Health Insurance Portability and Accountability Act (HIPAA) | Yale University
Safe Harbor encryption
HIPAA Security Policy & Guidelines
There is no silver bullet. In the event of a breach Yale is required to notify HHS, the patient, and in some cases, the media. The goal of these policies and guidelines is to enhance the security of our patients’ health information. These policies address the security of paper records and especially address electronic protected health information (ePHI). These policies apply to all faculty, staff, trainees and students in Yale University Covered Components (Schools Medicine (excluding the School of  Public Health, the Animal Resources Center, and the basic science departments: Cell Biology, Cellular and Molecular Physiology, Comparative Medicine, History of Medicine, Immunobiology, Microbial Pathogenesis, MolecularBiophysics & Biochemistry, Neurobiology, and Pharmacology) and Nursing, University Health Services, Department of Psychology clinics and the Group Health Plan Component) who store, access, transmit or receive ePHI. You are responsible for complying with these policies.
You must encrypt all ePHI, old and new, at rest & in transit
- Identify all ePHI
- Stored on your computer or servers
- Remember to look for temp files
- Email: Attachments and messages
- Portable storage media & devices
- Smart phones and PDAs
- Paper? Images?
- Securely remove ePHI you no longer need
- PGP secure delete; MacOS secure delete; DBAN
- Identity Finder (for numeric three-lock records)
- Encrypt what you still need and all new ePHI
- Encrypt at the File level using PGP
- Use the IronKey D200 thumb drive for portable storage
- Use the Secure File Transfer tool to transmit or receive.
- Do not transmit or receive ePHI via email except with YNHH.org
Copyright © 2011 Yale University. All rights reserved. Privacy Policy.
Health Insurance Portability and Accountability Act (HIPAA) – Contact us at hipaa@yale.edu. Site comments