The privacy, security and breach notification requirements of the Federal Health Insurance Portability and Accountability Act of 1996 has had associated expansion of federal regulations in the last decade (collectively referred to as HIPAA). It applies to health information created or maintained by health care providers who engage in certain electronic transactions, health plans and health care clearinghouses.

Texas A&M Controls for Health Data Privacy and Security

The university is responsible for ensuring both HIPAA-related Electronic Protected Health Information (ePHI) and any individually identifiable health information not subject to HIPAA is secure from unauthorized disclosure. Both ePHI and other personal health information should be accorded the same additional information technology controls.

To ensure technical safeguarding of ePHI remains consistent, Technology Services will require additional controls such as: