HIPAA Protocols

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law which went into effect April 14, 2003. The law includes provisions designed to protect the privacy of individually identifiable patient health information.

According to the final regulations, healthcare providers, such as the University of North Texas Health System, can use and disclose protected health information (PHI) only for certain specific functions: treatment, payment, and healthcare operations purposes. For all other purposes, such as research purposes, PHI may only be used or released with the written consent of the impacted individual (authorization) or by application of a specific exception.

Certain parts or “regulated entities” within UNT, as part of their integral function, provide healthcare or health plan services and will need to use and disclose PHI on a routine basis. These regulated entities include UPHS/SOM, the Nursing Clinic LIFE, SODM, Student Health, and the employee health plan. Accordingly, specific policies and procedures have been developed and implemented for any use or disclosure of PHI by these entities.

Proposals that anticipate the use of PHI or otherwise implicate HIPAA concerns should be carefully reviewed. In such cases, faculty should identify any research proposals being submitted to GCA that do contain PHI so that these may be given special attention and handled in accordance with HIPAA regulations.