Skip to main content

Office of HIPAA Compliance


The Office of HIPAA Compliance (OHC) proudly serves CMU and is committed to protecting the privacy and security of CMU's protected health information (PHI). Please contact our office to discuss any questions or concerns you may have about HIPAA or how CMU protects PHI.

Mission Statement

Our mission is to ensure compliance with the HIPAA Privacy and Security regulations for Central Michigan University and its Hybrid Entity. We strive to protect the confidentiality, integrity, and availability of protected health information, while simultaneously providing continuing education and guidance to the CMU workforce.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that defines national standards related to its three major components, the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. 

The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other PHI. The Rule requires appropriate safeguards to protect the privacy of PHI, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

The HIPAA Security Rule establishes national standards to protect individuals’ electronic PHI that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.

The HIPAA Breach Notification Rule requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured PHI.

As an employer, healthcare practitioner and researcher, CMU is committed to protecting its employees, patients and subjects within our community.