Topics Map > UW-Madison > Records Management
Topics Map > UW-Madison > Cybersecurity > Identity and Access Management
Topics Map > UW-Madison > Cybersecurity > Education, Training and Awareness
Topics Map > UW-Madison > Cybersecurity > Privacy
Topics Map > UW-Madison > Cybersecurity > Risk Management

UW-Madison - IT - Health Insurance Portability and Accountability Act (HIPAA)

Text in italics is not part of the official text.

The Heath Insurance Portability and Accountability Act (HIPAA) applies anyone handling Protected Health Information (PHI) at UW-Madsion.


The Heath Insurance Portability and Accountability Act (HIPAA) is a Federal law that protects the privacy and security of Protected Health Information (PHI) as defined by HIPAA. Designated schools, colleges, departments and individuals at UW-Madison form the HIPAA Health Care Component (HCC). The UW-Madsion HCC is subject to the HIPAA Privacy Regulation and the HIPAA Security Regulation. Other designated units at UW-Madison are Business Associates who are also subject to the regulations. The Associate Chief Information Officer (ACISO) of the Office of Cybersecurity serves as the HIPAA Security Officer for UW-Madison.


Please see: UW-Madison's HIPAA Privacy and Security Contacts.


Please see: for further information on the UW-Madison implementation of HIPAA.

Revised:    Jan 04, 2016
Reviewed:  Mar 13, 2017
Review in: two years
Maintained by: Office of the CIO, IT Policy
Reference at:

Text in italics is not part of the official text.

Keywords:definitions index statement definition statements, administrators executives faculty it-security-staff it-staff patients researchers supervisors administration information-technology research security, cloud-services identity-management mobile-devices network personally-owned-devices records-management security cloud cybersecurity devices identity mobile networking personal personally records telecommunications, access archive business-use collection disposal monitoring retention storage transmission distribution, access-control education-and-training privacy risk-management access education awareness risk training seta rmf restricted-data hipaa-data restricted-research-data restricted hipaa fisma cioDoc ID:59277
Owner:GARY D.Group:IT Policy
Created:2016-01-02 16:44 CSTUpdated:2018-11-17 16:15 CST
Sites:IT Policy
Feedback:  2   1