HIPAA Basics

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that protects the privacy and security of a patient’s health information. The law applies to protected health information (PHI) communicated by any method-- in writing, in person, or by electronic means. Indiana University respects the privacy of all members of the IU community, our patients and students by implementing measures to protect privacy.

Indiana University is a covered entity that has chosen a hybrid status. This status means that IU is a single legal entity with components that are covered and non-covered under HIPAA. IUSD is one of IU HIPAA Affected Areas that must comply with HIPAA.

As a HIPAA Affected Area, IUSD must safeguard PHI during use, disclosure and storage. These safeguards apply to the Privacy and Security of the data and include: (For more details see Indiana University HIPAA - General Administrative Policy )

  • Administrative Safeguards (e.g. policies, procedures, and training)

  • Physical Safeguards

  • Technical Safeguards → Securing Electronic Devices (mobile, laptop, emails). (For more information on Securing Electronic devices (mobile, laptop, emails) by encryption visit

Patients’ Rights Under HIPAA:

  • Notice of Privacy Practice - How patient information may be used and how IUSD secures the data

  • Inspect and copy of PHI

  • Accounting Disclosures (Record of disclosure of PHI for other than TPO & without their permission)

  • Request to amend their record

  • File a complaint

  • Give permission to allow certain uses and disclosures

For more basic HIPAA information see the HIPAA Basics Form for quick reference materials to keep handy.

To see more regarding Indiana University’s Policies on Privacy look here