Office of HIPAA Compliance
Welcome
The Office of HIPAA Compliance (OHC) serves Central Michigan University (CMU) and is committed to protecting the privacy and security of CMU’s protected health information (PHI). We provide guidance, oversight, and support to ensure compliance with HIPAA regulations.
Please contact our office with any questions or concerns regarding HIPAA requirements or the protection of PHI at CMU.
Mission Statement
Our mission is to ensure Central Michigan University’s Hybrid Entity complies with the regulatory requirements established under the Health Insurance Portability and Accountability Act (HIPAA) and enforced by the Office for Civil Rights (OCR), U.S. Department of Health and Human Services.
We are committed to protecting the confidentiality, integrity, and availability of protected health information while providing ongoing education, guidance, and compliance support to the CMU workforce.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes national standards for the protection of protected health information (PHI). These standards are primarily defined through three key rules: the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other PHI. It requires appropriate safeguards to protect the privacy of PHI and sets limits and conditions on the uses and disclosures of such information without patient authorization. The Rule also provides individuals with rights over their health information, including the right to access and request amendments to their records.
The HIPAA Security Rule establishes national standards to protect electronic protected health information (ePHI) that is created, received, used, or maintained by covered entities and business associates. It requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI.
The HIPAA Breach Notification Rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI.
CMU’s Commitment
As an employer, healthcare provider, and research institution, CMU is committed to protecting the privacy and security of its employees, patients, and research participants. Through compliance oversight, workforce training, and monitoring activities, CMU works to ensure that PHI is handled appropriately and in accordance with applicable regulations.