Protecting Patient Privacy at Washington University in St. Louis

 “HIPAA (Health Insurance Portability and Accountability Act) – is a U.S. law designed to provide privacy and security standards to protect patients’ medical records and other health information provided to health plans, billing/coding companies, doctors, hospitals, and other health care providers (known as Covered Entities).” As such, Washington University is a covered entity.

HIPAA Privacy Rule – The HIPAA Privacy Rule regulates the Use and Disclosure of individually identifiable health information and gives individuals the right to determine and restrict access to certain health information. Compliance with HIPAA’s privacy regulations became required on April 14, 2003, and is managed by the HIPAA Privacy Officer and HIPAA Privacy Office.  Noncompliance with HIPAA regulations can result in substantial penalties, both civil and criminal

HIPAA Security Rule – The HIPAA Security Rule requires that reasonable and appropriate technical, physical, and administrative safeguards be taken with electronic individually identifiable health information. Specifically, we must ensure the confidentiality, integrity, and availability of all electronic protected health information (ePHI) we create, receive, maintain or transmit. Compliance with the Security Rule became required on April 21, 2005, and is managed by the Office of Information Security and WUSM Chief Information Security Officer

HIPAA Privacy Office – The HIPAA Privacy Office is the source for any assistance Washington University workforce members need with HIPAA compliance questions. Our HIPAA Privacy Team is comprised of talented health information privacy professionals with a combined experience of over 50 years in healthcare privacy. In addition, each business unit/department has identified an individual as their HIPAA Privacy Liaison to assist with ongoing compliance with HIPAA. Please contact the HIPAA Privacy Office with questions or concerns at 314-747-4975 or

Basic Training in HIPAA – Basic training of the HIPAA Regulation is mandatory for all members of the WU workforce, including our students and volunteers, who interact with patients or who use and disclose PHI. The HIPAA Privacy Office monitors compliance with HIPAA training. We also provide ongoing in-person and/or online HIPAA refresher presentations that are available upon request.

Department of Health & Human Services – More details about HIPAA can be found from its source, the Department of Health and Human Services (HHS), Office for Civil Rights