The privacy, security and breach notification requirements of the Federal Health Insurance Portability and Accountability Act of 1996 has had associated expansion of federal regulations in the last decade (collectively referred to as HIPAA). It applies to health information created or maintained by health care providers who engage in certain electronic transactions, health plans and health care clearinghouses.

Texas A&M Controls for Health Data Privacy and Security

The university is responsible for ensuring both HIPAA-related Electronic Protected Health Information (ePHI) and any individually identifiable health information not subject to HIPAA is secure from unauthorized disclosure. Both should be accorded the same additional information technology controls, and both will be referred to as ePHI for consistency.

To ensure technical safeguarding of ePHI remains consistent, the Division of IT will require additional controls such as: