Administrative Guide memo 16.2 - Privacy and Security of Health Information describes Stanford University’s implementation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its regulations (the “Privacy Rule” and the “Security Rule”) governing the protection of identifiable health information by health care providers and health plans. It references the Stanford University HIPAA Manual which is available on this page.
To meet the requirements of the Privacy and Security Rules, Stanford University, Hospitals and benefit plans have adopted policies which govern the use and disclosure of PHI. Handling of PHI in research and fundraising activities have special restrictions under HIPAA, and additional policies apply to these activities.
Stanford University has created privacy and security guidelines that provide implementation specific information for some privacy and security issues. These guidelines are included with the Privacy and Security Policies.
It is important that each department in Stanford’s covered entity develop and maintain appropriate procedures to ensure that the Privacy and Security Rules are followed in their organization. Stanford has developed sample procedures to assist in this process. Template privacy procedures can be found with the Privacy Policies.