Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations (the "Privacy Rule" and the "Security Rule") govern the way certain health information is collected, maintained, used and disclosed by Stanford University, Stanford Hospitals, and their benefits plans. 

The Privacy Rule:

1. Gives individuals certain rights with respect to their health information. These rights include:
   
   
   • The right to receive a written description of our privacy practices as they relate to their individually identifiable health information.

   • The right to access their Protected Health Information (PHI) as defined by the Privacy Rule, and request corrections.

   • The right to an accounting of disclosures of their PHI outside of the Stanford Covered Entities unless the disclosure is for treatment, payment, health care operations or with the authorization by the individual.

2. Establishes security standards for individual health information.

3. Limits how organizations can use PHI.

4. Creates special requirements for use of PHI in research.

To meet the requirements of the Privacy Rule, Stanford University has adopted policies which govern the use and disclosure of PHI by its workforce. These policies are part of the University Administrative Guide Memo 23.10. Failure to comply with these policies may carry University, civil and/or criminal sanctions.  Stanford Hospitals and the various Stanford benefits plans have each adopted separate policies."

Resources

1. HIPAA
2. Privacy Rule
3. Security Rule

Back to Top