The Health Insurance Portability and Accountability Act (HIPAA), also known as the “Privacy Rule” (effective April 14, 2003), established minimum Federal standards for safeguarding the privacy of individual’s identifiable health information. The law generally prohibits health care providers such as health care practitioners, hospitals, nursing facilities and clinics from using or disclosing “protected health information” without written authorization from the individual.

“Protected Health Information” (PHI) is any identifiable health information relating to the individual’s past, present or future physical or mental health condition or payment for health care. When health information is individually identifiable and is held by a “covered entity” (under the Privacy Rule a covered entity is defined as: a health plan, a health care clearinghouse, or a health care provider who transmits health information in electronic form in connection with a transaction for which HHS has adopted a standard) it is likely to be protected health information.

HIPAA requires all faculty, staff and other USC employees, as well as students, volunteers, agents and certain other individuals who have access to patient health information through USC providers, to complete an online course on PHI.

HIPAA Resources