The Health Insurance Portability and Accountability Act (HIPAA) necessitated updating and standardizing our privacy and security practices to comply with the federal regulations. The HIPAA Privacy Rule came into effect in April 2003 and the Security Rule came into effect in April 2005.
The Privacy Rule regulates the use and disclosure of certain information held by "Covered Entities" and establishes regulations for the use and disclosure of Protected Health Information (PHI). The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all PHI including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). The general Security Rule is defined by three types of security safeguards required for compliance: administrative, physical, and technical.
The University of Tennessee Health Science Center campuses and clinics comprise the health care component (Covered Entity) of the University of Tennessee under HIPAA. To comply with the Act we have a Privacy Officer and a Security Officer to be responsible for our compliance efforts regarding the Privacy Rule and Security Rule, respectively.