At Indiana University, we are committed to providing quality health care which includes respecting patients’ and clinical research subjects’ rights to maintain the privacy of their health information and ensuring appropriate security of all protected health information. The standards for protecting patient health information are described in the federal law known as the Health Insurance Portability and Accountability Act (HIPAA). This website provides information and guidance on the policies and procedures related to HIPAA compliance at Indiana University. A core purpose of HIPAA is to protect the privacy and security of health information. HIPAA applies to “Covered Entities” such as health care providers and health plans.
Indiana University is a covered entity that has selected hybrid status, meaning it is a single legal entity with components that are covered and non-covered under HIPAA. Areas within IU that must comply with the rules are known as IU HIPAA Affected Areas.