HIPAA Security Policy & Guidelines
There is no silver bullet. In the event of a breach Yale is required to notify HHS, the patient, and in some cases, the media. The goal of these policies and guidelines is to enhance the security of our patients’ health information. These policies address the security of paper records and especially address electronic protected health information (ePHI). These policies apply to all faculty, staff, trainees and students in Yale University Covered Components (Schools of Medicine (excluding the School of Public Health, the Animal Resources Center, and the basic science departments: Cell Biology, Cellular and Molecular Physiology, Comparative Medicine, History of Medicine, Immunobiology, Microbial Pathogenesis, MolecularBiophysics & Biochemistry, Neurobiology, and Pharmacology) and Nursing, University Health Services, Department of Psychology clinics and the Group Health Plan Component) who store, access, transmit or receive ePHI. You are responsible for complying with these policies.
If you are responsible for administration of an “above-threshold” system or responsible for controlling the access by other people to such a system, you need to register the system.
Register any Above–threshold ePHI systems