department of developmental biology
DEPARTMENT OF DEVELOPMENTAL BIOLOGY
WASHINGTON UNIVERSITY SCHOOL OF MEDICINE
Campus Box 8103To: Faculty and MBP employees
From: Philippe Breton
HIPAA Security Liaison Officer for Developmental Biology
Lise Westfall
HIPAA Privacy Liaison Officer for Developmental Biology
Re: HIPAA Regulations and Our Compliance, Computer Use Policy, Workforce Access Control (University Identification Badge Policy)HIPAA
Regulations and Our Compliance
The Health Insurance Privacy and Accountability Act (HIPAA) went into effect in April, 2003. This law requires health care systems and their business partners and affiliates to manage Protected Health Information (PHI) or Electronic Protected Health Information (EPHI) in a confidential, private, and sensitive nature. HIPAA documents set strict parameters within which patient’s health information may be shared, stored, transmitted, and discarded. All these parameters are described by the Washington University HIPAA Security Policies.
Even though we are not a clinical department, there is the potential that PHI or EPHI may exist in some fashion in a research laboratory or research database. For this reason, we are required to be vigilant in monitoring our operation and to take steps to comply with the law in the event that any researcher in this department should begin receiving; storing and/or using protected health information. Vigilance can be achieved by increasing your level of awareness by reading the HIPAA Security Policies. Please be aware that the entire Washington University School of Medicine is considered a HIPAA covered entity and that HIPAA policies and regulations fully apply no matter where you might be in the complex.
At least once a year, all employees and faculty will be reminded via this notice about HIPAA. You must be aware of these policies and help ensure their compliance. Also, at least annually, each faculty member will be asked to certify whether or not any PHI exists in their operation. If your laboratory comes into possession of any such information in the meantime, please contact Philippe or Lise immediately so we can take steps to ensure that this information is protected according to the law. Penalties for non-compliance are significant.
Please review the HIPAA policies and the glossary of terms to remind you what kinds of information are protected. This information is available at
http://hipaa.wustl.edu
Computer Use Policy
Per the Washington University Computer Policy, Washington University reserves the right to log, review, or monitor any data (EPHI and non-EPHI) stored or transmitted on its information system assets.
Workforce Access Control (University Identification Badge Policy)
Per the Washington University Human Resources policy, employees are to wear their University Identification Badge at all times when performing duties on behalf of Washington University.
Department of Molecular Biology and Pharmacology’s Copyright Infringement Policy
Useful weblinks:
Summary of HIPAA Privacy Policies:
http://hipaa.wustl.edu/PrivPolicySummary.htm
Table of HIPAA Security Policies:
http://aladdin.wustl.edu/hipaa/secpol.nsf/policies?OpenView
As always, your cooperation is appreciated.