Washington University in St. Louis is committed to providing quality healthcare which includes respecting patients’ and clinical research subjects’ rights to maintain the privacy of their health information (PHI) and ensuring appropriate security of all protected health information.

The Washington University HIPAA Privacy Office works with all members of our workforce including faculty, staff, and students to help them understand their responsibilities to protect the confidentiality of our patient’s health information.

We do this through policy and procedure, training, guidance, auditing and monitoring and by fostering a culture that values and promotes privacy.

Policies and procedures

Washington University, Washington University Physicians, our affiliated clinical practices, and our employee benefit plan have adopted policies and procedures for the use and disclosure of PHI.

Training and guidance

All members of the Washington University workforce, including our students and volunteers, who interact with patients or who use and disclose PHI are required to complete HIPAA training. Classroom and online refresher courses are also available.

“HIPAA Hints” are posted throughout the medical school campus to reinforce our policies and procedures. View and download HIPAA hints »


The HIPAA Privacy Office is responsible for monitoring compliance with HIPAA. The HIPAA Privacy Office responds to and investigates concerns related to compliance with the HIPAA regulations. How to report an incident »

In addition, each department has identified an individual to act as the Privacy Liaison for the department to assist with ongoing compliance with HIPAA.