HIPAA Privacy and Security Operations Committee and the HIPAA Privacy and Security Executive Board.  The Operations Committee supports the Program by integrating all the UW-Madison units within the Health Care Component under one committee structure to ensure, facilitate and monitor HIPAA privacy and security and evaluate the quality, effectiveness, and efficiency of the Program.  The Executive Board has overall responsibility for the oversight of the Program and provides adequate resources and authority for the successful administration of the Program. 

Frequently Referenced Policies:

To see all UW-Madison's HIPAA Privacy Rule and Security Rule Policies and Procedures, click here

1.1 Designation of the UW-Madison Health Care Component (UW HCC)
1.2 Designation of the University of Wisconsin Affiliated Covered Entity (UW ACE)
3.8 Minimum Necessary Standard
5.1 De-Identification of Protected Health Information Under the HIPAA Privacy Rule
5.2 Creation of a Limited Data Set Under the HIPAA Privacy Rule
8.8 Notification and Reporting in the Case of Breach of Unsecured Protected Health Information
9.1 HIPAA Privacy and Security Training Policy
9.2 Responding to Employee Noncompliance with Policies and Procedures Relating to HIPAA



HIPAA Privacy Officer

Amanda K. Reese

4170 Health Sciences Learning Center
750 Highland Avenue
Madison, WI 53705

(608) 262-2059


HIPAA Security Officer

Stefan Wahe 

Room 2164 Computer Science & Statistics
1210 W. Dayton Street
Madison, WI 53706

(608) 265-1177


Anonymous Hotline (Anonymous Human Research Protection Hotline):

To report an IT security incident or loss of sensitive data call the DoIT Help Desk: 
608-264-HELP (4357)