*** Content Under Review ***  

*** See www.compliance.wisc.edu/hipaa for up-to-date content. ***

The UW-Madison HIPAA Compliance Program is updating policies, forms, FAQs, and guidelines to better serve your needs.  Additionally -- we are migrating content from these pages to www.compliance.wisc.edu/hipaa; once we complete the migration, this site will retire and visitors to these pages will be re-directed to that location.  Thank you in advance for your patience! 

Please forward your website improvement suggestions to hipaa@wisc.edu.   



  • HIPAA Privacy Officer
  • HIPAA Security Officer 

Core Members:

  • Privacy and Security Coordinators 
  • Legal Counsel, Office of Legal Affairs

The Operations Committee supports the UW-Madison HIPAA Privacy and Security Compliance Program by integrating all units of the UW-Madison Health Care Component under one committee structure to ensure, facilitate and monitor HIPAA privacy and security compliance and evaluate the quality, effectiveness, and efficiency of the Program.  In this capacity, the Operations Committee is responsible for:

    1. Outlining the roles and responsibilities of Privacy and Security Coordinators.
    2. Establishing and maintaining all HIPAA privacy and security policies.
    3. Creating and maintaining all HIPAA privacy and security educational and training materials.
    4. Centralizing and maintaining all relevant policies, procedures, and training material in a user friendly website responsive to the needs of faculty, staff, students, volunteers, business associates and community partners.
    5. Enhancing consistency and cohesiveness across the UW-Madison Health Care Component.
    6. Ensuring UW faculty, staff, students, volunteers, business associates and community partners are informed, trained and educated about the standards of conduct and ethical/legal obligations as they apply to HIPAA privacy and security.
    7. Receiving and responding to audit reports of HIPAA compliance activities.
    8. Establishing and maintaining a mechanism for individuals to report non-compliance concerns or observations.
    9. Reviewing applicable cases of non-compliance, including HIPAA privacy/security breaches, evaluating or formulating associated corrective action plans, and endorsing or recommending associated disciplinary proposals.
    10. Serving as a resource to UW-Madison on matters of health information privacy and security and institutional risk.
    11. Conducting periodic risk assessments and identifying, prioritizing, implementing and evaluating process improvement initiatives to enhance the quality, effectiveness, and efficiency of the Program.
    12. Evaluating the quality, effectiveness and efficiency of the Program.
    13. Fostering a community of trust among all UW-Madison’s Health Care Component Units and affiliates (e.g., UW Health) by promoting and utilizing risk-based controls to safeguard protected health information while not unnecessarily impeding its legitimate use or disclosure critical to fulfill UW-Madison's clinical, research, education, and public service missions .