SMPH Hipaa Security

The Security Rule of HIPAA mandates that protected health information in electronic form, or EPHI, be protected using “reasonable and appropriate” safeguards. As part of the effort to address HIPAA compliance, the School of Medicine and Public Health has developed data security policies that help provide those safeguards.

The following policies have been adopted by the School of Medicine and Public Health to ensure compliance with the HIPAA Security Rule.

The policies have been developed with the assistance of campus HIPAA compliance officers as well as data security and other IT staff within SMPH. The policies apply to all faculty, staff and students in SMPH that handle PHI in electronic form and are in addition to campus IT policies related to computer use.

Given the complex research and teaching environment in the Medical School, in some cases it may be difficult to fully comply with all policies. Note that in those situations it may be acceptable to employ alternative mitigating controls but these may only be implemented with the approval of either the SMPH HIPAA Security Coordinator or the UW-Madison HIPAA Security Officer.  If any faculty, staff or student believes they are unable to comply with any policy they must discuss this with their department IT staff or one of the HIPAA security contacts.