HIPAA
The Health Insurance Portability and Accountability Act (HIPAA), also known as the “Privacy Rule” (effective April 14, 2003), established minimum Federal standards for safeguarding the privacy of individual’s identifiable health information. The law generally prohibits health care providers such as health care practitioners, hospitals, nursing facilities and clinics from using or disclosing “protected health information” without written authorization from the individual.
“Protected Health Information” (PHI) is any identifiable health information relating to the individual’s past, present or future physical or mental health condition or payment for health care. When health information is individually identifiable and is held by a “covered entity” (under the Privacy Rule a covered entity is defined as: a health plan, a health care clearinghouse, or a health care provider who transmits health information in electronic form in connection with a transaction for which HHS has adopted a standard) it is likely to be protected health information.
HIPAA requires all faculty, staff and other USC employees, as well as students, volunteers, agents and certain other individuals who have access to patient health information through USC providers, to complete an online course on PHI.
HIPAA Online Course (USC Office of Compliance)
HIPAA Training Certificates Archive (USC Office of Compliance)
HIPAA Privacy Rule at USC (USC Office of Compliance)
Human Subjects/HIPAA Education Memorandum
HIPAA Privacy Rule (HHS/Office for Civil Rights Webpage)
HIPAA Privacy Rule – Information for Researchers (NIH Guidance)
USC HIPAA Forms
- Form Instructions
- English HIPAA Form
- Spanish HIPAA Form
- Preparatory Research Activities
- Patient Release/HIPAA for Case Studies
For case studies that will be submitted for publication and require documentation of patient release. Case studies are not considered research.