HIPAA Privacy Program

Welcome to the HIPAA Privacy Program

The University of Arizona (UA) HIPAA Privacy Program (HPP), led by the Director of the HIPAA Privacy Program, oversees all ongoing activities related to UA’s implementation of HIPAA policies and procedures and is the office primarily responsible for ensuring UA’s HIPAA compliance. The UA Director of the HIPAA Privacy Program is the Privacy Officer for designated UA departments and clinics and is responsible for developing and implementing relevant procedures, training and educational materials, and responding to privacy breaches.

HIPAA: The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the American Recovery and Reinvestment Act of 2009 (ARRA), and all regulations promulgated thereunder, regulate the protection of private health information for individuals. These rules and regulations set standards for the uses and disclosures of all protected health information (PHI) obtained from a covered entity or a business associate of a covered entity. 

Hybrid Entity Status: UA is a Hybrid Entity and has designated Health Care Components in accordance with 45 CFR § 164.105. These Health Care Components must comply with HIPAA (45 CFR Parts 160, 162 and 164) and all regulations promulgated thereunder, as may be amended from time to time. If you have questions about whether you, your department, or your program is a HIPAA covered entity, please contact the HIPAA Privacy Office to discuss.

Researchers: please note that all research studies involving PHI must obtain either an individual’s authorization to access their information, granted by the entity that maintains the PHI, or without individual authorization under limited circumstances set forth in the Privacy Rule (e.g. an IRB-approved waiver of authorization).