Skip to main content
CMU flags

Office of HIPAA Compliance

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that defines national standards related to its three major components, the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. 

The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other protected health information (PHI). The Rule requires appropriate safeguards to protect the privacy of PHI, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

The HIPAA Security Rule establishes national standards to protect individuals’ electronic PHI that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.

The HIPAA Breach Notification Rule requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured PHI.

As an employer, healthcare practitioner and researcher, CMU is committed to protecting its employees, patients and subjects within our community.