Health Insurance Portability and Accountability Act (HIPAA) | Yale University
Applications
HIPAA Security Policy & Guidelines
There is no silver bullet. In the event of a breach Yale is required to notify HHS, the patient, and in some cases, the media. The goal of these policies and guidelines is to enhance the security of our patients’ health information. These policies address the security of paper records and especially address electronic protected health information (ePHI). These policies apply to all faculty, staff, trainees and students in Yale University Covered Components (Schools of Medicine (excluding the School of  Public Health, the Animal Resources Center, and the basic science departments: Cell Biology, Cellular and Molecular Physiology, Comparative Medicine, History of Medicine, Immunobiology, Microbial Pathogenesis, MolecularBiophysics & Biochemistry, Neurobiology, and Pharmacology) and Nursing, University Health Services, Department of Psychology clinics and the Group Health Plan Component) who store, access, transmit or receive ePHI. You are responsible for complying with these policies.
- Security Design Reviews (required for all new applications and recommended for existing applications)
- Adhere to OS guidelines
- Adhere to database guidelines
- Adhere to network guidelines
- Adhere to design guidelines
- Adhere to administration guidelines
If you are responsible for administration of an “above-threshold” system or responsible for controlling the access by other people to such a system, you need to register the system.
Register any Above–threshold ePHI systems
Copyright © 2011 Yale University. All rights reserved. Privacy Policy.
Health Insurance Portability and Accountability Act (HIPAA) – Contact us at hipaa@yale.edu. Site comments