University Safety and Assurances

Health Information Portability & Accountability Act (HIPAA)

What is it?
The Health Information Portability and Accountability Act (HIPAA) Privacy Rule is Federal legislation which regulates the way certain health care groups, organizations, or businesses, called covered entities handle the individually identifiable health information known as protected health information (PHI). Researchers should be aware of the Privacy Rule because it establishes the conditions under which covered entities can use or disclose PHI for many purposes, including for research. Although not all researchers will have to comply with the Privacy Rule, the manner in which the Rule protects PHI could affect certain aspects of research (for example the informed consent process).

What is PHI?
Protected health information (PHI) is individually identifiable health information that is collected for treatment, diagnosis or research purposes. There are 18 identifiers under the Privacy Rule, some of which include: names, dates, geographic locations, telephone numbers, medical record numbers, account numbers, biometric identifiers, and other unique identifying number or code.

Who does it apply to?
Visit the following link for a detail explanation:

Who do I contact to for more information on this?
Contact the UWM Office of Legal Affairs: