HIPAA is a federal act aimed at allowing individuals to maintain health insurance, even when they change employment. The act is complex and involves several separate rules. Two of them that affect activities at USU are the Privacy Rule and the Security Rule. The Privacy Rule has been codified in Title 45 of the Code of Federal Regulations (CFR), Parts 60 and 64. Compliance with the rule is overseen by the Office of Civil Rights. This new regulation became effective 14 April 2003, and was developed to ensure that an individual's Protected Health Information (PHI), including information about the individual's physical or mental health, will be protected from disclosure except as permitted by the individual, or as necessary for the delivery of medical treatment to the individual. HIPAA does not replace any existing federal, state, or other law that gives individuals superior privacy protections. This regulation affects any research performed by faculty, staff or students at USU that creates and electronically transfers data, or that otherwise represents a research activity such as: clinical trials, chart reviews, epidemiological studies, behavioral and social science studies, and basic science research activities. Survey research is included among activities to which HIPAA applies.
The University is under obligation to comply with HIPAA's Privacy Rule in order to avoid criminal or civil liability, and to protect its research participants from harm.