HIPAA Best Practices


HIPAA requires covered entities to safeguard protected health information (PHI) during access, use, disclosure and storage. These safeguards are required to ensure the privacy and security of the data. Safeguards include, but are not limited to:

  • Administrative Safeguards
    • Policies
    • Procedures
    • Agreements
    • Training
  • Physical Safeguards
    • Location
    • Physical access
  • Technical Safeguards
    • Encryption
    • Firewalls
    • Technical access controls

Data access principles

  • Access data only in the conduct of university business
  • Limit access to the minimum amount of information needed to complete your task or accomplish your goal
  • Respect the confidentiality and privacy of individuals whose information you access
  • Do not access or use IU data for your own personal gain or profit or to satisfy your personal curiosity
  • Do not share IU data with third parties unless it is part of your job responsibilities and you have the appropriate permissions in compliance with IU policies